Exceptions are a commodity hardware functionality which is central to
multi-tasking OSes as well as event-driven user applications. Normally, the OS
assists the user application by lifting the semantics of exceptions received
from hardware to program-friendly user signals and exception handling
interfaces. However, can exception handlers work securely in user enclaves,
such as those enabled by Intel SGX, where the OS is not trusted by the enclave
code?

In this paper, we introduce a new attack called SmashEx which exploits the
OS-enclave interface for asynchronous exceptions in SGX. It demonstrates the
importance of a fundamental property of safe atomic execution that is required
on this interface. In the absence of atomicity, we show that asynchronous
exception handling in SGX enclaves is complicated and prone to re-entrancy
vulnerabilities. Our attacks do not assume any memory errors in the enclave
code, side channels, or application-specific logic flaws. We concretely
demonstrate exploits that cause arbitrary disclosure of enclave private memory
and code-reuse (ROP) attacks in the enclave. We show reliable exploits on two
widely-used SGX runtimes, Intel SGX SDK and Microsoft Open Enclave, running
OpenSSL and cURL libraries respectively. We tested a total of 14 frameworks,
including Intel SGX SDK and Microsoft Open Enclave, 10 of which are vulnerable.
We discuss how the vulnerability manifests on both SGX1-based and SGX2-based
platforms. We present potential mitigation and long-term defenses for SmashEx.

By admin