diff mbox series

[for_v22,08/11] x86/sgx: Do not free enclave resources on redundant ECREATE

Message ID 20190808001254.11926-9-sean.j.christopherson@intel.com (mailing list archive)
State New, archived
Headers show
Series x86/sgx: Bug fixes for v22 | expand

Commit Message

Sean Christopherson Aug. 8, 2019, 12:12 a.m. UTC 
Fix a bug where sgx_encl_create() incorrectly frees the enclave's SECS
and backing storage when the enclave has already been created.  Freeing
the structures leads to various forms of faults due to dereferencing
null pointers.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 arch/x86/kernel/cpu/sgx/driver/ioctl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Jarkko Sakkinen Aug. 8, 2019, 3:48 p.m. UTC | #1 
On Wed, Aug 07, 2019 at 05:12:51PM -0700, Sean Christopherson wrote:
> Fix a bug where sgx_encl_create() incorrectly frees the enclave's SECS
> and backing storage when the enclave has already been created.  Freeing
> the structures leads to various forms of faults due to dereferencing
> null pointers.
> 
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>

Good catch, thanks!

Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

/Jarkko
diff mbox series

Patch

diff --git a/arch/x86/kernel/cpu/sgx/driver/ioctl.c b/arch/x86/kernel/cpu/sgx/driver/ioctl.c
index 700d65c96b9a..18f6925ab2ed 100644
--- a/arch/x86/kernel/cpu/sgx/driver/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/driver/ioctl.c
@@ -277,7 +277,7 @@  static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
 
 	if (encl->flags & SGX_ENCL_CREATED) {
 		ret = -EFAULT;
-		goto err_out;
+		goto err_out_unlock;
 	}
 
 	ssaframesize = sgx_calc_ssaframesize(secs->miscselect, secs->xfrm);
@@ -348,6 +348,7 @@  static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
 		encl->backing = NULL;
 	}
 
+err_out_unlock:
 	mutex_unlock(&encl->lock);
 	return ret;
 }