arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Not allowing to set RW for added TCS pages leads only to a special case
to be handled in the user space run-time. Thus, allow permissions to be
set RW. Originally, it would have probably made more sense to check up
that the permissions are RW.
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
arch/x86/kernel/cpu/sgx/ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index 83df20e3e633..f79761ad0400 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -215,7 +215,7 @@ static int sgx_validate_secinfo(struct sgx_secinfo *secinfo)
* CPU will silently overwrite the permissions as zero, which means
* that we need to validate it ourselves.
*/
- if (pt == SGX_SECINFO_TCS && perm)
+ if (pt == SGX_SECINFO_TCS && (perm != 0 || perm != (PROT_READ | PROT_WRITE)))
return -EINVAL;
if (secinfo->flags & SGX_SECINFO_RESERVED_MASK)
--
2.35.1Hi Jarkko, On 3/19/2022 9:30 AM, Jarkko Sakkinen wrote: > Not allowing to set RW for added TCS pages leads only to a special case > to be handled in the user space run-time. Thus, allow permissions to be > set RW. Originally, it would have probably made more sense to check up > that the permissions are RW. > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > --- > arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c > index 83df20e3e633..f79761ad0400 100644 > --- a/arch/x86/kernel/cpu/sgx/ioctl.c > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c > @@ -215,7 +215,7 @@ static int sgx_validate_secinfo(struct sgx_secinfo *secinfo) > * CPU will silently overwrite the permissions as zero, which means > * that we need to validate it ourselves. > */ > - if (pt == SGX_SECINFO_TCS && perm) > + if (pt == SGX_SECINFO_TCS && (perm != 0 || perm != (PROT_READ | PROT_WRITE))) > return -EINVAL; > > if (secinfo->flags & SGX_SECINFO_RESERVED_MASK) The comments above sgx_ioc_enclave_add_pages() seem to indicate that zero permissions are required: "A SECINFO for a TCS is required to always contain zero permissions because CPU silently zeros them. Allowing anything else would cause a mismatch in the measurement." Reinette
On Mon, Mar 28, 2022 at 01:28:39PM -0700, Reinette Chatre wrote: > Hi Jarkko, > > On 3/19/2022 9:30 AM, Jarkko Sakkinen wrote: > > Not allowing to set RW for added TCS pages leads only to a special case > > to be handled in the user space run-time. Thus, allow permissions to be > > set RW. Originally, it would have probably made more sense to check up > > that the permissions are RW. > > > > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> > > --- > > arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c > > index 83df20e3e633..f79761ad0400 100644 > > --- a/arch/x86/kernel/cpu/sgx/ioctl.c > > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c > > @@ -215,7 +215,7 @@ static int sgx_validate_secinfo(struct sgx_secinfo *secinfo) > > * CPU will silently overwrite the permissions as zero, which means > > * that we need to validate it ourselves. > > */ > > - if (pt == SGX_SECINFO_TCS && perm) > > + if (pt == SGX_SECINFO_TCS && (perm != 0 || perm != (PROT_READ | PROT_WRITE))) > > return -EINVAL; > > > > if (secinfo->flags & SGX_SECINFO_RESERVED_MASK) > > The comments above sgx_ioc_enclave_add_pages() seem to indicate that zero > permissions are required: > > "A SECINFO for a TCS is required to always contain zero permissions because > CPU silently zeros them. Allowing anything else would cause a mismatch in > the measurement." I think this can be left out for now but fixing the relative addressing is an obvious fix. BR, Jarkko
© 2016 - 2026 Red Hat, Inc.