[PATCH v33 11/21] x86/sgx: Linux Enclave Driver

Jarkko Sakkinen jarkko.sakkinen at linux.intel.com
Tue Oct 27 01:52:22 UTC 2020


On Mon, Oct 26, 2020 at 02:26:13PM -0700, Dave Hansen wrote:
> On 6/26/20 8:34 AM, Borislav Petkov wrote:
> >> +	if (!(atomic_read(&encl->flags) & SGX_ENCL_CREATED))
> >> +		return -EINVAL;
> >> +
> >> +	if (copy_from_user(&addp, arg, sizeof(addp)))
> >> +		return -EFAULT;
> >> +
> >> +	if (!IS_ALIGNED(addp.offset, PAGE_SIZE) ||
> >> +	    !IS_ALIGNED(addp.src, PAGE_SIZE))
> >> +		return -EINVAL;
> >> +
> >> +	if (!(access_ok(addp.src, PAGE_SIZE)))
> >> +		return -EFAULT;
> >> +
> >> +	if (addp.length & (PAGE_SIZE - 1))
> >> +		return -EINVAL;
> > How many pages are allowed? Unlimited? I'm hoping some limits are
> > checked somewhere...
> 
> What were you concerned about here?  Was it how long the syscall could
> take, or that one user could exhaust all the enclave memory in one call?
> 
> Some later versions of this patch have a 1MB limit per to reduce how
> long each SGX_IOC_ENCLAVE_ADD_PAGES call spends in the kernel.  But, I'm
> not _sure_ that's what you were intending.

The loop does check for pending signals, i.e. it is possible to
interrupt it.

/Jarkko



More information about the Linux-security-module-archive mailing list