From patchwork Thu Aug 8 00:12:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 11083005 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DE82C1709 for ; Thu, 8 Aug 2019 00:13:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CFEFC28AD6 for ; Thu, 8 Aug 2019 00:13:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C447228AD7; Thu, 8 Aug 2019 00:13:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 64DB728AD6 for ; Thu, 8 Aug 2019 00:13:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730462AbfHHANA (ORCPT ); Wed, 7 Aug 2019 20:13:00 -0400 Received: from mga09.intel.com ([134.134.136.24]:51242 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730038AbfHHANA (ORCPT ); Wed, 7 Aug 2019 20:13:00 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Aug 2019 17:12:58 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,358,1559545200"; d="scan'208";a="165519362" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by orsmga007.jf.intel.com with ESMTP; 07 Aug 2019 17:12:58 -0700 From: Sean Christopherson To: Jarkko Sakkinen Cc: linux-sgx@vger.kernel.org, Shay Katz-zamir , Serge Ayoun Subject: [PATCH for_v22 07/11] x86/sgx: Check that enclave is created at beginning of EADD/EINIT ioctl Date: Wed, 7 Aug 2019 17:12:50 -0700 Message-Id: <20190808001254.11926-8-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190808001254.11926-1-sean.j.christopherson@intel.com> References: <20190808001254.11926-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sgx@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Move the EADD/EINIT checks on SGX_ENCL_CREATED to the very beginning of the ioctl() flows. Deferring the check until the core code is fragile as all code leading up to that point must be careful that it only uses members of @encl that are initialized at allocation time. For example, the flush_work() call in sgx_encl_init() will crash if the enclave has not been created. Note, there is no need to take encl->lock to check SGX_ENCL_CREATED so long as SGX_ENCL_CREATED is set only after the enclave is fully initialized, it's not the kernel's responsibility to guard against sgx_encl_create() racing with EADD/EINIT. Add a comment to highlight the dependency. Signed-off-by: Sean Christopherson Acked-by: Jarkko Sakkinen --- arch/x86/kernel/cpu/sgx/driver/ioctl.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/driver/ioctl.c b/arch/x86/kernel/cpu/sgx/driver/ioctl.c index 6a580361e20e..700d65c96b9a 100644 --- a/arch/x86/kernel/cpu/sgx/driver/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/driver/ioctl.c @@ -326,6 +326,12 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) encl->base = secs->base; encl->size = secs->size; encl->ssaframesize = secs->ssa_frame_size; + + /* + * Set SGX_ENCL_CREATED only after the enclave is fully prepped. This + * allows other flows to check if the enclave has been created without + * taking encl->lock. + */ encl->flags |= SGX_ENCL_CREATED; mutex_unlock(&encl->lock); @@ -516,8 +522,7 @@ static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long addr, mutex_lock(&encl->lock); - if (!(encl->flags & SGX_ENCL_CREATED) || - (encl->flags & (SGX_ENCL_INITIALIZED | SGX_ENCL_DEAD))) { + if (encl->flags & (SGX_ENCL_INITIALIZED | SGX_ENCL_DEAD)) { ret = -EFAULT; goto out; } @@ -597,6 +602,9 @@ static long sgx_ioc_enclave_add_page(struct file *filep, void __user *arg) void *data; int ret; + if (!(encl->flags & SGX_ENCL_CREATED)) + return -EINVAL; + if (copy_from_user(&addp, arg, sizeof(addp))) return -EFAULT; @@ -685,8 +693,7 @@ static int sgx_encl_init(struct sgx_encl *encl, struct sgx_sigstruct *sigstruct, mutex_lock(&encl->lock); - if (!(encl->flags & SGX_ENCL_CREATED) || - (encl->flags & (SGX_ENCL_INITIALIZED | SGX_ENCL_DEAD))) { + if (encl->flags & (SGX_ENCL_INITIALIZED | SGX_ENCL_DEAD)) { ret = -EFAULT; goto err_out; } @@ -753,6 +760,9 @@ static long sgx_ioc_enclave_init(struct file *filep, void __user *arg) struct page *initp_page; int ret; + if (!(encl->flags & SGX_ENCL_CREATED)) + return -EINVAL; + if (copy_from_user(&einit, arg, sizeof(einit))) return -EFAULT;