Prevent attacker from manipulating FPU tag word used in SGX enclave #73471
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Insufficient sanitization of the x87 FPU tag word in the trusted enclave runtime allowed unprivileged adversaries in the containing host application to induce incoherent or unexpected results for ABI-compliant compiled enclave application code that uses the x87 FPU. Vulnerability was disclosed to us by Fritz Alder, Jo Van Bulck, David Oswald and Frank Piessens
|
(rust_highfive has picked a reviewer for you, use r? to override) |
rust-highfive
added
the
S-waiting-on-review
|
These lines can be deleted now, I think? https://github.com/rust-lang/rust/pull/73471/files#diff-e36fb308beaa14873467f172667231fbR191-R193 |
|
Those two lines (and mistakenly the two labels/values they refer to) were exactly the ones I was looking at before. I shouldn't have let you convinced me they were needed. :) Let me check again. |
|
I thought you were talking about rust/src/libstd/sys/sgx/abi/entry.S Lines 321 to 322 in daedb79 |
|
Yes I mixed the two up. |
|
@bors delegate=jethrogb |
|
✌️ @jethrogb can now approve this pull request |
dtolnay
added
the
T-libs
jethrogb
reviewed
Jun 19, 2020
jethrogb
reviewed
Jun 19, 2020
jethrogb
reviewed
Jun 19, 2020
raoulstrackx
force-pushed
the
raoul/fpu_tag_word
branch
from
f161624
to
33b304c
Compare
|
@bors r+ rollup |
|
📌 Commit 33b304c has been approved by |
bors
added
S-waiting-on-bors
Manishearth
added a commit
to Manishearth/rust
that referenced
this pull request
Jun 20, 2020
…jethrogb Prevent attacker from manipulating FPU tag word used in SGX enclave Insufficient sanitization of the x87 FPU tag word in the trusted enclave runtime allowed unprivileged adversaries in the containing host application to induce incoherent or unexpected results for ABI-compliant compiled enclave application code that uses the x87 FPU. Vulnerability was disclosed to us by Fritz Alder, Jo Van Bulck, David Oswald and Frank Piessens cc: @jethrogb
RalfJung
added a commit
to RalfJung/rust
that referenced
this pull request
Jun 20, 2020
…jethrogb Prevent attacker from manipulating FPU tag word used in SGX enclave Insufficient sanitization of the x87 FPU tag word in the trusted enclave runtime allowed unprivileged adversaries in the containing host application to induce incoherent or unexpected results for ABI-compliant compiled enclave application code that uses the x87 FPU. Vulnerability was disclosed to us by Fritz Alder, Jo Van Bulck, David Oswald and Frank Piessens cc: @jethrogb
RalfJung
added a commit
to RalfJung/rust
that referenced
this pull request
Jun 20, 2020
…jethrogb Prevent attacker from manipulating FPU tag word used in SGX enclave Insufficient sanitization of the x87 FPU tag word in the trusted enclave runtime allowed unprivileged adversaries in the containing host application to induce incoherent or unexpected results for ABI-compliant compiled enclave application code that uses the x87 FPU. Vulnerability was disclosed to us by Fritz Alder, Jo Van Bulck, David Oswald and Frank Piessens cc: @jethrogb
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Jun 20, 2020
Rollup of 9 pull requests Successful merges: - rust-lang#72600 (Properly encode AnonConst into crate metadata) - rust-lang#73055 (remove leftover mentions of `skol` and `int` from the compiler) - rust-lang#73058 (Support sanitizers on aarch64-unknown-linux-gnu) - rust-lang#73171 (RISC-V Emulated Testing) - rust-lang#73404 (Update CFGuard syntax) - rust-lang#73444 (ci: disable alt build during try builds) - rust-lang#73471 (Prevent attacker from manipulating FPU tag word used in SGX enclave) - rust-lang#73539 (Deprecate `Vec::remove_item`) - rust-lang#73543 (Clean up E0695 explanation) Failed merges: r? @ghost
|
☔ The latest upstream changes (presumably #73550) made this pull request unmergeable. Please resolve the merge conflicts. |
bors
added
S-waiting-on-author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Insufficient sanitization of the x87 FPU tag word in the trusted enclave runtime allowed unprivileged adversaries in the containing host application to induce incoherent or unexpected results for ABI-compliant compiled enclave application code that uses the x87 FPU.
Vulnerability was disclosed to us by Fritz Alder, Jo Van Bulck, David Oswald and Frank Piessens
cc: @jethrogb