Fix a bug where sgx_encl_create() incorrectly frees the enclave's SECS
and backing storage when the enclave has already been created. Freeing
the structures leads to various forms of faults due to dereferencing
null pointers.
Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
---
arch/x86/kernel/cpu/sgx/driver/ioctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/sgx/driver/ioctl.c b/arch/x86/kernel/cpu/sgx/driver/ioctl.c
index 700d65c96b9a..18f6925ab2ed 100644
--- a/arch/x86/kernel/cpu/sgx/driver/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/driver/ioctl.c
@@ -277,7 +277,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
if (encl->flags & SGX_ENCL_CREATED) {
ret = -EFAULT;
- goto err_out;
+ goto err_out_unlock;
}
ssaframesize = sgx_calc_ssaframesize(secs->miscselect, secs->xfrm);
@@ -348,6 +348,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
encl->backing = NULL;
}
+err_out_unlock:
mutex_unlock(&encl->lock);
return ret;
}
--
2.22.0
