Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver

(off-list ancestor, not in this archive)
[PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-06-17
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Borislav Petkov <bp@alien8.de> · 2020-06-25
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Sean Christopherson <hidden> · 2020-06-25
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Borislav Petkov <bp@alien8.de> · 2020-06-25
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-06-26
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-06-25
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Borislav Petkov <bp@alien8.de> · 2020-06-25
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-06-26
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Borislav Petkov <bp@alien8.de> · 2020-06-25
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-06-26
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Borislav Petkov <bp@alien8.de> · 2020-06-26
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Sean Christopherson <hidden> · 2020-06-26
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Borislav Petkov <bp@alien8.de> · 2020-06-26
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-07-03
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-07-03
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Borislav Petkov <bp@alien8.de> · 2020-06-26
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-07-04
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Dave Hansen <hidden> · 2020-10-26
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-10-27
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Borislav Petkov <bp@alien8.de> · 2020-10-27
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Dave Hansen <hidden> · 2020-10-27
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Borislav Petkov <bp@alien8.de> · 2020-10-27
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Borislav Petkov <bp@alien8.de> · 2020-06-27
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Sean Christopherson <hidden> · 2020-06-29
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Borislav Petkov <bp@alien8.de> · 2020-06-29
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-07-04
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Sean Christopherson <hidden> · 2020-07-07
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-07-07
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-07-04
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Sean Christopherson <hidden> · 2020-07-02
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-07-04
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Haitao Huang <hidden> · 2020-09-02
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Sean Christopherson <hidden> · 2020-09-02
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Haitao Huang <hidden> · 2020-09-02
Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver · Jarkko Sakkinen <hidden> · 2020-09-04

From: Haitao Huang <hidden>
Date: 2020-09-02 18:40:59
Also in: lkml

On Wed, 02 Sep 2020 11:10:12 -0500, Sean Christopherson  
[off-list ref] wrote:

On Tue, Sep 01, 2020 at 10:06:32PM -0500, Haitao Huang wrote:

quoted

On Fri, 03 Jul 2020 22:31:10 -0500, Jarkko Sakkinen
[off-list ref] wrote:

quoted

On Wed, Jul 01, 2020 at 08:59:02PM -0700, Sean Christopherson wrote:

quoted

On Thu, Jun 18, 2020 at 01:08:33AM +0300, Jarkko Sakkinen wrote:

quoted

+static int sgx_validate_secs(const struct sgx_secs *secs,
+			     unsigned long ssaframesize)
+{
+	if (secs->size < (2 * PAGE_SIZE) || !is_power_of_2(secs->size))
+		return -EINVAL;
+
+	if (secs->base & (secs->size - 1))
+		return -EINVAL;
+
+	if (secs->miscselect & sgx_misc_reserved_mask ||
+	    secs->attributes & sgx_attributes_reserved_mask ||
+	    secs->xfrm & sgx_xfrm_reserved_mask)
+		return -EINVAL;
+
+	if (secs->attributes & SGX_ATTR_MODE64BIT) {
+		if (secs->size > sgx_encl_size_max_64)
+			return -EINVAL;
+	} else if (secs->size > sgx_encl_size_max_32)
+		return -EINVAL;

These should be >=, not >, the SDM uses one of those fancy ≥

ligatures.

quoted

Internal versions use more obvious pseudocode, e.g.:

    if ((DS:TMP_SECS.ATTRIBUTES.MODE64BIT = 1) AND
        (DS:TMP_SECS.SIZE AND (~((1 << CPUID.18.0:EDX[15:8]) – 1)))
    {
        #GP(0);

Updated as:

static int sgx_validate_secs(const struct sgx_secs *secs)
{
	u64 max_size = (secs->attributes & SGX_ATTR_MODE64BIT) ?
		       sgx_encl_size_max_64 : sgx_encl_size_max_32;

	if (secs->size < (2 * PAGE_SIZE) || !is_power_of_2(secs->size))
		return -EINVAL;

	if (secs->base & (secs->size - 1))
		return -EINVAL;

	if (secs->miscselect & sgx_misc_reserved_mask ||
	    secs->attributes & sgx_attributes_reserved_mask ||
	    secs->xfrm & sgx_xfrm_reserved_mask)
		return -EINVAL;

	if (secs->size >= max_size)
		return -EINVAL;

This should be > not >=. Issue raised and fixed by Fábio Silva for  
ported
patches for OOT SGX support:
https://github.com/intel/SGXDataCenterAttestationPrimitives/pull/123

I tested and verified with Intel arch, the comparison indeed should be

quoted

And this is a confirmed SDM bug, correct?

yes, the pseudo code for ECREATE is inaccurate and inconsistent with the  
CPUID spec. The latter is correct.
Haitao

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help