On Mon, Jul 06, 2020 at 08:29:15PM -0700, Sean Christopherson wrote:
> On Tue, Jul 07, 2020 at 06:01:52AM +0300, Jarkko Sakkinen wrote:
> > +long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg)
> > +{
> > + struct sgx_encl *encl = filep->private_data;
> > + int ret, encl_flags;
> > +
> > + encl_flags = atomic_fetch_or(SGX_ENCL_IOCTL, &encl->flags);
> > + if (encl_flags & SGX_ENCL_IOCTL)
> > + return -EBUSY;
>
> As called out in my belated feedback, SGX_ENCL_DEAD needs to be checked
> here to prevent invoking ENCLS operations on a dead enclave. If you're
> splitting hairs, the check could technically be deferred until the next
> patch, "Add SGX_IOC_ENCLAVE_ADD_PAGES", which is the first usage of
> sgx_encl_destroy() from an ioctl(), but that seems a bit gratuitous.
This is already fixed in v35.
/Jarkko
