diff options
| author | Raoul Strackx <raoul.strackx@fortanix.com> | 2020-02-07 10:37:53 +0100 |
|---|---|---|
| committer | Jethro Beekman <jethro@fortanix.com> | 2020-02-10 20:57:25 +0100 |
| commit | aeedc9dea9e0460488e0b6ce7fe3aaf50395774c (patch) | |
| tree | fedca560ea5b6f03e8d928f5c2e3476219f790db /src/libstd/sys | |
| parent | e6ec0d125eba4074122b187032474b4174fb9d31 (diff) | |
| download | rust-aeedc9dea9e0460488e0b6ce7fe3aaf50395774c.tar.gz rust-aeedc9dea9e0460488e0b6ce7fe3aaf50395774c.zip | |
Corrected ac_mitigation patch. That patch used the untrusted stack to clear rflags during enclave (re-)entry
Diffstat (limited to 'src/libstd/sys')
| -rw-r--r-- | src/libstd/sys/sgx/abi/entry.S | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/src/libstd/sys/sgx/abi/entry.S b/src/libstd/sys/sgx/abi/entry.S index a3e059e8131..7c273a8a83d 100644 --- a/src/libstd/sys/sgx/abi/entry.S +++ b/src/libstd/sys/sgx/abi/entry.S @@ -134,6 +134,17 @@ elf_entry: ud2 /* should not be reached */ /* end elf_entry */ +/* This code needs to be called *after* the enclave stack has been setup. */ +/* There are 3 places where this needs to happen, so this is put in a macro. */ +.macro sanitize_rflags +/* Sanitize rflags received from user */ +/* - DF flag: x86-64 ABI requires DF to be unset at function entry/exit */ +/* - AC flag: AEX on misaligned memory accesses leaks side channel info */ + pushfq + andq $~0x40400, (%rsp) + popfq +.endm + .text .global sgx_entry .type sgx_entry,function @@ -150,13 +161,6 @@ sgx_entry: stmxcsr %gs:tcsls_user_mxcsr fnstcw %gs:tcsls_user_fcw -/* reset user state */ -/* - DF flag: x86-64 ABI requires DF to be unset at function entry/exit */ -/* - AC flag: AEX on misaligned memory accesses leaks side channel info */ - pushfq - andq $~0x40400, (%rsp) - popfq - /* check for debug buffer pointer */ testb $0xff,DEBUG(%rip) jz .Lskip_debug_init @@ -179,6 +183,7 @@ sgx_entry: lea IMAGE_BASE(%rip),%rax add %rax,%rsp mov %rsp,%gs:tcsls_tos + sanitize_rflags /* call tcs_init */ /* store caller-saved registers in callee-saved registers */ mov %rdi,%rbx @@ -194,7 +199,10 @@ sgx_entry: mov %r13,%rdx mov %r14,%r8 mov %r15,%r9 + jmp .Lafter_init .Lskip_init: + sanitize_rflags +.Lafter_init: /* call into main entry point */ load_tcsls_flag_secondary_bool cx /* RCX = entry() argument: secondary: bool */ call entry /* RDI, RSI, RDX, R8, R9 passed in from userspace */ @@ -292,6 +300,7 @@ usercall: movq $0,%gs:tcsls_last_rsp /* restore callee-saved state, cf. "save" above */ mov %r11,%rsp + sanitize_rflags ldmxcsr (%rsp) fldcw 4(%rsp) add $8, %rsp |