[intel-sgx-kernel-dev,3/3] intel_sgx: Lock the enclave when updating va_pages
diff mbox

Message ID 1483477647-12054-4-git-send-email-sean.j.christopherson@intel.com
State New
Headers show

Commit Message

Sean Christopherson Jan. 3, 2017, 9:07 p.m. UTC
The unlocked modification of encl->va_pages can cause segfaults if
two or more threads trigger a VA page allocation at the same time.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 drivers/platform/x86/intel_sgx_ioctl.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Jarkko Sakkinen Jan. 4, 2017, 1:48 p.m. UTC | #1
On Tue, Jan 03, 2017 at 01:07:27PM -0800, Sean Christopherson wrote:
> The unlocked modification of encl->va_pages can cause segfaults if
> two or more threads trigger a VA page allocation at the same time.
> 
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>

Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

/Jarkko

> ---
>  drivers/platform/x86/intel_sgx_ioctl.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/platform/x86/intel_sgx_ioctl.c b/drivers/platform/x86/intel_sgx_ioctl.c
> index 3a4a8fa..b78c552 100644
> --- a/drivers/platform/x86/intel_sgx_ioctl.c
> +++ b/drivers/platform/x86/intel_sgx_ioctl.c
> @@ -435,7 +435,10 @@ static int sgx_init_page(struct sgx_encl *encl,
>  
>  		va_page->epc_page = epc_page;
>  		va_offset = sgx_alloc_va_slot(va_page);
> +
> +		mutex_lock(&encl->lock);
>  		list_add(&va_page->list, &encl->va_pages);
> +		mutex_unlock(&encl->lock);
>  	}
>  
>  	entry->va_page = va_page;
> -- 
> 2.7.4
> 
> _______________________________________________
> intel-sgx-kernel-dev mailing list
> intel-sgx-kernel-dev@lists.01.org
> https://lists.01.org/mailman/listinfo/intel-sgx-kernel-dev

Patch
diff mbox

diff --git a/drivers/platform/x86/intel_sgx_ioctl.c b/drivers/platform/x86/intel_sgx_ioctl.c
index 3a4a8fa..b78c552 100644
--- a/drivers/platform/x86/intel_sgx_ioctl.c
+++ b/drivers/platform/x86/intel_sgx_ioctl.c
@@ -435,7 +435,10 @@  static int sgx_init_page(struct sgx_encl *encl,
 
 		va_page->epc_page = epc_page;
 		va_offset = sgx_alloc_va_slot(va_page);
+
+		mutex_lock(&encl->lock);
 		list_add(&va_page->list, &encl->va_pages);
+		mutex_unlock(&encl->lock);
 	}
 
 	entry->va_page = va_page;