[intel-sgx-kernel-dev] intel_sgx: fix leak of a backing page in sgx_process_add_page_req()

Message ID	20171010163348.6521-1-jarkko.sakkinen@linux.intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <intel-sgx-kernel-dev-bounces@lists.01.org> Received-SPF: None (no SPF record) identity=mailfrom; client-ip=134.134.136.65; helo=mga03.intel.com; envelope-from=jarkko.sakkinen@linux.intel.com; receiver=intel-sgx-kernel-dev@lists.01.org From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> To: intel-sgx-kernel-dev@lists.01.org Date: Tue, 10 Oct 2017 19:33:48 +0300 Message-Id: <20171010163348.6521-1-jarkko.sakkinen@linux.intel.com> Subject: [intel-sgx-kernel-dev] [PATCH] intel_sgx: fix leak of a backing page in sgx_process_add_page_req() Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: intel-sgx-kernel-dev-bounces@lists.01.org Sender: "intel-sgx-kernel-dev" <intel-sgx-kernel-dev-bounces@lists.01.org>

Message ID

20171010163348.6521-1-jarkko.sakkinen@linux.intel.com (mailing list archive)

State

New, archived

Headers

Received-SPF: None (no SPF record) identity=mailfrom;
	client-ip=134.134.136.65; 
	helo=mga03.intel.com; envelope-from=jarkko.sakkinen@linux.intel.com; 
	receiver=intel-sgx-kernel-dev@lists.01.org 
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: intel-sgx-kernel-dev@lists.01.org
Date: Tue, 10 Oct 2017 19:33:48 +0300
Message-Id: <20171010163348.6521-1-jarkko.sakkinen@linux.intel.com>
Subject: [intel-sgx-kernel-dev] [PATCH] intel_sgx: fix leak of a backing
	page in sgx_process_add_page_req()
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: intel-sgx-kernel-dev-bounces@lists.01.org
Sender: "intel-sgx-kernel-dev" <intel-sgx-kernel-dev-bounces@lists.01.org>

Reported-by: Shay Katz-zamir <shay.katz-zamir@intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- drivers/platform/x86/intel_sgx/sgx_encl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Jarkko Sakkinen Oct. 11, 2017, 11:44 a.m. UTC | #1

On Tue, Oct 10, 2017 at 07:33:48PM +0300, Jarkko Sakkinen wrote:
> Reported-by: Shay Katz-zamir <shay.katz-zamir@intel.com>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> ---
>  drivers/platform/x86/intel_sgx/sgx_encl.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/platform/x86/intel_sgx/sgx_encl.c b/drivers/platform/x86/intel_sgx/sgx_encl.c
> index aa0deed08cee..4a28cbb2baba 100644
> --- a/drivers/platform/x86/intel_sgx/sgx_encl.c
> +++ b/drivers/platform/x86/intel_sgx/sgx_encl.c
> @@ -251,8 +251,10 @@ static bool sgx_process_add_page_req(struct sgx_add_page_req *req,
>  	}
>  
>  	ret = vm_insert_pfn(vma, encl_page->addr, PFN_DOWN(epc_page->pa));
> -	if (ret)
> +	if (ret) {
> +		sgx_put_backing(backing, 0);
>  		return false;
> +	}
>  
>  	ret = sgx_eadd(encl->secs.epc_page, epc_page, encl_page->addr,
>  		       &req->secinfo, backing);
> -- 
> 2.14.1
> 

Merged, v4 backlog has now two entries:

* Removed __exit annotation from sgx_drv_subsys_exit().
* Fix leak of a backing page in sgx_process_add_page_req() when
  vm_insert_pfn() fails.

/Jarkko

diff --git a/drivers/platform/x86/intel_sgx/sgx_encl.c b/drivers/platform/x86/intel_sgx/sgx_encl.c
index aa0deed08cee..4a28cbb2baba 100644
--- a/drivers/platform/x86/intel_sgx/sgx_encl.c
+++ b/drivers/platform/x86/intel_sgx/sgx_encl.c
@@ -251,8 +251,10 @@  static bool sgx_process_add_page_req(struct sgx_add_page_req *req,
 	}
 
 	ret = vm_insert_pfn(vma, encl_page->addr, PFN_DOWN(epc_page->pa));
-	if (ret)
+	if (ret) {
+		sgx_put_backing(backing, 0);
 		return false;
+	}
 
 	ret = sgx_eadd(encl->secs.epc_page, epc_page, encl_page->addr,
 		       &req->secinfo, backing);

[intel-sgx-kernel-dev] intel_sgx: fix leak of a backing page in sgx_process_add_page_req()

Commit Message

Comments

Patch