On Tue, Jul 07, 2020 at 06:01:52AM +0300, Jarkko Sakkinen wrote:
> +long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg)
> +{
> + struct sgx_encl *encl = filep->private_data;
> + int ret, encl_flags;
> +
> + encl_flags = atomic_fetch_or(SGX_ENCL_IOCTL, &encl->flags);
> + if (encl_flags & SGX_ENCL_IOCTL)
> + return -EBUSY;
As called out in my belated feedback, SGX_ENCL_DEAD needs to be checked
here to prevent invoking ENCLS operations on a dead enclave. If you're
splitting hairs, the check could technically be deferred until the next
patch, "Add SGX_IOC_ENCLAVE_ADD_PAGES", which is the first usage of
sgx_encl_destroy() from an ioctl(), but that seems a bit gratuitous.
> +
> + switch (cmd) {
> + case SGX_IOC_ENCLAVE_CREATE:
> + ret = sgx_ioc_enclave_create(encl, (void __user *)arg);
> + break;
> + default:
> + ret = -ENOIOCTLCMD;
> + break;
> + }
> +
> + atomic_andnot(SGX_ENCL_IOCTL, &encl->flags);
> + return ret;
> +}
> --
> 2.25.1
>
