Rollup merge of #65810 - raoulstrackx:ac_mitigation, r=nagisa

SGX: Clear additional flag on enclave entry An attacker could set both the AC flag in CR0 as in rflags. This causes the enclave to perform an AEX upon a misaligned memory access, and an attacker learns some information about the internal enclave state. The AC flag in rflags is copied from userspace upon an enclave entry. Upon AEX it is copied and later restored. This patch forces the rflag.AC bit to be reset right after an enter.
rust-lang · Oct 25, 2019 · d043e95 · d043e95
2 parents 2e64a71 + 5aafa98
commit d043e95
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/libstd/sys/sgx/abi/entry.S b/src/libstd/sys/sgx/abi/entry.S
@@ -119,8 +119,14 @@ sgx_entry:
     mov %rbx,%gs:tcsls_tcs_addr
     stmxcsr %gs:tcsls_user_mxcsr
     fnstcw %gs:tcsls_user_fcw
+
 /*  reset user state */
-    cld /* x86-64 ABI requires DF to be unset at function entry/exit */
+/*    - DF flag: x86-64 ABI requires DF to be unset at function entry/exit */
+/*    - AC flag: AEX on misaligned memory accesses leaks side channel info */
+    pushfq
+    andq $~0x40400, (%rsp)
+    popfq
+
 /*  check for debug buffer pointer */
     testb  $0xff,DEBUG(%rip)
     jz .Lskip_debug_init