From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Matthew Wilcox <willy@infradead.org>
Cc: x86@kernel.org, linux-sgx@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, linux-mm@kvack.org,
Andrew Morton <akpm@linux-foundation.org>,
Jethro Beekman <jethro@fortanix.com>,
Haitao Huang <haitao.huang@linux.intel.com>,
Chunyang Hui <sanqian.hcy@antfin.com>,
Jordan Hand <jorhand@linux.microsoft.com>,
Nathaniel McCallum <npmccallum@redhat.com>,
Seth Moore <sethmo@google.com>,
Darren Kenny <darren.kenny@oracle.com>,
Sean Christopherson <sean.j.christopherson@intel.com>,
Suresh Siddha <suresh.b.siddha@intel.com>,
andriy.shevchenko@linux.intel.com, asapek@google.com,
bp@alien8.de, cedric.xing@intel.com, chenalexchen@google.com,
conradparker@google.com, cyhanish@google.com,
dave.hansen@intel.com, haitao.huang@intel.com,
kai.huang@intel.com, kai.svahn@intel.com, kmoy@google.com,
ludloff@google.com, luto@kernel.org, nhorman@redhat.com,
puiterwijk@redhat.com, rientjes@google.com, tglx@linutronix.de,
yaozhangx@google.com, mikko.ylinen@intel.com
Subject: Re: [PATCH v39 11/24] x86/sgx: Add SGX enclave driver
Date: Mon, 5 Oct 2020 01:02:59 +0300 [thread overview]
Message-ID: <20201004220259.GB43926@linux.intel.com> (raw)
In-Reply-To: <20201004215049.GA43926@linux.intel.com>
On Mon, Oct 05, 2020 at 12:51:00AM +0300, Jarkko Sakkinen wrote:
> On Sat, Oct 03, 2020 at 08:54:40PM +0100, Matthew Wilcox wrote:
> > On Sat, Oct 03, 2020 at 07:50:46AM +0300, Jarkko Sakkinen wrote:
> > > + XA_STATE(xas, &encl->page_array, idx_start);
> > > +
> > > + /*
> > > + * Disallow READ_IMPLIES_EXEC tasks as their VMA permissions might
> > > + * conflict with the enclave page permissions.
> > > + */
> > > + if (current->personality & READ_IMPLIES_EXEC)
> > > + return -EACCES;
> > > +
> > > + xas_for_each(&xas, page, idx_end)
> > > + if (!page || (~page->vm_max_prot_bits & vm_prot_bits))
> > > + return -EACCES;
> >
> > You're iterating the array without holding any lock that the XArray knows
> > about. If you're OK with another thread adding/removing pages behind your
> > back, or there's a higher level lock (the mmap_sem?) protecting the XArray
> > from being modified while you walk it, then hold the rcu_read_lock()
> > while walking the array. Otherwise you can prevent modification by
> > calling xas_lock(&xas) and xas_unlock()..
>
> I backtracked this. The locks have been there from v21-v35. This is a
> refactoring mistake in radix_tree to xarray migration happened in v36.
> It's by no means intentional.
>
> What is shoukd take is encl->lock.
>
> The loop was pre-v36 like:
>
> idx_start = PFN_DOWN(start);
> idx_end = PFN_DOWN(end - 1);
>
> for (idx = idx_start; idx <= idx_end; ++idx) {
> mutex_lock(&encl->lock);
> page = radix_tree_lookup(&encl->page_tree, idx);
> mutex_unlock(&encl->lock);
>
> if (!page || (~page->vm_max_prot_bits & vm_prot_bits))
> return -EACCES;
> }
>
> Looking at xarray.h and filemap.c, I'm thinking something along the
> lines of:
>
> for (idx = idx_start; idx <= idx_end; ++idx) {
> mutex_lock(&encl->lock);
> page = xas_find(&xas, idx + 1);
~~~~~~~
idx
> mutex_unlock(&encl->lock);
>
> if (!page || (~page->vm_max_prot_bits & vm_prot_bits))
> return -EACCES;
> }
>
> Does this look about right?
/Jarkko
next prev parent reply other threads:[~2020-10-04 22:03 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-03 4:50 [PATCH v39 00/24] Intel SGX foundations Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 01/24] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits Jarkko Sakkinen
2020-10-19 14:10 ` Dave Hansen
2020-10-19 17:49 ` Sean Christopherson
2020-10-03 4:50 ` [PATCH v39 02/24] x86/cpufeatures: x86/msr: Add Intel SGX Launch Control " Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 03/24] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 04/24] x86/sgx: Add SGX microarchitectural data structures Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 05/24] x86/sgx: Add wrappers for ENCLS leaf functions Jarkko Sakkinen
2020-10-19 14:30 ` Dave Hansen
2020-10-19 17:38 ` Sean Christopherson
2020-10-19 17:48 ` Dave Hansen
2020-10-19 17:53 ` Sean Christopherson
2020-10-19 17:58 ` Dave Hansen
2020-10-03 4:50 ` [PATCH v39 06/24] x86/cpu/intel: Detect SGX support Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 07/24] x86/cpu/intel: Add nosgx kernel parameter Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 08/24] x86/sgx: Initialize metadata for Enclave Page Cache (EPC) sections Jarkko Sakkinen
2020-10-19 8:45 ` Jarkko Sakkinen
2020-10-19 12:39 ` Borislav Petkov
2020-10-23 9:01 ` Jarkko Sakkinen
2020-10-19 13:40 ` Dave Hansen
2020-10-23 9:03 ` Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 09/24] x86/sgx: Add __sgx_alloc_epc_page() and sgx_free_epc_page() Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 10/24] mm: Add 'mprotect' hook to struct vm_operations_struct Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 11/24] x86/sgx: Add SGX enclave driver Jarkko Sakkinen
2020-10-03 14:39 ` Greg KH
2020-10-04 14:32 ` Jarkko Sakkinen
2020-10-04 15:01 ` Jarkko Sakkinen
2020-10-05 9:42 ` Greg KH
2020-10-05 12:42 ` Jarkko Sakkinen
2020-10-07 18:09 ` Haitao Huang
2020-10-07 19:26 ` Greg KH
2020-10-09 6:44 ` Jarkko Sakkinen
2020-10-14 20:16 ` Dave Hansen
2020-10-05 8:45 ` Christoph Hellwig
2020-10-05 11:42 ` Jarkko Sakkinen
2020-10-05 11:50 ` Greg KH
2020-10-05 14:23 ` Jarkko Sakkinen
2020-10-05 15:02 ` Greg KH
2020-10-05 16:40 ` Dave Hansen
2020-10-05 20:02 ` Jarkko Sakkinen
2020-10-09 7:10 ` Pavel Machek
2020-10-09 7:21 ` Greg KH
2020-10-09 8:21 ` Pavel Machek
2020-10-03 19:54 ` Matthew Wilcox
2020-10-04 21:50 ` Jarkko Sakkinen
2020-10-04 22:02 ` Jarkko Sakkinen [this message]
2020-10-04 22:27 ` Matthew Wilcox
2020-10-04 23:41 ` Jarkko Sakkinen
2020-10-05 1:30 ` Matthew Wilcox
2020-10-05 3:06 ` Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 12/24] x86/sgx: Add SGX_IOC_ENCLAVE_CREATE Jarkko Sakkinen
2020-10-16 17:07 ` Dave Hansen
2020-10-18 4:26 ` Jarkko Sakkinen
2020-10-19 20:21 ` Dave Hansen
2020-10-19 20:48 ` Sean Christopherson
2020-10-03 4:50 ` [PATCH v39 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES Jarkko Sakkinen
2020-10-16 21:25 ` Dave Hansen
2020-10-18 5:03 ` Jarkko Sakkinen
2020-10-19 7:03 ` Jarkko Sakkinen
2020-10-19 20:48 ` Dave Hansen
2020-10-19 21:15 ` Sean Christopherson
2020-10-19 21:44 ` Dave Hansen
2020-10-23 10:11 ` Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 14/24] x86/sgx: Add SGX_IOC_ENCLAVE_INIT Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 15/24] x86/sgx: Add SGX_IOC_ENCLAVE_PROVISION Jarkko Sakkinen
2020-10-20 15:48 ` Dave Hansen
2020-10-23 10:14 ` Jarkko Sakkinen
2020-10-20 21:19 ` Dave Hansen
2020-10-23 10:17 ` Jarkko Sakkinen
2020-10-23 14:19 ` Dave Hansen
2020-10-24 11:34 ` Jarkko Sakkinen
2020-10-24 15:47 ` Andy Lutomirski
2020-10-24 20:23 ` Jarkko Sakkinen
2020-10-27 10:38 ` Dr. Greg
2020-10-23 14:23 ` Jethro Beekman
2020-10-24 11:40 ` Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 16/24] x86/sgx: Add a page reclaimer Jarkko Sakkinen
2020-10-03 5:22 ` Haitao Huang
2020-10-03 13:32 ` Jarkko Sakkinen
2020-10-03 18:23 ` Haitao Huang
2020-10-04 22:39 ` Jarkko Sakkinen
2020-10-07 17:25 ` Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 17/24] x86/sgx: Add ptrace() support for the SGX driver Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 18/24] x86/vdso: Add support for exception fixup in vDSO functions Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 19/24] x86/fault: Add helper function to sanitize error code Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 20/24] x86/traps: Attempt to fixup exceptions in vDSO before signaling Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call Jarkko Sakkinen
2020-10-06 2:57 ` Sean Christopherson
2020-10-06 8:30 ` Jethro Beekman
2020-10-06 15:15 ` Sean Christopherson
2020-10-06 17:28 ` Jarkko Sakkinen
2020-10-06 23:21 ` Sean Christopherson
2020-10-07 0:22 ` Jarkko Sakkinen
2020-10-07 1:17 ` Sean Christopherson
2020-10-07 3:14 ` Jarkko Sakkinen
2020-10-07 4:34 ` Sean Christopherson
2020-10-07 7:39 ` Jarkko Sakkinen
2020-10-07 8:04 ` Jarkko Sakkinen
2020-10-07 15:25 ` Sean Christopherson
2020-10-07 17:08 ` Jarkko Sakkinen
2020-10-07 17:13 ` Jarkko Sakkinen
2020-10-06 15:49 ` Jarkko Sakkinen
2020-10-06 15:36 ` Jarkko Sakkinen
2020-10-06 21:39 ` Jarkko Sakkinen
2020-10-07 0:23 ` Jarkko Sakkinen
2020-10-17 1:48 ` Andy Lutomirski
2020-10-17 21:02 ` Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 22/24] selftests/x86: Add a selftest for SGX Jarkko Sakkinen
2020-10-12 16:50 ` Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 23/24] docs: x86/sgx: Document SGX micro architecture and kernel internals Jarkko Sakkinen
2020-10-03 4:50 ` [PATCH v39 24/24] x86/sgx: Update MAINTAINERS Jarkko Sakkinen
2020-10-16 21:04 ` Dave Hansen
2020-10-18 4:27 ` Jarkko Sakkinen
2020-10-03 14:32 ` [PATCH v39 00/24] Intel SGX foundations Greg KH
2020-10-03 14:53 ` Jarkko Sakkinen
2020-10-15 19:06 ` Dave Hansen
2020-10-17 20:43 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201004220259.GB43926@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=asapek@google.com \
--cc=bp@alien8.de \
--cc=cedric.xing@intel.com \
--cc=chenalexchen@google.com \
--cc=conradparker@google.com \
--cc=cyhanish@google.com \
--cc=darren.kenny@oracle.com \
--cc=dave.hansen@intel.com \
--cc=haitao.huang@intel.com \
--cc=haitao.huang@linux.intel.com \
--cc=jethro@fortanix.com \
--cc=jorhand@linux.microsoft.com \
--cc=kai.huang@intel.com \
--cc=kai.svahn@intel.com \
--cc=kmoy@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=ludloff@google.com \
--cc=luto@kernel.org \
--cc=mikko.ylinen@intel.com \
--cc=nhorman@redhat.com \
--cc=npmccallum@redhat.com \
--cc=puiterwijk@redhat.com \
--cc=rientjes@google.com \
--cc=sanqian.hcy@antfin.com \
--cc=sean.j.christopherson@intel.com \
--cc=sethmo@google.com \
--cc=suresh.b.siddha@intel.com \
--cc=tglx@linutronix.de \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
--cc=yaozhangx@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).