Re: [PATCH 14/25] x86/sgx: Tighten accessible memory range after enclave initialization
From: Reinette Chatre
Date: Mon Dec 06 2021 - 16:45:49 EST
Hi Jarkko,
On 12/4/2021 3:14 PM, Jarkko Sakkinen wrote:
diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c
index 342b97dd4c33..37203da382f8 100644
--- a/arch/x86/kernel/cpu/sgx/encl.c
+++ b/arch/x86/kernel/cpu/sgx/encl.c
@@ -403,6 +403,10 @@ int sgx_encl_may_map(struct sgx_encl *encl, unsigned long start,
XA_STATE(xas, &encl->page_array, PFN_DOWN(start));
Please write a comment here.
Would the comment below suffice?
/* Disallow mapping outside enclave's address range. */
+ if (test_bit(SGX_ENCL_INITIALIZED, &encl->flags) &&
+ (start < encl->base || end > encl->base + encl->size))
+ return -EACCES;
+
/*
* Disallow READ_IMPLIES_EXEC tasks as their VMA permissions might
* conflict with the enclave page permissions.
--
2.25.1
Otherwise, makes sense.
Thank you
Reinette