Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp376117pxu; Fri, 23 Oct 2020 03:14:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy0lC7F6ZHveh/6UJ8ZZhyy7jhe6r8WaJMzHaxpyCtVVRKxP1FbwZf7uBAKWOL8UMuppSMp X-Received: by 2002:a17:906:52d1:: with SMTP id w17mr1249304ejn.164.1603448095851; Fri, 23 Oct 2020 03:14:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603448095; cv=none; d=google.com; s=arc-20160816; b=DuHHTOZRePXCtvOFbCH0EBys09/jk99+7IR+bwCAflOaxRIDt4fmR0JZDsIUHOHEs2 TE+YLlI6/2suLGnnfUOdqXUf4LXceoDGN5Cp6JLQkwThzo5dhilPJYxtfLTg1DMVjoEI 6ghUwFdrEelcesiA7rbfMjQdPPGXaFsGd1uCloyCQqhnmfZsoC/Ri79K9xS5zQRVfUPR xlan5Lo7RP9SC7v3SI824ZpMRWQN7du/m6CPSIeslNFBg+Ub2G+rj4xPF+2sx2aS/uxr WcXVifbLej7i9DPL8mnNT9fE5keG6yxphXeCVpTfnFxshODWZyG7OtNWx8hZKqMxGley vJwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:organization:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :ironport-sdr:ironport-sdr; bh=qhTUoez5xle00kRd+5QPy+a9XqNHx8hFCfAy+33+U98=; b=1I9XS4aXKt5AXS0oUrROmLPm2Lders+EOvOctVYaMbzr1DVopkYwXZnC76IkdpcIQ8 qNWUZUFfnA4AcVid/2vdEUxa3lB7NCRDBfhSC4diUM00Or47p38S7JmYaOirwMzMD7VJ zGJUOSrU6FoWX/H3YCWIhc+KEWqfbOdrI4b6OUI2uVXUn8mdYYwIX7WzC1uqI9v/0E6b oZ/+cYpa1htcpyCdfjXkb+rpQmNyBVZx0DGqWdEegY5zaEqzBQRKZ6TPanKPdSytfe8W fQ3772l3ETrwMFW72gcAHTFy58NPp52+KHJ2KaOl/30I58vLCb7CAcBGJ6ugvKkSBCXj ZY9w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dp13si454009ejc.122.2020.10.23.03.14.32; Fri, 23 Oct 2020 03:14:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S461941AbgJWKMG (ORCPT + 99 others); Fri, 23 Oct 2020 06:12:06 -0400 Received: from mga17.intel.com ([192.55.52.151]:46184 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S461902AbgJWKMF (ORCPT ); Fri, 23 Oct 2020 06:12:05 -0400 IronPort-SDR: 4fU/Woo3wmfkc5Pk3qimhBVE01hqnJRwAn3eLIJ8m9b3k2LJzA6obYmqrh6C5zhxXaydZDFQDj 7VuZ1pPnoaUA== X-IronPort-AV: E=McAfee;i="6000,8403,9782"; a="147513133" X-IronPort-AV: E=Sophos;i="5.77,407,1596524400"; d="scan'208";a="147513133" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Oct 2020 03:11:59 -0700 IronPort-SDR: LSKuDUDfpwS2jQem0DjiV2xOl3oOGjpv/J4wOGYEJ9lcXgMvZn9siwQDe+1XtTE/0JD8p9mo2E iYMGhBGYBt8Q== X-IronPort-AV: E=Sophos;i="5.77,407,1596524400"; d="scan'208";a="534346115" Received: from spiccard-mobl1.ger.corp.intel.com (HELO localhost) ([10.249.41.38]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Oct 2020 03:11:44 -0700 Date: Fri, 23 Oct 2020 13:11:44 +0300 From: Jarkko Sakkinen To: Dave Hansen Cc: Sean Christopherson , x86@kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Haitao Huang , Chunyang Hui , Jordan Hand , Nathaniel McCallum , Seth Moore , Darren Kenny , Suresh Siddha , akpm@linux-foundation.org, andriy.shevchenko@linux.intel.com, asapek@google.com, bp@alien8.de, cedric.xing@intel.com, chenalexchen@google.com, conradparker@google.com, cyhanish@google.com, haitao.huang@intel.com, kai.huang@intel.com, kai.svahn@intel.com, kmoy@google.com, ludloff@google.com, luto@kernel.org, nhorman@redhat.com, puiterwijk@redhat.com, rientjes@google.com, tglx@linutronix.de, yaozhangx@google.com, mikko.ylinen@intel.com Subject: Re: [PATCH v39 13/24] x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES Message-ID: <20201023101144.GE168477@linux.intel.com> References: <20201003045059.665934-1-jarkko.sakkinen@linux.intel.com> <20201003045059.665934-14-jarkko.sakkinen@linux.intel.com> <1739984e-0010-2031-1561-809a0b6380bb@intel.com> <20201018050311.GK68722@linux.intel.com> <516a1b7a-38cc-adde-833b-b661cbee97f2@intel.com> <20201019211525.GC23072@linux.intel.com> <564152e4-2334-2c82-1a12-4c980b08a944@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <564152e4-2334-2c82-1a12-4c980b08a944@intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 19, 2020 at 02:44:19PM -0700, Dave Hansen wrote: > On 10/19/20 2:15 PM, Sean Christopherson wrote: > >>>> Yeah... Don't we need to do another access_ok() check here, if we > >>>> needed one above since we are moving away from addrp.src? > >>> I don't think so because the page is pinned with get_user_pages(). > >> No, get_user_pages() is orthogonal. > >> > >> Looking at this again, you _might_ be OK since you validated addp.length > >> against encl->size. But, it's all very convoluted and doesn't look very > >> organized or obviously right. > > The easiest fix would be to have the existing access_ok() check the entire > > range, no? Or am I missing something obvious? > > In general, I want the actual userspace access to be as close as > possible and 1:1 with the access_ok() checks. That way, it's blatantly > obvious that the pointers have been checked. > > *But* get_user_pages() has access_ok() checks inside of its > implementation, which makes sense. *But*, that begs the question of > what the top-level one was doing in the first place. Maybe it was just > superfluous. > > Either way, it still doesn't explain what this is doing: I guess it is just history. Used to be one page ioctl. > > + ret = get_user_pages(src, 1, 0, &src_page, NULL); > > + if (ret < 1) > > + return -EFAULT; > > + > > + pginfo.secs = (unsigned long)sgx_get_epc_addr(encl->secs.epc_page); > > + pginfo.addr = SGX_ENCL_PAGE_ADDR(encl_page); > > + pginfo.metadata = (unsigned long)secinfo; > > + pginfo.contents = (unsigned long)kmap_atomic(src_page); > > + > > + ret = __eadd(&pginfo, sgx_get_epc_addr(epc_page)); > > + > > + kunmap_atomic((void *)pginfo.contents); > > I think the point is to create a stable kernel alias address for > 'src_page' so that any mucking with the userspace mapping doesn't screw > up the __eadd() and any failures aren't due to reclaim or MADV_DONTNEED. > > If this isn't even touching the userspace mapping, it didn't need > access_ok() in the first place. The whole access_ok() check is just evolutionary cruft. I will remove it. /Jarkko