| Message ID | 20220319163010.101686-1-jarkko@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86/sgx: Allow RW for TCS pages | expand |
Hi Jarkko, On 3/19/2022 9:30 AM, Jarkko Sakkinen wrote: > Not allowing to set RW for added TCS pages leads only to a special case > to be handled in the user space run-time. Thus, allow permissions to be > set RW. Originally, it would have probably made more sense to check up > that the permissions are RW. > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > --- > arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c > index 83df20e3e633..f79761ad0400 100644 > --- a/arch/x86/kernel/cpu/sgx/ioctl.c > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c > @@ -215,7 +215,7 @@ static int sgx_validate_secinfo(struct sgx_secinfo *secinfo) > * CPU will silently overwrite the permissions as zero, which means > * that we need to validate it ourselves. > */ > - if (pt == SGX_SECINFO_TCS && perm) > + if (pt == SGX_SECINFO_TCS && (perm != 0 || perm != (PROT_READ | PROT_WRITE))) > return -EINVAL; > > if (secinfo->flags & SGX_SECINFO_RESERVED_MASK) The comments above sgx_ioc_enclave_add_pages() seem to indicate that zero permissions are required: "A SECINFO for a TCS is required to always contain zero permissions because CPU silently zeros them. Allowing anything else would cause a mismatch in the measurement." Reinette
On Mon, Mar 28, 2022 at 01:28:39PM -0700, Reinette Chatre wrote: > Hi Jarkko, > > On 3/19/2022 9:30 AM, Jarkko Sakkinen wrote: > > Not allowing to set RW for added TCS pages leads only to a special case > > to be handled in the user space run-time. Thus, allow permissions to be > > set RW. Originally, it would have probably made more sense to check up > > that the permissions are RW. > > > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > > --- > > arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c > > index 83df20e3e633..f79761ad0400 100644 > > --- a/arch/x86/kernel/cpu/sgx/ioctl.c > > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c > > @@ -215,7 +215,7 @@ static int sgx_validate_secinfo(struct sgx_secinfo *secinfo) > > * CPU will silently overwrite the permissions as zero, which means > > * that we need to validate it ourselves. > > */ > > - if (pt == SGX_SECINFO_TCS && perm) > > + if (pt == SGX_SECINFO_TCS && (perm != 0 || perm != (PROT_READ | PROT_WRITE))) > > return -EINVAL; > > > > if (secinfo->flags & SGX_SECINFO_RESERVED_MASK) > > The comments above sgx_ioc_enclave_add_pages() seem to indicate that zero > permissions are required: > > "A SECINFO for a TCS is required to always contain zero permissions because > CPU silently zeros them. Allowing anything else would cause a mismatch in > the measurement." I think this can be left out for now but fixing the relative addressing is an obvious fix. BR, Jarkko
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index 83df20e3e633..f79761ad0400 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -215,7 +215,7 @@ static int sgx_validate_secinfo(struct sgx_secinfo *secinfo) * CPU will silently overwrite the permissions as zero, which means * that we need to validate it ourselves. */ - if (pt == SGX_SECINFO_TCS && perm) + if (pt == SGX_SECINFO_TCS && (perm != 0 || perm != (PROT_READ | PROT_WRITE))) return -EINVAL; if (secinfo->flags & SGX_SECINFO_RESERVED_MASK)
Not allowing to set RW for added TCS pages leads only to a special case to be handled in the user space run-time. Thus, allow permissions to be set RW. Originally, it would have probably made more sense to check up that the permissions are RW. Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> --- arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)