From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: linux-sgx@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Subject: [PATCH for v24 2/3] x86/sgx: Destroy enclave if EADD fails
Date: Mon, 4 Nov 2019 22:01:40 +0200
Message-ID: <20191104200141.5385-2-jarkko.sakkinen@linux.intel.com> (raw)
In-Reply-To: <20191104200141.5385-1-jarkko.sakkinen@linux.intel.com>
__sgx_encl_add_page() can only fail in the case of EPCM conflict at least
in non-artificial situations. Also, it consistent semantics in rollback is
something to pursue for. Thus, destroy enclave when the EADD fails as we do
when EEXTEND fails already.
In the cases it is sane to return -EIO. From this the caller can deduce
the failure and knows that the enclave was destroyed. The previous
-EFAULT could happen in numerous situations.
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
arch/x86/kernel/cpu/sgx/ioctl.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index d53aee5a64c1..289af607f634 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -338,7 +338,7 @@ static int __sgx_encl_add_page(struct sgx_encl *encl,
kunmap_atomic((void *)pginfo.contents);
put_page(src_page);
- return ret ? -EFAULT : 0;
+ return ret ? -EIO : 0;
}
static int __sgx_encl_extend(struct sgx_encl *encl,
@@ -353,7 +353,7 @@ static int __sgx_encl_extend(struct sgx_encl *encl,
if (ret) {
if (encls_failed(ret))
ENCLS_WARN(ret, "EEXTEND");
- return -EFAULT;
+ return -EIO;
}
}
@@ -413,8 +413,10 @@ static int sgx_encl_add_page(struct sgx_encl *encl,
ret = __sgx_encl_add_page(encl, encl_page, epc_page, secinfo,
addp->src);
- if (ret)
+ if (ret) {
+ sgx_encl_destroy(encl);
goto err_out;
+ }
/*
* Complete the "add" before doing the "extend" so that the "add"
@@ -498,10 +500,9 @@ static int sgx_encl_add_page(struct sgx_encl *encl,
*
* Return:
* 0 on success,
- * -EINVAL if any input param or the SECINFO contains invalid data,
* -EACCES if an executable source page is located in a noexec partition,
- * -ENOMEM if any memory allocation, including EPC, fails,
- * -ERESTARTSYS if a pending signal is recognized
+ * -EIO if either ENCLS[EADD] or ENCLS[EEXTEND] fails
+ * -errno otherwise
*/
static long sgx_ioc_enclave_add_pages(struct sgx_encl *encl, void __user *arg)
{
--
2.20.1
next prev parent reply index
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-04 20:01 [PATCH for v24 1/3] x86/sgx: Use GFP_KERNEL for allocations Jarkko Sakkinen
2019-11-04 20:01 ` Jarkko Sakkinen [this message]
2019-11-04 20:54 ` [PATCH for v24 2/3] x86/sgx: Destroy enclave if EADD fails Sean Christopherson
2019-11-04 22:31 ` Jarkko Sakkinen
2019-11-04 20:01 ` [PATCH for v24 3/3] x86/sgx: Remove a subordinate clause Jarkko Sakkinen
2019-11-04 21:21 ` Sean Christopherson
2019-11-04 22:36 ` Jarkko Sakkinen
2019-11-04 22:37 ` Jarkko Sakkinen
2019-11-04 20:46 ` [PATCH for v24 1/3] x86/sgx: Use GFP_KERNEL for allocations Sean Christopherson
2019-11-04 22:26 ` Jarkko Sakkinen
2019-11-05 2:17 ` Sean Christopherson
2019-11-06 21:54 ` Jarkko Sakkinen
2019-11-06 21:59 ` Jarkko Sakkinen
2019-11-06 22:02 ` Jarkko Sakkinen
Reply instructions:
You may reply publically to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191104200141.5385-2-jarkko.sakkinen@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=linux-sgx@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Linux-Sgx Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/linux-sgx/0 linux-sgx/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 linux-sgx linux-sgx/ https://lore.kernel.org/linux-sgx \
linux-sgx@vger.kernel.org
public-inbox-index linux-sgx
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-sgx
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git