In function sgx_encl_create(), the logic of directly assigning
value to attributes_mask determines that the call to
SGX_IOC_ENCLAVE_PROVISION must be after the command of
SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to
or operation, the PROVISION command can be executed earlier and
more flexibly.
Reported-by: Jia Zhang <[email protected]>
Signed-off-by: Tianjia Zhang <[email protected]>
---
arch/x86/kernel/cpu/sgx/ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index f45957c05f69..0ca3fc238bc2 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
encl->base = secs->base;
encl->size = secs->size;
encl->attributes = secs->attributes;
- encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
+ encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
/* Set only after completion, as encl->lock has not been taken. */
set_bit(SGX_ENCL_CREATED, &encl->flags);
--
2.19.1.3.ge56e4f7
On Mon, Jan 18, 2021, Tianjia Zhang wrote:
> In function sgx_encl_create(), the logic of directly assigning
> value to attributes_mask determines that the call to
> SGX_IOC_ENCLAVE_PROVISION must be after the command of
> SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to
> or operation, the PROVISION command can be executed earlier and
> more flexibly.
>
> Reported-by: Jia Zhang <[email protected]>
> Signed-off-by: Tianjia Zhang <[email protected]>
> ---
> arch/x86/kernel/cpu/sgx/ioctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
> index f45957c05f69..0ca3fc238bc2 100644
> --- a/arch/x86/kernel/cpu/sgx/ioctl.c
> +++ b/arch/x86/kernel/cpu/sgx/ioctl.c
> @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
> encl->base = secs->base;
> encl->size = secs->size;
> encl->attributes = secs->attributes;
> - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
> + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
Alternatively, move the existing code to sgx_open()? Initializing the field
when the encl object is allocated feels more correct.
> /* Set only after completion, as encl->lock has not been taken. */
> set_bit(SGX_ENCL_CREATED, &encl->flags);
> --
> 2.19.1.3.ge56e4f7
>
Hi,
On 1/20/21 4:05 AM, Sean Christopherson wrote:
> On Mon, Jan 18, 2021, Tianjia Zhang wrote:
>> In function sgx_encl_create(), the logic of directly assigning
>> value to attributes_mask determines that the call to
>> SGX_IOC_ENCLAVE_PROVISION must be after the command of
>> SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to
>> or operation, the PROVISION command can be executed earlier and
>> more flexibly.
>>
>> Reported-by: Jia Zhang <[email protected]>
>> Signed-off-by: Tianjia Zhang <[email protected]>
>> ---
>> arch/x86/kernel/cpu/sgx/ioctl.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
>> index f45957c05f69..0ca3fc238bc2 100644
>> --- a/arch/x86/kernel/cpu/sgx/ioctl.c
>> +++ b/arch/x86/kernel/cpu/sgx/ioctl.c
>> @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
>> encl->base = secs->base;
>> encl->size = secs->size;
>> encl->attributes = secs->attributes;
>> - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
>> + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
>
> Alternatively, move the existing code to sgx_open()? Initializing the field
> when the encl object is allocated feels more correct.
>
This seems like a good idea. Thanks for your suggestion. I have sent v2
patch, include the next two patches.
Best regards,
Tianjia
On Mon, Jan 18, 2021 at 09:33:35PM +0800, Tianjia Zhang wrote:
> In function sgx_encl_create(), the logic of directly assigning
> value to attributes_mask determines that the call to
> SGX_IOC_ENCLAVE_PROVISION must be after the command of
> SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to
> or operation, the PROVISION command can be executed earlier and
> more flexibly.
>
> Reported-by: Jia Zhang <[email protected]>
> Signed-off-by: Tianjia Zhang <[email protected]>
> ---
Why?
> arch/x86/kernel/cpu/sgx/ioctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
> index f45957c05f69..0ca3fc238bc2 100644
> --- a/arch/x86/kernel/cpu/sgx/ioctl.c
> +++ b/arch/x86/kernel/cpu/sgx/ioctl.c
> @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
> encl->base = secs->base;
> encl->size = secs->size;
> encl->attributes = secs->attributes;
> - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
> + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
>
> /* Set only after completion, as encl->lock has not been taken. */
> set_bit(SGX_ENCL_CREATED, &encl->flags);
> --
> 2.19.1.3.ge56e4f7
>
>
On Wed, Jan 20, 2021 at 11:57:18AM +0800, Tianjia Zhang wrote:
> Hi,
>
> On 1/20/21 4:05 AM, Sean Christopherson wrote:
> > On Mon, Jan 18, 2021, Tianjia Zhang wrote:
> > > In function sgx_encl_create(), the logic of directly assigning
> > > value to attributes_mask determines that the call to
> > > SGX_IOC_ENCLAVE_PROVISION must be after the command of
> > > SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to
> > > or operation, the PROVISION command can be executed earlier and
> > > more flexibly.
> > >
> > > Reported-by: Jia Zhang <[email protected]>
> > > Signed-off-by: Tianjia Zhang <[email protected]>
> > > ---
> > > arch/x86/kernel/cpu/sgx/ioctl.c | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
> > > index f45957c05f69..0ca3fc238bc2 100644
> > > --- a/arch/x86/kernel/cpu/sgx/ioctl.c
> > > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c
> > > @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
> > > encl->base = secs->base;
> > > encl->size = secs->size;
> > > encl->attributes = secs->attributes;
> > > - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
> > > + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
> >
> > Alternatively, move the existing code to sgx_open()? Initializing the field
> > when the encl object is allocated feels more correct.
> >
>
>
> This seems like a good idea. Thanks for your suggestion. I have sent v2
> patch, include the next two patches.
Did you ask from Sean about suggested-by's? Now it looks like
that doing these patches were originally proposed by Sean.
/Jarkko
On Thu, Jan 21, 2021 at 12:34:49AM +0200, Jarkko Sakkinen wrote:
> On Wed, Jan 20, 2021 at 11:57:18AM +0800, Tianjia Zhang wrote:
> > Hi,
> >
> > On 1/20/21 4:05 AM, Sean Christopherson wrote:
> > > On Mon, Jan 18, 2021, Tianjia Zhang wrote:
> > > > In function sgx_encl_create(), the logic of directly assigning
> > > > value to attributes_mask determines that the call to
> > > > SGX_IOC_ENCLAVE_PROVISION must be after the command of
> > > > SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to
> > > > or operation, the PROVISION command can be executed earlier and
> > > > more flexibly.
> > > >
> > > > Reported-by: Jia Zhang <[email protected]>
> > > > Signed-off-by: Tianjia Zhang <[email protected]>
> > > > ---
> > > > arch/x86/kernel/cpu/sgx/ioctl.c | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
> > > > index f45957c05f69..0ca3fc238bc2 100644
> > > > --- a/arch/x86/kernel/cpu/sgx/ioctl.c
> > > > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c
> > > > @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
> > > > encl->base = secs->base;
> > > > encl->size = secs->size;
> > > > encl->attributes = secs->attributes;
> > > > - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
> > > > + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
> > >
> > > Alternatively, move the existing code to sgx_open()? Initializing the field
> > > when the encl object is allocated feels more correct.
> > >
> >
> >
> > This seems like a good idea. Thanks for your suggestion. I have sent v2
> > patch, include the next two patches.
>
> Did you ask from Sean about suggested-by's? Now it looks like
> that doing these patches were originally proposed by Sean.
Please do not add tags from people *unauthentically*. I do not
see anything from Sean to any of the patches that would suggest
adding those tags. You are basically just stamping that to all
patches, which he has given a code review. Can you stop doing
this?
/Jarkko
On 1/21/21 6:37 AM, Jarkko Sakkinen wrote:
> On Thu, Jan 21, 2021 at 12:34:49AM +0200, Jarkko Sakkinen wrote:
>> On Wed, Jan 20, 2021 at 11:57:18AM +0800, Tianjia Zhang wrote:
>>> Hi,
>>>
>>> On 1/20/21 4:05 AM, Sean Christopherson wrote:
>>>> On Mon, Jan 18, 2021, Tianjia Zhang wrote:
>>>>> In function sgx_encl_create(), the logic of directly assigning
>>>>> value to attributes_mask determines that the call to
>>>>> SGX_IOC_ENCLAVE_PROVISION must be after the command of
>>>>> SGX_IOC_ENCLAVE_CREATE. If change this assignment statement to
>>>>> or operation, the PROVISION command can be executed earlier and
>>>>> more flexibly.
>>>>>
>>>>> Reported-by: Jia Zhang <[email protected]>
>>>>> Signed-off-by: Tianjia Zhang <[email protected]>
>>>>> ---
>>>>> arch/x86/kernel/cpu/sgx/ioctl.c | 2 +-
>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
>>>>> index f45957c05f69..0ca3fc238bc2 100644
>>>>> --- a/arch/x86/kernel/cpu/sgx/ioctl.c
>>>>> +++ b/arch/x86/kernel/cpu/sgx/ioctl.c
>>>>> @@ -108,7 +108,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
>>>>> encl->base = secs->base;
>>>>> encl->size = secs->size;
>>>>> encl->attributes = secs->attributes;
>>>>> - encl->attributes_mask = SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
>>>>> + encl->attributes_mask |= SGX_ATTR_DEBUG | SGX_ATTR_MODE64BIT | SGX_ATTR_KSS;
>>>>
>>>> Alternatively, move the existing code to sgx_open()? Initializing the field
>>>> when the encl object is allocated feels more correct.
>>>>
>>>
>>>
>>> This seems like a good idea. Thanks for your suggestion. I have sent v2
>>> patch, include the next two patches.
>>
>> Did you ask from Sean about suggested-by's? Now it looks like
>> that doing these patches were originally proposed by Sean.
>
> Please do not add tags from people *unauthentically*. I do not
> see anything from Sean to any of the patches that would suggest
> adding those tags. You are basically just stamping that to all
> patches, which he has given a code review. Can you stop doing
> this?
>
> /Jarkko
>
I am very sorry for the trouble caused to you, I have made improvements
in the new patch, thanks for your suggestions.
Best regards,
Tianjia