> From: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> > Sent: Monday, August 19, 2019 18:26 > To: linux-sgx@xxxxxxxxxxxxxxx > Cc: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>; Sean Christopherson > <sean.j.christpherson@xxxxxxxxx>; Katz-zamir, Shay <shay.katz- > zamir@xxxxxxxxx>; Ayoun, Serge <serge.ayoun@xxxxxxxxx> > Subject: [PATCH 3/5] x86/sgx: Make sgx_validate_secinfo() more readable > > Split the huge conditional statement to three separate ones in order to make > it easier to understand what is going on in the validation code. > > Cc: Sean Christopherson <sean.j.christpherson@xxxxxxxxx> > Cc: Shay Katz-zamir <shay.katz-zamir@xxxxxxxxx> > Cc: Serge Ayoun <serge.ayoun@xxxxxxxxx> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> > --- > arch/x86/kernel/cpu/sgx/driver/ioctl.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > > diff --git a/arch/x86/kernel/cpu/sgx/driver/ioctl.c > b/arch/x86/kernel/cpu/sgx/driver/ioctl.c > index d5f326411df0..99b1b9776c3a 100644 > --- a/arch/x86/kernel/cpu/sgx/driver/ioctl.c > +++ b/arch/x86/kernel/cpu/sgx/driver/ioctl.c > @@ -415,10 +415,15 @@ static int sgx_validate_secinfo(struct sgx_secinfo > *secinfo) > u64 page_type = secinfo->flags & SGX_SECINFO_PAGE_TYPE_MASK; > u64 perm = secinfo->flags & SGX_SECINFO_PERMISSION_MASK; > > - if ((secinfo->flags & SGX_SECINFO_RESERVED_MASK) || > - ((perm & SGX_SECINFO_W) && !(perm & SGX_SECINFO_R)) || > - (page_type != SGX_SECINFO_TCS && page_type != > SGX_SECINFO_TRIM && > - page_type != SGX_SECINFO_REG)) > + if ((page_type != SGX_SECINFO_REG && > + page_type != SGX_SECINFO_TCS && > + page_type != SGX_SECINFO_TRIM)) > + return -EINVAL; sgx_validate_secinfo() is called via eadd ioctl. Eadd will fail with TRIM page type, so you probably need to remove it from the if sgx2.0 does not change this behavior > + > + if ((perm & SGX_SECINFO_W) && !(perm & SGX_SECINFO_R)) > + return -EINVAL; > + > + if (secinfo->flags & SGX_SECINFO_RESERVED_MASK) > return -EINVAL; > > if (memchr_inv(secinfo->reserved, 0, > SGX_SECINFO_RESERVED_SIZE)) > -- > 2.20.1 --------------------------------------------------------------------- Intel Israel (74) Limited This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
