On Sat, Oct 03, 2020 at 08:54:40PM +0100, Matthew Wilcox wrote:
> On Sat, Oct 03, 2020 at 07:50:46AM +0300, Jarkko Sakkinen wrote:
> > + XA_STATE(xas, &encl->page_array, idx_start);
> > +
> > + /*
> > + * Disallow READ_IMPLIES_EXEC tasks as their VMA permissions might
> > + * conflict with the enclave page permissions.
> > + */
> > + if (current->personality & READ_IMPLIES_EXEC)
> > + return -EACCES;
> > +
> > + xas_for_each(&xas, page, idx_end)
> > + if (!page || (~page->vm_max_prot_bits & vm_prot_bits))
> > + return -EACCES;
>
> You're iterating the array without holding any lock that the XArray knows
> about. If you're OK with another thread adding/removing pages behind your
> back, or there's a higher level lock (the mmap_sem?) protecting the XArray
> from being modified while you walk it, then hold the rcu_read_lock()
> while walking the array. Otherwise you can prevent modification by
> calling xas_lock(&xas) and xas_unlock()..
I backtracked this. The locks have been there from v21-v35. This is a
refactoring mistake in radix_tree to xarray migration happened in v36.
It's by no means intentional.
What is shoukd take is encl->lock.
The loop was pre-v36 like:
idx_start = PFN_DOWN(start);
idx_end = PFN_DOWN(end - 1);
for (idx = idx_start; idx <= idx_end; ++idx) {
mutex_lock(&encl->lock);
page = radix_tree_lookup(&encl->page_tree, idx);
mutex_unlock(&encl->lock);
if (!page || (~page->vm_max_prot_bits & vm_prot_bits))
return -EACCES;
}
Looking at xarray.h and filemap.c, I'm thinking something along the
lines of:
for (idx = idx_start; idx <= idx_end; ++idx) {
mutex_lock(&encl->lock);
page = xas_find(&xas, idx + 1);
mutex_unlock(&encl->lock);
if (!page || (~page->vm_max_prot_bits & vm_prot_bits))
return -EACCES;
}
Does this look about right?
/Jarkko
