On Thu, Apr 08, 2021, Kai Huang wrote: > + /* > + * Copy contents into kernel memory to prevent TOCTOU attack. E.g. the > + * guest could do ECREATE w/ SECS.SGX_ATTR_PROVISIONKEY=0, and > + * simultaneously set SGX_ATTR_PROVISIONKEY to bypass the check to > + * enforce restriction of access to the PROVISIONKEY. > + */ > + contents = (struct sgx_secs *)__get_free_page(GFP_KERNEL); This should use GFP_KERNEL_ACCOUNT.
