Split the huge conditional statement to three separate ones in order to make it easier to understand what is going on in the validation code. Cc: Sean Christopherson <sean.j.christpherson@xxxxxxxxx> Cc: Shay Katz-zamir <shay.katz-zamir@xxxxxxxxx> Cc: Serge Ayoun <serge.ayoun@xxxxxxxxx> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> --- arch/x86/kernel/cpu/sgx/driver/ioctl.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/driver/ioctl.c b/arch/x86/kernel/cpu/sgx/driver/ioctl.c index d5f326411df0..99b1b9776c3a 100644 --- a/arch/x86/kernel/cpu/sgx/driver/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/driver/ioctl.c @@ -415,10 +415,15 @@ static int sgx_validate_secinfo(struct sgx_secinfo *secinfo) u64 page_type = secinfo->flags & SGX_SECINFO_PAGE_TYPE_MASK; u64 perm = secinfo->flags & SGX_SECINFO_PERMISSION_MASK; - if ((secinfo->flags & SGX_SECINFO_RESERVED_MASK) || - ((perm & SGX_SECINFO_W) && !(perm & SGX_SECINFO_R)) || - (page_type != SGX_SECINFO_TCS && page_type != SGX_SECINFO_TRIM && - page_type != SGX_SECINFO_REG)) + if ((page_type != SGX_SECINFO_REG && + page_type != SGX_SECINFO_TCS && + page_type != SGX_SECINFO_TRIM)) + return -EINVAL; + + if ((perm & SGX_SECINFO_W) && !(perm & SGX_SECINFO_R)) + return -EINVAL; + + if (secinfo->flags & SGX_SECINFO_RESERVED_MASK) return -EINVAL; if (memchr_inv(secinfo->reserved, 0, SGX_SECINFO_RESERVED_SIZE)) -- 2.20.1
