When validating a TCS page one should consider the man page of ptrace
(man 2 ptrace):
"request is invalid, or an attempt was made to read from or write to an
invalid area in the tracer's or the tracee's memory, or there was a
word-alignment violation, or an invalid signal was specified during a
restart request."
Thus, returning -ECANCELED is not right thing to do.
Instead, return -EIO when TCS validation fails. In effect, this renders
out the validation code. Remove SGX_ENCL_PAGE_TCS as it is no longer
used for anything.
Cc: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
Cc: Shay Katz-zamir <shay.katz-zamir@xxxxxxxxx>
Cc: Serge Ayoun <serge.ayoun@xxxxxxxxx>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/sgx/encl.c | 16 ++--------------
arch/x86/kernel/cpu/sgx/encl.h | 2 --
arch/x86/kernel/cpu/sgx/ioctl.c | 3 ---
3 files changed, 2 insertions(+), 19 deletions(-)
diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c
index 1c1fbc95be33..66762b9c1517 100644
--- a/arch/x86/kernel/cpu/sgx/encl.c
+++ b/arch/x86/kernel/cpu/sgx/encl.c
@@ -352,14 +352,9 @@ static int sgx_vma_mprotect(struct vm_area_struct *vma, unsigned long start,
static int sgx_edbgrd(struct sgx_encl *encl, struct sgx_encl_page *page,
unsigned long addr, void *data)
{
- unsigned long offset;
+ unsigned long offset = addr & ~PAGE_MASK;
int ret;
- offset = addr & ~PAGE_MASK;
-
- if ((page->desc & SGX_ENCL_PAGE_TCS) &&
- offset > offsetof(struct sgx_tcs, gs_limit))
- return -ECANCELED;
ret = __edbgrd(sgx_epc_addr(page->epc_page) + offset, data);
if (ret)
@@ -371,16 +366,9 @@ static int sgx_edbgrd(struct sgx_encl *encl, struct sgx_encl_page *page,
static int sgx_edbgwr(struct sgx_encl *encl, struct sgx_encl_page *page,
unsigned long addr, void *data)
{
- unsigned long offset;
+ unsigned long offset = addr & ~PAGE_MASK;
int ret;
- offset = addr & ~PAGE_MASK;
-
- /* Writing anything else than flags will cause #GP */
- if ((page->desc & SGX_ENCL_PAGE_TCS) &&
- offset != offsetof(struct sgx_tcs, flags))
- return -ECANCELED;
-
ret = __edbgwr(sgx_epc_addr(page->epc_page) + offset, data);
if (ret)
return -EIO;
diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h
index 95e5713a50ad..c7abca1fcb9d 100644
--- a/arch/x86/kernel/cpu/sgx/encl.h
+++ b/arch/x86/kernel/cpu/sgx/encl.h
@@ -19,7 +19,6 @@
/**
* enum sgx_encl_page_desc - defines bits for an enclave page's descriptor
- * %SGX_ENCL_PAGE_TCS: The page is a TCS page.
* %SGX_ENCL_PAGE_RECLAIMED: The page is in the process of being
* reclaimed.
* %SGX_ENCL_PAGE_VA_OFFSET_MASK: Holds the offset in the Version Array
@@ -30,7 +29,6 @@
* the SECS page.
*/
enum sgx_encl_page_desc {
- SGX_ENCL_PAGE_TCS = BIT(0),
/* Bits 11:3 are available when the page is not swapped. */
SGX_ENCL_PAGE_RECLAIMED = BIT(3),
SGX_ENCL_PAGE_VA_OFFSET_MASK = GENMASK_ULL(11, 3),
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index e57dda38513b..cc77728af7da 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -126,9 +126,6 @@ static struct sgx_encl_page *sgx_encl_page_alloc(struct sgx_encl *encl,
encl_page->desc = addr;
encl_page->encl = encl;
- if (secinfo_flags & SGX_SECINFO_TCS)
- encl_page->desc |= SGX_ENCL_PAGE_TCS;
-
prot = _calc_vm_trans(secinfo_flags, SGX_SECINFO_R, PROT_READ) |
_calc_vm_trans(secinfo_flags, SGX_SECINFO_W, PROT_WRITE) |
_calc_vm_trans(secinfo_flags, SGX_SECINFO_X, PROT_EXEC);
--
2.20.1
