Home Explore Help
Sign In
miti
/
graphene
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[Pal/Linux-SGX] Fix check for untrusted stack

The untrusted stack value is used in two places: It's restored before
EEXIT and it's used to allocate arguments for ocalls on the untrusted
stack.

For EEXIT we don't need to check it since the processor will block
access after leaving enclave mode.

If we allocate something on the untrusted stack we need to check that
the whole region is outside the enclave not just the initial pointer.
Otherwise it might point to non-enclave memory initially but grow into
the enclave region.
Simon Gaiser 6 years ago
parent
ab423e2d1c
commit
8b2db379f6
2 changed files with 3 additions and 3 deletions
Split View Show Diff Stats
  1. 0 3
      Pal/src/host/Linux-SGX/enclave_ecalls.c
  2. 3 0
      Pal/src/host/Linux-SGX/enclave_framework.c

+ 0 - 3
Pal/src/host/Linux-SGX/enclave_ecalls.c
View File 

@@ -30,9 +30,6 @@ void handle_ecall (long ecall_index, void * ecall_args, void * exit_target,
 
         enclave_top = enclave_base_addr + GET_ENCLAVE_TLS(enclave_size);
 
     }
 
 
-    if (sgx_is_within_enclave(untrusted_stack, 0))
 
-        return;
 
-
 
     SET_ENCLAVE_TLS(exit_target, exit_target);
 
     SET_ENCLAVE_TLS(ustack_top,  untrusted_stack);
 
     SET_ENCLAVE_TLS(ustack,      untrusted_stack);

+ 3 - 0
Pal/src/host/Linux-SGX/enclave_framework.c
View File 

@@ -40,6 +40,9 @@ bool sgx_is_completely_outside_enclave(const void* addr, uint64_t size) {
 
 void * sgx_ocalloc (uint64_t size)
 
 {
 
     void * ustack = GET_ENCLAVE_TLS(ustack) - size;
 
+    if (!sgx_is_completely_outside_enclave(ustack, size)) {
 
+        return NULL;
 
+    }
 
     SET_ENCLAVE_TLS(ustack, ustack);
 
     return ustack;
 
 }