diff options
Diffstat (limited to '0020-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch')
| -rw-r--r-- | 0020-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/0020-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch b/0020-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch new file mode 100644 index 000000000000..2381237df89c --- /dev/null +++ b/0020-x86-sgx-Tighten-accessible-memory-range-after-enclav.patch @@ -0,0 +1,57 @@ +From 94d96d463650dee683538bb1563a71afca7719cb Mon Sep 17 00:00:00 2001 +From: Reinette Chatre <reinette.chatre@intel.com> +Date: Mon, 7 Feb 2022 16:45:42 -0800 +Subject: [PATCH 20/34] x86/sgx: Tighten accessible memory range after enclave + initialization + +Before an enclave is initialized the enclave's memory range is unknown. +The enclave's memory range is learned at the time it is created via the +SGX_IOC_ENCLAVE_CREATE ioctl() where the provided memory range is +obtained from an earlier mmap() of /dev/sgx_enclave. After an enclave +is initialized its memory can be mapped into user space (mmap()) from +where it can be entered at its defined entry points. + +With the enclave's memory range known after it is initialized there is +no reason why it should be possible to map memory outside this range. + +Lock down access to the initialized enclave's memory range by denying +any attempt to map memory outside its memory range. + +Locking down the memory range also makes adding pages to an initialized +enclave more efficient. Pages are added to an initialized enclave by +accessing memory that belongs to the enclave's memory range but not yet +backed by an enclave page. If it is possible for user space to map +memory that does not form part of the enclave then an access to this +memory would eventually fail. Failures range from a prompt general +protection fault if the access was an ENCLU[EACCEPT] from within the +enclave, or a page fault via the vDSO if it was another access from +within the enclave, or a SIGBUS (also resulting from a page fault) if +the access was from outside the enclave. + +Disallowing invalid memory to be mapped in the first place avoids +preventable failures. + +Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> +--- + arch/x86/kernel/cpu/sgx/encl.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c +index a5b1da1e5bd4..5fe7189eac9d 100644 +--- a/arch/x86/kernel/cpu/sgx/encl.c ++++ b/arch/x86/kernel/cpu/sgx/encl.c +@@ -444,6 +444,11 @@ int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start, + + XA_STATE(xas, &encl->page_array, PFN_DOWN(start)); + ++ /* Disallow mapping outside enclave's address range. */ ++ if (test_bit(SGX_ENCL_INITIALIZED, &encl->flags) && ++ (start < encl->base || end > encl->base + encl->size)) ++ return -EACCES; ++ + /* + * Disallow READ_IMPLIES_EXEC tasks as their VMA permissions might + * conflict with the enclave page permissions. +-- +2.35.1 + |