@@ -307,8 +307,9 @@ where
307307
308308/// Copies `len` bytes of data from enclave pointer `src` to userspace `dst`
309309///
310- /// This function mitigates stale data vulnerabilities
311- /// https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
310+ /// This function mitigates stale data vulnerabilities by ensuring all writes to untrusted memory are either:
311+ /// - preceded by the VERW instruction and followed by the MFENCE; LFENCE instruction sequence
312+ /// - or are in multiples of 8 bytes, aligned to an 8-byte boundary
312313///
313314/// # Panics
314315/// This function panics if:
@@ -317,21 +318,25 @@ where
317318/// * The `dst` pointer is null
318319/// * The `src` memory range is not in enclave memory
319320/// * The `dst` memory range is not in user memory
321+ ///
322+ /// # References
323+ /// - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
324+ /// - https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#inpage-nav-3-2-2
320325pub ( crate ) unsafe fn copy_to_userspace ( src : * const u8 , dst : * mut u8 , len : usize ) {
321326 unsafe fn copy_bytewise_to_userspace ( src : * const u8 , dst : * mut u8 , len : usize ) {
322327 unsafe {
323- let seg_sel: u16 = 0 ;
328+ let mut seg_sel: u16 = 0 ;
324329 for off in 0 ..len {
325330 asm ! ( "
326331 mov %ds, ({seg_sel})
327332 verw ({seg_sel})
328333 movb {val}, ({dst})
329334 mfence
330335 lfence
331- " ,
336+ " ,
332337 val = in( reg_byte) * src. offset( off as isize ) ,
333338 dst = in( reg) dst. offset( off as isize ) ,
334- seg_sel = in( reg) & seg_sel,
339+ seg_sel = in( reg) & mut seg_sel,
335340 options( nostack, att_syntax)
336341 ) ;
337342 }
0 commit comments