Skip to content

Commit

Permalink
Rollup merge of #65810 - raoulstrackx:ac_mitigation, r=nagisa
Browse files Browse the repository at this point in the history
SGX: Clear additional flag on enclave entry

An attacker could set both the AC flag in CR0 as in rflags. This causes the enclave to perform an AEX upon a misaligned memory access, and an attacker learns some information about the internal enclave state.
The AC flag in rflags is copied from userspace upon an enclave entry. Upon AEX it is copied and later restored. This patch forces the rflag.AC bit to be reset right after an enter.
  • Loading branch information
JohnTitor authored Oct 25, 2019
2 parents f0c58e9 + 5aafa98 commit d40c6af
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion src/libstd/sys/sgx/abi/entry.S
Original file line number Diff line number Diff line change
Expand Up @@ -119,8 +119,14 @@ sgx_entry:
mov %rbx,%gs:tcsls_tcs_addr
stmxcsr %gs:tcsls_user_mxcsr
fnstcw %gs:tcsls_user_fcw

/* reset user state */
cld /* x86-64 ABI requires DF to be unset at function entry/exit */
/* - DF flag: x86-64 ABI requires DF to be unset at function entry/exit */
/* - AC flag: AEX on misaligned memory accesses leaks side channel info */
pushfq
andq $~0x40400, (%rsp)
popfq

/* check for debug buffer pointer */
testb $0xff,DEBUG(%rip)
jz .Lskip_debug_init
Expand Down

0 comments on commit d40c6af

Please sign in to comment.