linux-sgx.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [bug report] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES
@ 2020-12-02 14:14 Dan Carpenter
  2020-12-02 16:23 ` Jarkko Sakkinen
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2020-12-02 14:14 UTC (permalink / raw)
  To: jarkko; +Cc: linux-sgx

Hello Jarkko Sakkinen,

The patch c6d26d370767: "x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES" from
Nov 13, 2020, leads to the following static checker warning:

	arch/x86/kernel/cpu/sgx/ioctl.c:466 sgx_ioc_enclave_add_pages()
	error: uninitialized symbol 'ret'.

arch/x86/kernel/cpu/sgx/ioctl.c
   413  static long sgx_ioc_enclave_add_pages(struct sgx_encl *encl, void __user *arg)
   414  {
   415          struct sgx_enclave_add_pages add_arg;
   416          struct sgx_secinfo secinfo;
   417          unsigned long c;
   418          int ret;
   419  
   420          if (!test_bit(SGX_ENCL_CREATED, &encl->flags) ||
   421              test_bit(SGX_ENCL_INITIALIZED, &encl->flags))
   422                  return -EINVAL;
   423  
   424          if (copy_from_user(&add_arg, arg, sizeof(add_arg)))
   425                  return -EFAULT;
   426  
   427          if (!IS_ALIGNED(add_arg.offset, PAGE_SIZE) ||
   428              !IS_ALIGNED(add_arg.src, PAGE_SIZE))
   429                  return -EINVAL;
   430  
   431          if (add_arg.length & (PAGE_SIZE - 1))
   432                  return -EINVAL;
   433  
   434          if (add_arg.offset + add_arg.length - PAGE_SIZE >= encl->size)
   435                  return -EINVAL;
   436  
   437          if (copy_from_user(&secinfo, (void __user *)add_arg.secinfo,
   438                             sizeof(secinfo)))
   439                  return -EFAULT;
   440  
   441          if (sgx_validate_secinfo(&secinfo))
   442                  return -EINVAL;
   443  
   444          for (c = 0 ; c < add_arg.length; c += PAGE_SIZE) {

If the user passes in an "add_arg.length" value of zero then "ret" isn't
initialized.

   445                  if (signal_pending(current)) {
   446                          if (!c)
   447                                  ret = -ERESTARTSYS;
   448  
   449                          break;
   450                  }
   451  
   452                  if (need_resched())
   453                          cond_resched();
   454  
   455                  ret = sgx_encl_add_page(encl, add_arg.src + c, add_arg.offset + c,
   456                                          &secinfo, add_arg.flags);
   457                  if (ret)
   458                          break;
   459          }
   460  
   461          add_arg.count = c;
   462  
   463          if (copy_to_user(arg, &add_arg, sizeof(add_arg)))
   464                  return -EFAULT;
   465  
   466          return ret;
                ^^^^^^^^^^

   467  }

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [bug report] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES
  2020-12-02 14:14 [bug report] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES Dan Carpenter
@ 2020-12-02 16:23 ` Jarkko Sakkinen
  0 siblings, 0 replies; 2+ messages in thread
From: Jarkko Sakkinen @ 2020-12-02 16:23 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: linux-sgx

On Wed, Dec 02, 2020 at 05:14:26PM +0300, Dan Carpenter wrote:
> Hello Jarkko Sakkinen,
> 
> The patch c6d26d370767: "x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES" from
> Nov 13, 2020, leads to the following static checker warning:
> 
> 	arch/x86/kernel/cpu/sgx/ioctl.c:466 sgx_ioc_enclave_add_pages()
> 	error: uninitialized symbol 'ret'.
> 
> arch/x86/kernel/cpu/sgx/ioctl.c
>    413  static long sgx_ioc_enclave_add_pages(struct sgx_encl *encl, void __user *arg)
>    414  {
>    415          struct sgx_enclave_add_pages add_arg;
>    416          struct sgx_secinfo secinfo;
>    417          unsigned long c;
>    418          int ret;
>    419  
>    420          if (!test_bit(SGX_ENCL_CREATED, &encl->flags) ||
>    421              test_bit(SGX_ENCL_INITIALIZED, &encl->flags))
>    422                  return -EINVAL;
>    423  
>    424          if (copy_from_user(&add_arg, arg, sizeof(add_arg)))
>    425                  return -EFAULT;
>    426  
>    427          if (!IS_ALIGNED(add_arg.offset, PAGE_SIZE) ||
>    428              !IS_ALIGNED(add_arg.src, PAGE_SIZE))
>    429                  return -EINVAL;
>    430  
>    431          if (add_arg.length & (PAGE_SIZE - 1))
>    432                  return -EINVAL;
>    433  
>    434          if (add_arg.offset + add_arg.length - PAGE_SIZE >= encl->size)
>    435                  return -EINVAL;
>    436  
>    437          if (copy_from_user(&secinfo, (void __user *)add_arg.secinfo,
>    438                             sizeof(secinfo)))
>    439                  return -EFAULT;
>    440  
>    441          if (sgx_validate_secinfo(&secinfo))
>    442                  return -EINVAL;
>    443  
>    444          for (c = 0 ; c < add_arg.length; c += PAGE_SIZE) {
> 
> If the user passes in an "add_arg.length" value of zero then "ret" isn't
> initialized.

Thanks, I submitted a fix:

https://lore.kernel.org/linux-sgx/20201202162200.88941-1-jarkko@kernel.org/

/Jarkko

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-12-02 16:24 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-02 14:14 [bug report] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES Dan Carpenter
2020-12-02 16:23 ` Jarkko Sakkinen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).