Home Explore Help
Sign In
miti
/
graphene
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[Pal] Fix memory corruption introduced by unstrusted cache PR

be9e85625ac906632d9bd338fbb900366cde99ca (https://github.com/oscarlab/graphene/pull/1320)
introduced a memory corruption in Linux-SGX/enclave_ocalls.c:113 where
__atomic_compare_exchange_n read a 64-bit value into a 32-bit variable.
Michał Kowalczyk 4 years ago
parent
b40862a59c
commit
840184ba1b
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      Pal/src/host/Linux-SGX/enclave_ocalls.c

+ 1 - 1
Pal/src/host/Linux-SGX/enclave_ocalls.c
View File 

@@ -109,7 +109,7 @@ int ocall_munmap_untrusted (const void * mem, uint64_t size)
 
 static int ocall_mmap_untrusted_cache(uint64_t size, void** mem, bool* need_munmap) {
 
     *need_munmap = false;
 
     struct untrusted_area* cache = &get_tcb_trts()->untrusted_area_cache;
 
-    int in_use = 0;
 
+    uint64_t in_use = 0;
 
     if (!__atomic_compare_exchange_n(&cache->in_use, &in_use, 1, false, __ATOMIC_RELAXED, __ATOMIC_RELAXED)) {
 
         /* AEX signal handling case: cache is in use, so make explicit mmap/munmap */
 
         int retval = ocall_mmap_untrusted(-1, 0, size, PROT_READ | PROT_WRITE, mem);