[intel-sgx-kernel-dev,v8,02/10] intel_sgx: fix deadlock in sgx_ioc_enclave_create()
diff mbox

Message ID 20161208123828.21834-3-jarkko.sakkinen@linux.intel.com
State New
Headers show

Commit Message

Jarkko Sakkinen Dec. 8, 2016, 12:38 p.m. UTC
up_read(&current->mm->mmap_sem) was missing when the VMA validation
fails.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 drivers/platform/x86/intel_sgx_ioctl.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Sean Christopherson Dec. 13, 2016, 6:55 p.m. UTC | #1
On Thu, 2016-12-08 at 14:38 +0200, Jarkko Sakkinen wrote:
> up_read(&current->mm->mmap_sem) was missing when the VMA validation
> fails.
> 
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Tested-by: Sean Christopherson <sean.j.christopherson@intel.com>


> ---
>  drivers/platform/x86/intel_sgx_ioctl.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/platform/x86/intel_sgx_ioctl.c b/drivers/platform/x86/intel_sgx_ioctl.c
> index d54c410..db17b9f 100644
> --- a/drivers/platform/x86/intel_sgx_ioctl.c
> +++ b/drivers/platform/x86/intel_sgx_ioctl.c
> @@ -575,6 +575,7 @@ static long sgx_ioc_enclave_create(struct file *filep, unsigned int cmd,
>  	    vma->vm_start != secs->base ||
>  	    vma->vm_end != (secs->base + secs->size)) {
>  		ret = -EINVAL;
> +		up_read(&current->mm->mmap_sem);
>  		goto out;
>  	}
>  	encl->vma_cnt++;

Patch
diff mbox

diff --git a/drivers/platform/x86/intel_sgx_ioctl.c b/drivers/platform/x86/intel_sgx_ioctl.c
index d54c410..db17b9f 100644
--- a/drivers/platform/x86/intel_sgx_ioctl.c
+++ b/drivers/platform/x86/intel_sgx_ioctl.c
@@ -575,6 +575,7 @@  static long sgx_ioc_enclave_create(struct file *filep, unsigned int cmd,
 	    vma->vm_start != secs->base ||
 	    vma->vm_end != (secs->base + secs->size)) {
 		ret = -EINVAL;
+		up_read(&current->mm->mmap_sem);
 		goto out;
 	}
 	encl->vma_cnt++;