| Message ID | 20190827001128.25066-3-sean.j.christopherson@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86/sgx: Fix lock ordering bug w/ EADD | expand |
On Mon, Aug 26, 2019 at 05:11:26PM -0700, Sean Christopherson wrote: > Preserve any existing attributes set via ENCLAVE_SET_ATTRIBUTE when > setting the always allowed attributes during ENCLAVE_CREATE. There is > no requirement that ENCLAVE_SET_ATTRIBUTE can only be called after the > enclave is created. > > Note, this does not fix a race condition between ENCLAVE_CREATE and > ENCLAVE_SET_ATTRIBUTE, as the latter doesn't take encl->lock. This will > be addressed in a future patch. > > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Thanks! /Jarkko
On Tue, Aug 27, 2019 at 03:12:01PM +0300, Jarkko Sakkinen wrote: > On Mon, Aug 26, 2019 at 05:11:26PM -0700, Sean Christopherson wrote: > > Preserve any existing attributes set via ENCLAVE_SET_ATTRIBUTE when > > setting the always allowed attributes during ENCLAVE_CREATE. There is > > no requirement that ENCLAVE_SET_ATTRIBUTE can only be called after the > > enclave is created. > > > > Note, this does not fix a race condition between ENCLAVE_CREATE and > > ENCLAVE_SET_ATTRIBUTE, as the latter doesn't take encl->lock. This will > > be addressed in a future patch. > > > > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> > > Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> This now merged to my tree. /Jarkko
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index 7134d68aecb3..103851babc75 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -232,7 +232,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) encl->secs.encl = encl; encl->secs_attributes = secs->attributes; - encl->allowed_attributes = SGX_ATTR_ALLOWED_MASK; + encl->allowed_attributes |= SGX_ATTR_ALLOWED_MASK; encl->base = secs->base; encl->size = secs->size; encl->ssaframesize = secs->ssa_frame_size;
Preserve any existing attributes set via ENCLAVE_SET_ATTRIBUTE when setting the always allowed attributes during ENCLAVE_CREATE. There is no requirement that ENCLAVE_SET_ATTRIBUTE can only be called after the enclave is created. Note, this does not fix a race condition between ENCLAVE_CREATE and ENCLAVE_SET_ATTRIBUTE, as the latter doesn't take encl->lock. This will be addressed in a future patch. Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> --- arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)