Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix MXCSR configuration dependent timing #111139

Conversation

raoulstrackx
Copy link
Contributor

@raoulstrackx raoulstrackx commented May 3, 2023

Dependent on the (potentially secret) data some vector instructions operate on, and the content in MXCSR, instruction retirement may be delayed by one cycle. This is a potential side channel.

This PR fixes this vulnerability for the x86_64-fortanix-unknown-sgx platform by loading MXCSR with 0x1fbf through an xrstor instruction when the enclave is entered and executing an lfence immediately after. Other changes of the MXCSR happen only when the enclave is about to be exited and no vector instructions will be executed before it will actually do so. Users of EDP who change the MXCSR and do wish to defend against this side channel, will need to implement the software mitigation described here.

cc: @jethrogb @monokles

Some data-independent timing vector instructions may have subtle data-dependent
timing due to MXCSR configuration; dependent on (potentially secret) data
instruction retirement may be delayed by one cycle.
@rustbot
Copy link
Collaborator

rustbot commented May 3, 2023

r? @thomcc

(rustbot has picked a reviewer for you, use r? to override)

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels May 3, 2023
@rustbot
Copy link
Collaborator

rustbot commented May 3, 2023

Hey! It looks like you've submitted a new PR for the library teams!

If this PR contains changes to any rust-lang/rust public library APIs then please comment with @rustbot label +T-libs-api -T-libs to tag it appropriately. If this PR contains changes to any unstable APIs please edit the PR description to add a link to the relevant API Change Proposal or create one if you haven't already. If you're unsure where your change falls no worries, just leave it as is and the reviewer will take a look and make a decision to forward on if necessary.

Examples of T-libs-api changes:

  • Stabilizing library features
  • Introducing insta-stable changes such as new implementations of existing stable traits on existing stable types
  • Introducing new or changing existing unstable library APIs (excluding permanently unstable features / features without a tracking issue)
  • Changing public documentation in ways that create new stability guarantees
  • Changing observable runtime behavior of library APIs

@jethrogb
Copy link
Contributor

jethrogb commented May 3, 2023

LGTM

@thomcc
Copy link
Member

thomcc commented May 5, 2023

@bors r+

@bors
Copy link
Contributor

bors commented May 5, 2023

📌 Commit 97eab4d has been approved by thomcc

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels May 5, 2023
bors added a commit to rust-lang-ci/rust that referenced this pull request May 6, 2023
Rollup of 8 pull requests

Successful merges:

 - rust-lang#109677 (Stabilize raw-dylib, link_ordinal, import_name_type and -Cdlltool)
 - rust-lang#110780 (rustdoc-search: add slices and arrays to index)
 - rust-lang#110830 (Add FreeBSD cpuset support to `std::thread::available_concurrency`)
 - rust-lang#111139 (Fix MXCSR configuration dependent timing)
 - rust-lang#111239 (Remove unnecessary attribute from a diagnostic)
 - rust-lang#111246 (forbid escaping bound vars in combine)
 - rust-lang#111251 (Issue 109502 follow up, remove unnecessary Vec::new() from compile_test())
 - rust-lang#111261 (Mark `ErrorGuaranteed` constructor as deprecated so people don't use it)

Failed merges:

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit ea1a0d7 into rust-lang:master May 6, 2023
@rustbot rustbot added this to the 1.71.0 milestone May 6, 2023
@workingjubilee workingjubilee added the O-SGX Target: SGX label Jul 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
O-SGX Target: SGX S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs Relevant to the library team, which will review and decide on the PR/issue.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants