On Mon, Aug 19, 2019 at 06:25:43PM +0300, Jarkko Sakkinen wrote: > The validation of TCS permissions was missing from > sgx_validate_secinfo(). This patch adds the validation. > > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> > --- > arch/x86/kernel/cpu/sgx/driver/ioctl.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/arch/x86/kernel/cpu/sgx/driver/ioctl.c b/arch/x86/kernel/cpu/sgx/driver/ioctl.c > index 99b1b9776c3a..2415dcb20a6e 100644 > --- a/arch/x86/kernel/cpu/sgx/driver/ioctl.c > +++ b/arch/x86/kernel/cpu/sgx/driver/ioctl.c > @@ -423,6 +423,12 @@ static int sgx_validate_secinfo(struct sgx_secinfo *secinfo) > if ((perm & SGX_SECINFO_W) && !(perm & SGX_SECINFO_R)) > return -EINVAL; > > + /* CPU will silently overwrite the permissions as zero, which means > + * that we need to validate it ourselves. > + */ > + if (page_type == SGX_SECINFO_TCS && perm) > + return -EINVAL; > + > if (secinfo->flags & SGX_SECINFO_RESERVED_MASK) > return -EINVAL; > > -- > 2.20.1 > OK, just found out that this patch did not end up to my test image and causes a regression. I think this should be fixed in sgx_encl_may_map() by having the following special case for TCS (in addition to the change in this patch of course): 1. Check if we encounter a TCS page. 2. If yes, we evaluate RW for the VM flags. /Jarkko
