gramineproject / graphene

Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support
https://grapheneproject.io
GNU Lesser General Public License v3.0
771 stars 261 forks source link

[Pal/SGX] Sanitize `ocall_gettime` return value #2554

Closed boryspoplawski closed 3 years ago

boryspoplawski commented 3 years ago

Description of the changes

Now on each ocall_gettime we compare the returned value with the one returned in a previous call and bail out if it's smaller.


This change is Reviewable

dimakuv commented 3 years ago

Jenkins, retest Jenkins-SGX-20.04 please (test_022_poll_closed_fd failed with read error: Permission denied, unrelated)