RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl()

[RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Sean Christopherson <hidden> · 2019-05-31
[RFC PATCH 1/9] x86/sgx: Remove unused local variable in sgx_encl_release() · Sean Christopherson <hidden> · 2019-05-31
Re: [RFC PATCH 1/9] x86/sgx: Remove unused local variable in sgx_encl_release() · Jarkko Sakkinen <hidden> · 2019-06-04
[RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-03
RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-04
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Andy Lutomirski <luto@kernel.org> · 2019-06-04
RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Dave Hansen <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Dave Hansen <hidden> · 2019-06-03
RE: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Sean Christopherson <hidden> · 2019-06-04
Re: [RFC PATCH 3/9] x86/sgx: Allow userspace to add multiple pages in single ioctl() · Jarkko Sakkinen <hidden> · 2019-06-04
[RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Andy Lutomirski <luto@kernel.org> · 2019-06-04
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Jarkko Sakkinen <hidden> · 2019-06-04
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Andy Lutomirski <luto@kernel.org> · 2019-06-04
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Sean Christopherson <hidden> · 2019-06-04
RE: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Jarkko Sakkinen <hidden> · 2019-06-05
Re: [RFC PATCH 7/9] x86/sgx: Enforce noexec filesystem restriction for enclaves · Sean Christopherson <hidden> · 2019-06-06
[RFC PATCH 9/9] security/selinux: Add enclave_load() implementation · Sean Christopherson <hidden> · 2019-05-31
Re: [RFC PATCH 9/9] security/selinux: Add enclave_load() implementation · Stephen Smalley <hidden> · 2019-06-03
Re: [RFC PATCH 9/9] security/selinux: Add enclave_load() implementation · Sean Christopherson <hidden> · 2019-06-03
[RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Stephen Smalley <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Sean Christopherson <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Stephen Smalley <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Dave Hansen <hidden> · 2019-06-03
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Andy Lutomirski <luto@kernel.org> · 2019-06-04
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Sean Christopherson <hidden> · 2019-06-04
RE: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 8/9] LSM: x86/sgx: Introduce ->enclave_load() hook for Intel SGX · Sean Christopherson <hidden> · 2019-06-06
[RFC PATCH 5/9] x86/sgx: Restrict mapping without an enclave page to PROT_NONE · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 5/9] x86/sgx: Restrict mapping without an enclave page to PROT_NONE · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 5/9] x86/sgx: Restrict mapping without an enclave page to PROT_NONE · Jarkko Sakkinen <hidden> · 2019-06-04
[RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() · Jarkko Sakkinen <hidden> · 2019-06-04
Re: [RFC PATCH 4/9] mm: Introduce vm_ops->mprotect() · Andy Lutomirski <luto@kernel.org> · 2019-06-04
[RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Sean Christopherson <hidden> · 2019-05-31
RE: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Jarkko Sakkinen <hidden> · 2019-06-04
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Sean Christopherson <hidden> · 2019-06-04
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Jarkko Sakkinen <hidden> · 2019-06-05
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Andy Lutomirski <luto@kernel.org> · 2019-06-04
RE: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Ayoun, Serge <hidden> · 2019-06-05
Re: [RFC PATCH 6/9] x86/sgx: Require userspace to provide allowed prots to ADD_PAGES · Sean Christopherson <hidden> · 2019-06-05
[RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Sean Christopherson <hidden> · 2019-05-31
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-04
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Andy Lutomirski <luto@kernel.org> · 2019-06-04
RE: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Sean Christopherson <hidden> · 2019-06-05
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-05
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Andy Lutomirski <luto@amacapital.net> · 2019-06-05
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-06
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-13
RE: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Xing, Cedric <hidden> · 2019-06-13
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Sean Christopherson <hidden> · 2019-06-13
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-14
Re: [RFC PATCH 2/9] x86/sgx: Do not naturally align MAP_FIXED address · Jarkko Sakkinen <hidden> · 2019-06-05
RE: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Xing, Cedric <hidden> · 2019-06-02
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Sean Christopherson <hidden> · 2019-06-03
RE: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Sean Christopherson <hidden> · 2019-06-04
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Stephen Smalley <hidden> · 2019-06-04
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Sean Christopherson <hidden> · 2019-06-04
RE: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Xing, Cedric <hidden> · 2019-06-04
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Stephen Smalley <hidden> · 2019-06-03
RE: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Xing, Cedric <hidden> · 2019-06-03
Re: [RFC PATCH 0/9] security: x86/sgx: SGX vs. LSM · Jarkko Sakkinen <hidden> · 2019-06-04

From: Xing, Cedric <hidden>
Date: 2019-06-04 22:02:31
Also in: lkml, selinux

From: Andy Lutomirski [mailto:luto@kernel.org]
Sent: Tuesday, June 04, 2019 1:18 PM

On Mon, Jun 3, 2019 at 1:39 PM Sean Christopherson
[off-list ref] wrote:

quoted

On Mon, Jun 03, 2019 at 01:08:04PM -0700, Sean Christopherson wrote:

quoted

On Sun, Jun 02, 2019 at 11:26:09PM -0700, Xing, Cedric wrote:

quoted

From: Christopherson, Sean J
Sent: Friday, May 31, 2019 4:32 PM

+/**
+ * sgx_ioc_enclave_add_pages - handler for
+%SGX_IOC_ENCLAVE_ADD_PAGES
+ *
+ * @filep:       open file to /dev/sgx
+ * @cmd: the command value
+ * @arg: pointer to an &sgx_enclave_add_page instance
+ *
+ * Add a range of pages to an uninitialized enclave (EADD), and
+optionally
+ * extend the enclave's measurement with the contents of the

page (EEXTEND).

quoted

+ * The range of pages must be virtually contiguous.  The
+SECINFO and
+ * measurement maskare applied to all pages, i.e. pages with
+different
+ * properties must be added in separate calls.
+ *
+ * EADD and EEXTEND are done asynchronously via worker threads.
+A successful
+ * sgx_ioc_enclave_add_page() only indicates the pages have
+been added to the
+ * work queue, it does not guarantee adding the pages to the
+enclave will
+ * succeed.
+ *
+ * Return:
+ *   0 on success,
+ *   -errno otherwise
+ */
+static long sgx_ioc_enclave_add_pages(struct file *filep,

unsigned int cmd,

quoted

+                               unsigned long arg) {  struct
+sgx_enclave_add_pages *addp = (void *)arg;  struct sgx_encl
+*encl = filep->private_data;  struct sgx_secinfo secinfo;
+unsigned int i;  int ret;
+
+ if (copy_from_user(&secinfo, (void __user *)addp->secinfo,
+                    sizeof(secinfo)))
+         return -EFAULT;
+
+ for (i = 0, ret = 0; i < addp->nr_pages && !ret; i++) {
+         if (signal_pending(current))
+                 return -ERESTARTSYS;

If interrupted, how would user mode code know how many pages have

been EADD'ed?

quoted

Hmm, updating nr_pages would be fairly simple and shouldn't confuse
userspace, e.g. as opposed to overloading the return value.

Or maybe update @addr and @src as well?  That would allow userspace to
re-invoke the ioctl() without having to modify the struct.

If you're going to use -ERESTARTSYS, that's the way to go.  -EINTR would
be an alternative.  A benefit of -ERESTARTSYS is that, with -EINTR, it
wouldn't be that surprising for user code to simply fail to handle it.

-EINTR means the call was interrupted before anything could be done. Am I correct?

But in this case some pages have been processed already so I guess we cannot return any error code. I think it more reasonable to return the number of pages (or bytes) processed.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help