-
-
Notifications
You must be signed in to change notification settings - Fork 14.9k
SGX UserRef has questionable soundness #154321
Copy link
Copy link
Open
Labels
C-bugCategory: This is a bug.Category: This is a bug.I-unsoundIssue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/SoundnessIssue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/SoundnessO-SGXTarget: SGXTarget: SGXP-mediumMedium priorityMedium priorityT-libs-apiRelevant to the library API team, which will review and decide on the PR/issue.Relevant to the library API team, which will review and decide on the PR/issue.T-opsemRelevant to the opsem teamRelevant to the opsem team
Description
Metadata
Metadata
Assignees
Labels
C-bugCategory: This is a bug.Category: This is a bug.I-unsoundIssue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/SoundnessIssue: A soundness hole (worst kind of bug), see: https://en.wikipedia.org/wiki/SoundnessO-SGXTarget: SGXTarget: SGXP-mediumMedium priorityMedium priorityT-libs-apiRelevant to the library API team, which will review and decide on the PR/issue.Relevant to the library API team, which will review and decide on the PR/issue.T-opsemRelevant to the opsem teamRelevant to the opsem team
Type
Fields
Give feedbackNo fields configured for issues without a type.
View all comments
The SGX-specific code in std defines a UserRef type at
rust/library/std/src/sys/pal/sgx/abi/usercalls/alloc.rs
Line 159 in 0312931
I'm not sure if I'm reading this correctly, but I think the doc comment is saying that users should create a
&UserRef<T>that stores an address in a different address space. And also, users should create multiple&mut UserRef<T>that alias each other. This seems questionable.cc @RalfJung