On Mon, Oct 05, 2020 at 12:51:00AM +0300, Jarkko Sakkinen wrote:
> On Sat, Oct 03, 2020 at 08:54:40PM +0100, Matthew Wilcox wrote:
> > On Sat, Oct 03, 2020 at 07:50:46AM +0300, Jarkko Sakkinen wrote:
> > > + XA_STATE(xas, &encl->page_array, idx_start);
> > > +
> > > + /*
> > > + * Disallow READ_IMPLIES_EXEC tasks as their VMA permissions might
> > > + * conflict with the enclave page permissions.
> > > + */
> > > + if (current->personality & READ_IMPLIES_EXEC)
> > > + return -EACCES;
> > > +
> > > + xas_for_each(&xas, page, idx_end)
> > > + if (!page || (~page->vm_max_prot_bits & vm_prot_bits))
> > > + return -EACCES;
> >
> > You're iterating the array without holding any lock that the XArray knows
> > about. If you're OK with another thread adding/removing pages behind your
> > back, or there's a higher level lock (the mmap_sem?) protecting the XArray
> > from being modified while you walk it, then hold the rcu_read_lock()
> > while walking the array. Otherwise you can prevent modification by
> > calling xas_lock(&xas) and xas_unlock()..
>
> I backtracked this. The locks have been there from v21-v35. This is a
> refactoring mistake in radix_tree to xarray migration happened in v36.
> It's by no means intentional.
>
> What is shoukd take is encl->lock.
>
> The loop was pre-v36 like:
>
> idx_start = PFN_DOWN(start);
> idx_end = PFN_DOWN(end - 1);
>
> for (idx = idx_start; idx <= idx_end; ++idx) {
> mutex_lock(&encl->lock);
> page = radix_tree_lookup(&encl->page_tree, idx);
> mutex_unlock(&encl->lock);
>
> if (!page || (~page->vm_max_prot_bits & vm_prot_bits))
> return -EACCES;
> }
>
> Looking at xarray.h and filemap.c, I'm thinking something along the
> lines of:
>
> for (idx = idx_start; idx <= idx_end; ++idx) {
> mutex_lock(&encl->lock);
> page = xas_find(&xas, idx + 1);
~~~~~~~
idx
> mutex_unlock(&encl->lock);
>
> if (!page || (~page->vm_max_prot_bits & vm_prot_bits))
> return -EACCES;
> }
>
> Does this look about right?
/Jarkko
