Re: [PATCH v3 03/25] x86/sgx: Wipe out EREMOVE from sgx_free_epc_page()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 23, 2021, Paolo Bonzini wrote:
> On 23/03/21 18:02, Sean Christopherson wrote:
> > > That's important, but it's even more important *to developers* that the
> > > commit message spells out why this would be a kernel bug more often than
> > > not.  I for one do not understand it, and I suspect I'm not alone.
> > > 
> > > Maybe (optimistically) once we see that explanation we decide that the
> > > documentation is not important.  Sean, Kai, can you explain it?
> > 
> > Thought of a good analogy that can be used for the changelog and/or docs:
> > 
> > This is effectively a kernel use-after-free of EPC, and due to the way SGX works,
> > the bug is detected at freeing.  Rather than add the page back to the pool of
> > available EPC, the kernel intentionally leaks the page to avoid additional
> > errors in the future.
> > 
> > Does that help?
> 
> Very much, and for me this also settles the question of documentation.
> Borislav or Kai, can you add it to the commit message?

One last thought.  This error/WARN doesn't guarantee that a conflict hasn't
already occurred, e.g. the EPC page was prematurely put back on the list and
already handed out to a second enclave.  In that case there will undoubtedly be
a slew of WARNs/errors leading up to this one, I just wanted to clarify that
intentionally leaking the page doesn't magically cure _all_ use-after-free or
double-use bugs.



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux