From daedb7920f48941bd8ffa1b1463b417b1641c823 Mon Sep 17 00:00:00 2001 From: Raoul Strackx Date: Wed, 17 Jun 2020 18:07:12 +0200 Subject: [PATCH 1/2] Prevent attacker from manipulating FPU tag word used in SGX enclave Insufficient sanitization of the x87 FPU tag word in the trusted enclave runtime allowed unprivileged adversaries in the containing host application to induce incoherent or unexpected results for ABI-compliant compiled enclave application code that uses the x87 FPU. Vulnerability was disclosed to us by Fritz Alder, Jo Van Bulck, David Oswald and Frank Piessens --- src/libstd/sys/sgx/abi/entry.S | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/libstd/sys/sgx/abi/entry.S b/src/libstd/sys/sgx/abi/entry.S index 2badfc973c9..0c3afa77a60 100644 --- a/src/libstd/sys/sgx/abi/entry.S +++ b/src/libstd/sys/sgx/abi/entry.S @@ -177,6 +177,13 @@ sgx_entry: jz .Lskip_debug_init mov %r10,%gs:tcsls_debug_panic_buf_ptr .Lskip_debug_init: +/* reset cpu state */ + mov %rdx, %r10 + mov $-1, %rax + mov $-1, %rdx + xrstor .Lxsave_clear(%rip) + mov %r10, %rdx + /* check if returning from usercall */ mov %gs:tcsls_last_rsp,%r11 test %r11,%r11 From 33b304c5e0a620350e0eba0ceda2aab23f3b4e6f Mon Sep 17 00:00:00 2001 From: Raoul Strackx Date: Fri, 19 Jun 2020 14:20:35 +0200 Subject: [PATCH 2/2] Using xsave restore to restore complete FPU state --- src/libstd/sys/sgx/abi/entry.S | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/src/libstd/sys/sgx/abi/entry.S b/src/libstd/sys/sgx/abi/entry.S index 0c3afa77a60..fc6ce577033 100644 --- a/src/libstd/sys/sgx/abi/entry.S +++ b/src/libstd/sys/sgx/abi/entry.S @@ -26,18 +26,10 @@ IMAGE_BASE: .Lxsave_clear: .org .+24 .Lxsave_mxcsr: - .int 0 + .short 0x1f80 /* We can store a bunch of data in the gap between MXCSR and the XSAVE header */ -/* MXCSR initialization value for ABI */ -.Lmxcsr_init: - .int 0x1f80 - -/* x87 FPU control word initialization value for ABI */ -.Lfpucw_init: - .int 0x037f - /* The following symbols point at read-only data that will be filled in by the */ /* post-linker. */ @@ -188,9 +180,6 @@ sgx_entry: mov %gs:tcsls_last_rsp,%r11 test %r11,%r11 jnz .Lusercall_ret -/* reset user state */ - ldmxcsr .Lmxcsr_init(%rip) - fldcw .Lfpucw_init(%rip) /* setup stack */ mov %gs:tcsls_tos,%rsp /* initially, RSP is not set to the correct value */ /* here. This is fixed below under "adjust stack". */