[PATCH v33 11/21] x86/sgx: Linux Enclave Driver

Dave Hansen dave.hansen at intel.com
Mon Oct 26 21:26:13 UTC 2020


On 6/26/20 8:34 AM, Borislav Petkov wrote:
>> +	if (!(atomic_read(&encl->flags) & SGX_ENCL_CREATED))
>> +		return -EINVAL;
>> +
>> +	if (copy_from_user(&addp, arg, sizeof(addp)))
>> +		return -EFAULT;
>> +
>> +	if (!IS_ALIGNED(addp.offset, PAGE_SIZE) ||
>> +	    !IS_ALIGNED(addp.src, PAGE_SIZE))
>> +		return -EINVAL;
>> +
>> +	if (!(access_ok(addp.src, PAGE_SIZE)))
>> +		return -EFAULT;
>> +
>> +	if (addp.length & (PAGE_SIZE - 1))
>> +		return -EINVAL;
> How many pages are allowed? Unlimited? I'm hoping some limits are
> checked somewhere...

What were you concerned about here?  Was it how long the syscall could
take, or that one user could exhaust all the enclave memory in one call?

Some later versions of this patch have a 1MB limit per to reduce how
long each SGX_IOC_ENCLAVE_ADD_PAGES call spends in the kernel.  But, I'm
not _sure_ that's what you were intending.



More information about the Linux-security-module-archive mailing list