From: Reinette Chatre <reinette.chatre@intel.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: <dave.hansen@linux.intel.com>, <linux-sgx@vger.kernel.org>,
<shuah@kernel.org>, <linux-kselftest@vger.kernel.org>
Subject: Re: [PATCH V2 1/4] selftests/sgx: Fix NULL-pointer-dereference upon early test failure
Date: Tue, 22 Feb 2022 12:05:34 -0800 [thread overview]
Message-ID: <8defd54d-1263-07b8-a117-c298903cbe27@intel.com> (raw)
In-Reply-To: <YhKePZv8tsgKYGfK@iki.fi>
Hi Jarkko,
On 2/20/2022 12:02 PM, Jarkko Sakkinen wrote:
> On Tue, Feb 01, 2022 at 02:47:03PM -0800, Reinette Chatre wrote:
>> == Background ==
>>
>> The SGX selftests track parts of the enclave binaries in an array:
>> encl->segment_tbl[]. That array is dynamically allocated early
>> (but not first) in the test's lifetime. The array is referenced
>> at the end of the test in encl_delete().
>>
>> == Problem ==
>>
>> encl->segment_tbl[] can be NULL if the test fails before its
>> allocation. That leads to a NULL-pointer-dereference in encl_delete().
>> This is triggered during early failures of the selftest like if the
>> enclave binary ("test_encl.elf") is deleted.
>>
>> == Solution ==
>>
>> Ensure encl->segment_tbl[] is valid before attempting to access
>> its members. The offset with which it is accessed, encl->nr_segments,
>> is initialized before encl->segment_tbl[] and thus considered valid
>> to use after the encl->segment_tbl[] check succeeds.
>>
>> Fixes: 3200505d4de6 ("selftests/sgx: Create a heap for the test enclave")
>> Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
>> ---
>> Changes since V1:
>> - Rewrite commit message (Dave).
>>
>> tools/testing/selftests/sgx/load.c | 9 +++++----
>> 1 file changed, 5 insertions(+), 4 deletions(-)
>>
>> diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c
>> index 9d4322c946e2..006b464c8fc9 100644
>> --- a/tools/testing/selftests/sgx/load.c
>> +++ b/tools/testing/selftests/sgx/load.c
>> @@ -21,7 +21,7 @@
>>
>> void encl_delete(struct encl *encl)
>> {
>> - struct encl_segment *heap_seg = &encl->segment_tbl[encl->nr_segments - 1];
>> + struct encl_segment *heap_seg;
>>
>> if (encl->encl_base)
>> munmap((void *)encl->encl_base, encl->encl_size);
>> @@ -32,10 +32,11 @@ void encl_delete(struct encl *encl)
>> if (encl->fd)
>> close(encl->fd);
>>
>> - munmap(heap_seg->src, heap_seg->size);
>> -
>> - if (encl->segment_tbl)
>> + if (encl->segment_tbl) {
>> + heap_seg = &encl->segment_tbl[encl->nr_segments - 1];
>> + munmap(heap_seg->src, heap_seg->size);
>> free(encl->segment_tbl);
>> + }
>>
>> memset(encl, 0, sizeof(*encl));
>> }
>> --
>> 2.25.1
>>
>
>
> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
>
Thank you very much for taking a look at these patches.
V3[1] was submitted (8 February) and merged (11 February) onto x86/sgx
before I received your reviewed-by tags for V1 (15 February) or
V2 (20 February). The merged version thus does not contain your tags.
Reinette
[1] https://lore.kernel.org/linux-sgx/cover.1644355600.git.reinette.chatre@intel.com/
next prev parent reply other threads:[~2022-02-22 20:05 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-01 22:47 [PATCH V2 0/4] selftests/sgx: Early enclave loading error path fixes Reinette Chatre
2022-02-01 22:47 ` [PATCH V2 1/4] selftests/sgx: Fix NULL-pointer-dereference upon early test failure Reinette Chatre
2022-02-02 18:01 ` Shuah Khan
2022-02-02 18:52 ` Reinette Chatre
2022-02-02 18:59 ` Shuah Khan
2022-02-20 20:02 ` Jarkko Sakkinen
2022-02-22 20:05 ` Reinette Chatre [this message]
2022-02-23 15:43 ` Jarkko Sakkinen
2022-02-01 22:47 ` [PATCH V2 2/4] selftests/sgx: Do not attempt enclave build without valid enclave Reinette Chatre
2022-02-02 18:03 ` Shuah Khan
2022-02-20 19:04 ` Jarkko Sakkinen
2022-02-01 22:47 ` [PATCH V2 3/4] selftests/sgx: Ensure enclave data available during debug print Reinette Chatre
2022-02-02 18:04 ` Shuah Khan
2022-02-20 19:04 ` Jarkko Sakkinen
2022-02-01 22:47 ` [PATCH V2 4/4] selftests/sgx: Remove extra newlines in test output Reinette Chatre
2022-02-02 18:04 ` Shuah Khan
2022-02-20 19:05 ` Jarkko Sakkinen
2022-02-02 18:06 ` [PATCH V2 0/4] selftests/sgx: Early enclave loading error path fixes Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8defd54d-1263-07b8-a117-c298903cbe27@intel.com \
--to=reinette.chatre@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=jarkko@kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.