Auto merge of #101442 - joboet:null_check_tcs, r=thomcc

Check if TCS is a null pointer on SGX The `EENTER` instruction only checks if the TCS is aligned, not if it zero. Saying the address returned is a `NonNull<u8>` (for which `Tcs` is a type alias) is unsound. As well-behaved runners will not put the TCS at address zero, so the definition of `Tcs` is correct. However, `std` should check the address before casting it to a `NonNull`. ping `@jethrogb` `@raoulstrackx` `@rustbot` label I-unsound
rust-lang · Sep 11, 2022 · 98e1f04 · 98e1f04
2 parents 59e7a30 + 2fa5808
commit 98e1f04
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/library/std/src/sys/sgx/abi/thread.rs b/library/std/src/sys/sgx/abi/thread.rs
@@ -7,7 +7,11 @@ use fortanix_sgx_abi::Tcs;
 #[unstable(feature = "sgx_platform", issue = "56975")]
 pub fn current() -> Tcs {
     extern "C" {
-        fn get_tcs_addr() -> Tcs;
+        fn get_tcs_addr() -> *mut u8;
+    }
+    let addr = unsafe { get_tcs_addr() };
+    match Tcs::new(addr) {
+        Some(tcs) => tcs,
+        None => rtabort!("TCS must not be placed at address zero (this is a linker error)"),
     }
-    unsafe { get_tcs_addr() }
 }