sgx-lkl: SGX-LKL tls area seems very small. Can cause OE to segfault on reads.

OE checks to see if SGX-LKL has changed %fs by checking for a magic number at %fs:168. Space before that is left for SGX-LKL (or any other application that cares about threading) to do whatever it needs.

When SGX-LKL changes %fs, it allocates a TLS area and then sets fs to that area. The issue is that the tls area is only 80 bytes (determined by libc.tls_size). If the tls area is allocated near the end of the heap, a read at %fs:168 will segfault.

80 is larger than SGX-LKL’s thread control block, but fairly small in terms of being used for usermode tls. It is unclear to me why this value was chosen or how SGX-LKL makes use of it’s TLS area.

I am wondering if it is possible for this area to be larger so that the OE read of the magic number is at least accessible memory. This would mean adding padding to SGX-LKL’s thread control block lthread_tcb_base. Let me know if this seems reasonable or if anyone has any concerns about doing this.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 1
  • Comments: 15 (15 by maintainers)

Most upvoted comments

It is a specific change made to support SGX-LKL. While it is in master, I’m not sure if we want to commit to that as part of the ABI. I think your proposal for an API is probably a better long-term solution.

+1
jhand2 on May 26, 2020
Read more comments on GitHub
← lsd: snap version gets "Permission denied"
sgx-lkl: StringUtils.toLowerCase will cause problem when run as jvm app →