- 
                Notifications
    You must be signed in to change notification settings 
- Fork 13.9k
Prevent attacker from manipulating FPU tag word used in SGX enclave #73471
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Insufficient sanitization of the x87 FPU tag word in the trusted enclave runtime allowed unprivileged adversaries in the containing host application to induce incoherent or unexpected results for ABI-compliant compiled enclave application code that uses the x87 FPU. Vulnerability was disclosed to us by Fritz Alder, Jo Van Bulck, David Oswald and Frank Piessens
| (rust_highfive has picked a reviewer for you, use r? to override) | 
| These lines can be deleted now, I think? | 
| Those two lines (and mistakenly the two labels/values they refer to) were exactly the ones I was looking at before. I shouldn't have let you convinced me they were needed. :) Let me check again. | 
| I thought you were talking about rust/src/libstd/sys/sgx/abi/entry.S Lines 321 to 322 in daedb79 
 | 
| Yes I mixed the two up. | 
| @bors delegate=jethrogb | 
| ✌️ @jethrogb can now approve this pull request | 
f161624    to
    33b304c      
    Compare
  
    | @bors r+ rollup | 
| 📌 Commit 33b304c has been approved by  | 
…jethrogb Prevent attacker from manipulating FPU tag word used in SGX enclave Insufficient sanitization of the x87 FPU tag word in the trusted enclave runtime allowed unprivileged adversaries in the containing host application to induce incoherent or unexpected results for ABI-compliant compiled enclave application code that uses the x87 FPU. Vulnerability was disclosed to us by Fritz Alder, Jo Van Bulck, David Oswald and Frank Piessens cc: @jethrogb
…jethrogb Prevent attacker from manipulating FPU tag word used in SGX enclave Insufficient sanitization of the x87 FPU tag word in the trusted enclave runtime allowed unprivileged adversaries in the containing host application to induce incoherent or unexpected results for ABI-compliant compiled enclave application code that uses the x87 FPU. Vulnerability was disclosed to us by Fritz Alder, Jo Van Bulck, David Oswald and Frank Piessens cc: @jethrogb
…jethrogb Prevent attacker from manipulating FPU tag word used in SGX enclave Insufficient sanitization of the x87 FPU tag word in the trusted enclave runtime allowed unprivileged adversaries in the containing host application to induce incoherent or unexpected results for ABI-compliant compiled enclave application code that uses the x87 FPU. Vulnerability was disclosed to us by Fritz Alder, Jo Van Bulck, David Oswald and Frank Piessens cc: @jethrogb
Rollup of 9 pull requests Successful merges: - rust-lang#72600 (Properly encode AnonConst into crate metadata) - rust-lang#73055 (remove leftover mentions of `skol` and `int` from the compiler) - rust-lang#73058 (Support sanitizers on aarch64-unknown-linux-gnu) - rust-lang#73171 (RISC-V Emulated Testing) - rust-lang#73404 (Update CFGuard syntax) - rust-lang#73444 (ci: disable alt build during try builds) - rust-lang#73471 (Prevent attacker from manipulating FPU tag word used in SGX enclave) - rust-lang#73539 (Deprecate `Vec::remove_item`) - rust-lang#73543 (Clean up E0695 explanation) Failed merges: r? @ghost
| ☔ The latest upstream changes (presumably #73550) made this pull request unmergeable. Please resolve the merge conflicts. | 
Insufficient sanitization of the x87 FPU tag word in the trusted enclave runtime allowed unprivileged adversaries in the containing host application to induce incoherent or unexpected results for ABI-compliant compiled enclave application code that uses the x87 FPU.
Vulnerability was disclosed to us by Fritz Alder, Jo Van Bulck, David Oswald and Frank Piessens
cc: @jethrogb