On 6/26/20 8:34 AM, Borislav Petkov wrote: >> + if (!(atomic_read(&encl->flags) & SGX_ENCL_CREATED)) >> + return -EINVAL; >> + >> + if (copy_from_user(&addp, arg, sizeof(addp))) >> + return -EFAULT; >> + >> + if (!IS_ALIGNED(addp.offset, PAGE_SIZE) || >> + !IS_ALIGNED(addp.src, PAGE_SIZE)) >> + return -EINVAL; >> + >> + if (!(access_ok(addp.src, PAGE_SIZE))) >> + return -EFAULT; >> + >> + if (addp.length & (PAGE_SIZE - 1)) >> + return -EINVAL; > How many pages are allowed? Unlimited? I'm hoping some limits are > checked somewhere... What were you concerned about here? Was it how long the syscall could take, or that one user could exhaust all the enclave memory in one call? Some later versions of this patch have a 1MB limit per to reduce how long each SGX_IOC_ENCLAVE_ADD_PAGES call spends in the kernel. But, I'm not _sure_ that's what you were intending.
