[for,v24,v3,2/4] x86/sgx: %SGX_IOC_ENCLAVE_ADD_PAGES: Destroy enclave when ENCLS fails

Commit Message

Jarkko Sakkinen Nov. 19, 2019, 6:41 p.m. UTC

Destroy enclave on ENCLS[EADD] failure in order to get consistent
behavior when any ENCLS fails in this ioctl.

Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 arch/x86/kernel/cpu/sgx/ioctl.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

Patch

diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index 2d6f7b8cc429..a2b411a8236d 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -413,8 +413,13 @@  static int sgx_encl_add_page(struct sgx_encl *encl,
 
 	ret = __sgx_encl_add_page(encl, encl_page, epc_page, secinfo,
 				  addp->src);
-	if (ret)
+	if (ret) {
+		/* ENCLS failure. */
+		if (ret == -EIO)
+			sgx_encl_destroy(encl);
+
 		goto err_out;
+	}
 
 	/*
 	 * Complete the "add" before doing the "extend" so that the "add"
@@ -428,10 +433,7 @@  static int sgx_encl_add_page(struct sgx_encl *encl,
 	if (addp->flags & SGX_PAGE_MEASURE) {
 		ret = __sgx_encl_extend(encl, epc_page);
 
-		/*
-		 * Destroy the enclave if EEXTEND fails, EADD can't be undone.
-		 * Note, destroy() also frees the resources for the added page.
-		 */
+		/* ENCLS failure. */
 		if (ret) {
 			sgx_encl_destroy(encl);
 			goto out_unlock;
@@ -494,6 +496,10 @@  static int sgx_encl_add_page(struct sgx_encl *encl,
  * re-invoke SGX_IOC_ENCLAVE_ADD_PAGES using the same struct in response to an
  * ERESTARTSYS error.
  *
+ * If ENCLS opcode fails, that effectively means that EPC has been invalidated.
+ * When this happens the enclave is destroyed and -EIO is returned to the
+ * caller.
+ *
  * Return:
  *   0 on success,
  *   -EACCES if an executable source page is located in a noexec partition,