diff options
| author | bors <bors@rust-lang.org> | 2019-04-17 07:05:39 +0000 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2019-04-17 07:05:39 +0000 |
| commit | e4e032a0ae82d7db4f99872ff98626af2941c4a5 (patch) | |
| tree | 876205f9cdce195a39e701740bda7b18b047d44f /src | |
| parent | 258e3b3a75a0da006cd492307fc46ef605e774ad (diff) | |
| parent | d0a1c2d3e0ac91849882693720cb81b5da533439 (diff) | |
| download | rust-e4e032a0ae82d7db4f99872ff98626af2941c4a5.tar.gz rust-e4e032a0ae82d7db4f99872ff98626af2941c4a5.zip | |
Auto merge of #60027 - jethrogb:jb/sgx-reentry-abort, r=cramertj
SGX target: change re-entry abort logic Even though re-entry after exit is generally not acceptable, there is a race condition where the enclave thinks it's exited but userspace doesn't know that yet. An entry during that time will currently result in an enclave panic (see https://github.com/rust-lang/rust/pull/59997#issuecomment-483846291, https://github.com/rust-lang/rust/pull/60003#issuecomment-483888170). Instead of panicking, just do a regular exit on re-entry. cc @jseyfried
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstd/sys/sgx/abi/entry.S | 14 | ||||
| -rw-r--r-- | src/libstd/sys/sgx/abi/mod.rs | 8 | ||||
| -rw-r--r-- | src/libstd/sys/sgx/abi/panic.rs | 8 |
3 files changed, 11 insertions, 19 deletions
diff --git a/src/libstd/sys/sgx/abi/entry.S b/src/libstd/sys/sgx/abi/entry.S index c03e3869aa3..c35e49b1dc6 100644 --- a/src/libstd/sys/sgx/abi/entry.S +++ b/src/libstd/sys/sgx/abi/entry.S @@ -65,10 +65,6 @@ IMAGE_BASE: /* The size in bytes of enclacve EH_FRM_HDR section */ globvar EH_FRM_HDR_SIZE 8 -.Lreentry_panic_msg: - .asciz "Re-entered aborted enclave!" -.Lreentry_panic_msg_end: - .org .Lxsave_clear+512 .Lxsave_header: .int 0, 0 /* XSTATE_BV */ @@ -210,10 +206,8 @@ sgx_entry: /* end sgx_entry */ .Lreentry_panic: - lea .Lreentry_panic_msg(%rip),%rdi - mov $.Lreentry_panic_msg_end-.Lreentry_panic_msg,%esi orq $8,%rsp - jmp panic_msg + jmp abort_reentry /* This *MUST* be called with 6 parameters, otherwise register information */ /* might leak! */ @@ -279,10 +273,8 @@ usercall: /* The following functions need to be defined externally: ``` -// Called by entry code when it needs to panic -extern "C" fn panic_msg(msg: &'static str) -> ! { - panic!(msg) -} +// Called by entry code on re-entry after exit +extern "C" fn abort_reentry() -> !; // Called once when a TCS is first entered extern "C" fn tcs_init(secondary: bool); diff --git a/src/libstd/sys/sgx/abi/mod.rs b/src/libstd/sys/sgx/abi/mod.rs index 1f433e25ee1..0f107de83f0 100644 --- a/src/libstd/sys/sgx/abi/mod.rs +++ b/src/libstd/sys/sgx/abi/mod.rs @@ -29,7 +29,7 @@ unsafe extern "C" fn tcs_init(secondary: bool) { static RELOC_STATE: AtomicUsize = AtomicUsize::new(UNINIT); if secondary && RELOC_STATE.load(Ordering::Relaxed) != DONE { - panic::panic_msg("Entered secondary TCS before main TCS!") + rtabort!("Entered secondary TCS before main TCS!") } // Try to atomically swap UNINIT with BUSY. The returned state can be: @@ -92,3 +92,9 @@ pub(super) fn exit_with_code(code: isize) -> ! { } usercalls::exit(code != 0); } + +#[cfg(not(test))] +#[no_mangle] +extern "C" fn abort_reentry() -> ! { + usercalls::exit(false) +} diff --git a/src/libstd/sys/sgx/abi/panic.rs b/src/libstd/sys/sgx/abi/panic.rs index de86394b4b8..2401476716f 100644 --- a/src/libstd/sys/sgx/abi/panic.rs +++ b/src/libstd/sys/sgx/abi/panic.rs @@ -1,4 +1,4 @@ -use super::usercalls::{alloc::UserRef, self}; +use super::usercalls::alloc::UserRef; use crate::cmp; use crate::io::{self, Write}; use crate::mem; @@ -48,9 +48,3 @@ impl Write for SgxPanicOutput { Ok(()) } } - -#[cfg_attr(not(test), no_mangle)] -pub extern "C" fn panic_msg(msg: &str) -> ! { - let _ = SgxPanicOutput::new().map(|mut out| out.write(msg.as_bytes())); - usercalls::exit(true) -} |