diff options
| author | Raoul Strackx <raoul.strackx@fortanix.com> | 2022-06-22 13:47:32 +0200 |
|---|---|---|
| committer | Mark Rousskov <mark.simulacrum@gmail.com> | 2022-07-15 17:48:27 -0400 |
| commit | f835f9cfda1f30bb3ccb104a26f8ed6354effc43 (patch) | |
| tree | bbc6f9067b3aa91d76da68607017cbfabe9c0efa | |
| parent | c1e8e4dbb4a7542f7617b5442179269ec843405e (diff) | |
| download | rust-f835f9cfda1f30bb3ccb104a26f8ed6354effc43.tar.gz rust-f835f9cfda1f30bb3ccb104a26f8ed6354effc43.zip | |
Address reviewer comments
| -rw-r--r-- | library/std/src/sys/sgx/abi/usercalls/alloc.rs | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/library/std/src/sys/sgx/abi/usercalls/alloc.rs b/library/std/src/sys/sgx/abi/usercalls/alloc.rs index 4ac27e85f8b..ea24fedd0eb 100644 --- a/library/std/src/sys/sgx/abi/usercalls/alloc.rs +++ b/library/std/src/sys/sgx/abi/usercalls/alloc.rs @@ -307,8 +307,9 @@ where /// Copies `len` bytes of data from enclave pointer `src` to userspace `dst` /// -/// This function mitigates stale data vulnerabilities -/// https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html +/// This function mitigates stale data vulnerabilities by ensuring all writes to untrusted memory are either: +/// - preceded by the VERW instruction and followed by the MFENCE; LFENCE instruction sequence +/// - or are in multiples of 8 bytes, aligned to an 8-byte boundary /// /// # Panics /// This function panics if: @@ -317,10 +318,14 @@ where /// * The `dst` pointer is null /// * The `src` memory range is not in enclave memory /// * The `dst` memory range is not in user memory +/// +/// # References +/// - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html +/// - https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2 pub(crate) unsafe fn copy_to_userspace(src: *const u8, dst: *mut u8, len: usize) { unsafe fn copy_bytewise_to_userspace(src: *const u8, dst: *mut u8, len: usize) { unsafe { - let seg_sel: u16 = 0; + let mut seg_sel: u16 = 0; for off in 0..len { asm!(" mov %ds, ({seg_sel}) @@ -328,10 +333,10 @@ pub(crate) unsafe fn copy_to_userspace(src: *const u8, dst: *mut u8, len: usize) movb {val}, ({dst}) mfence lfence - ", + ", val = in(reg_byte) *src.offset(off as isize), dst = in(reg) dst.offset(off as isize), - seg_sel = in(reg) &seg_sel, + seg_sel = in(reg) &mut seg_sel, options(nostack, att_syntax) ); } |