On Mon, Aug 26, 2019 at 05:11:25PM -0700, Sean Christopherson wrote:
> Add a memory barrier pair to ensure all enclave state is visible in
> memory prior to SGX_ENCL_CREATED being set. Without the barries, adding
> pages and/or initializing the enclaves could theoretically consume stale
> data.
>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> ---
> arch/x86/kernel/cpu/sgx/ioctl.c | 16 +++++++++++++---
> 1 file changed, 13 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
> index 911ff3b0f061..7134d68aecb3 100644
> --- a/arch/x86/kernel/cpu/sgx/ioctl.c
> +++ b/arch/x86/kernel/cpu/sgx/ioctl.c
> @@ -163,6 +163,15 @@ static struct sgx_encl_page *sgx_encl_page_alloc(struct sgx_encl *encl,
> return encl_page;
> }
>
> +static bool is_encl_created(struct sgx_encl *encl)
> +{
> + bool created = encl->flags & SGX_ENCL_CREATED;
> +
> + /* Pairs with smp_wmb() in sgx_encl_create(). */
> + smp_rmb();
> + return created;
> +}
what if you just convert the flags to atomic_t? That would fix this
issue and would prevent analogous issues from occuring.
/Jarkko
