lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 5 Apr 2022 10:00:33 +0300
From:   Jarkko Sakkinen <jarkko@...nel.org>
To:     Reinette Chatre <reinette.chatre@...el.com>
Cc:     dave.hansen@...ux.intel.com, tglx@...utronix.de, bp@...en8.de,
        luto@...nel.org, mingo@...hat.com, linux-sgx@...r.kernel.org,
        x86@...nel.org, seanjc@...gle.com, kai.huang@...el.com,
        cathy.zhang@...el.com, cedric.xing@...el.com,
        haitao.huang@...el.com, mark.shanahan@...el.com, hpa@...or.com,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH V3 10/30] x86/sgx: Create utility to validate user
 provided offset and length

On Mon, Apr 04, 2022 at 09:49:18AM -0700, Reinette Chatre wrote:
> User provided offset and length is validated when parsing the parameters
> of the SGX_IOC_ENCLAVE_ADD_PAGES ioctl(). Extract this validation
> into a utility that can be used by the SGX2 ioctl()s that will
> also provide these values.
> 
> Signed-off-by: Reinette Chatre <reinette.chatre@...el.com>
> ---
> No changes since V2
> 
> Changes since V1:
> - New patch
> 
>  arch/x86/kernel/cpu/sgx/ioctl.c | 28 ++++++++++++++++++++++------
>  1 file changed, 22 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
> index 83df20e3e633..f487549bccba 100644
> --- a/arch/x86/kernel/cpu/sgx/ioctl.c
> +++ b/arch/x86/kernel/cpu/sgx/ioctl.c
> @@ -372,6 +372,26 @@ static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long src,
>  	return ret;
>  }
>  
> +/*
> + * Ensure user provided offset and length values are valid for
> + * an enclave.
> + */
> +static int sgx_validate_offset_length(struct sgx_encl *encl,
> +				      unsigned long offset,
> +				      unsigned long length)
> +{
> +	if (!IS_ALIGNED(offset, PAGE_SIZE))
> +		return -EINVAL;
> +
> +	if (!length || length & (PAGE_SIZE - 1))
> +		return -EINVAL;
> +
> +	if (offset + length - PAGE_SIZE >= encl->size)
> +		return -EINVAL;
> +
> +	return 0;
> +}
> +
>  /**
>   * sgx_ioc_enclave_add_pages() - The handler for %SGX_IOC_ENCLAVE_ADD_PAGES
>   * @encl:       an enclave pointer
> @@ -425,14 +445,10 @@ static long sgx_ioc_enclave_add_pages(struct sgx_encl *encl, void __user *arg)
>  	if (copy_from_user(&add_arg, arg, sizeof(add_arg)))
>  		return -EFAULT;
>  
> -	if (!IS_ALIGNED(add_arg.offset, PAGE_SIZE) ||
> -	    !IS_ALIGNED(add_arg.src, PAGE_SIZE))
> -		return -EINVAL;
> -
> -	if (!add_arg.length || add_arg.length & (PAGE_SIZE - 1))
> +	if (!IS_ALIGNED(add_arg.src, PAGE_SIZE))
>  		return -EINVAL;
>  
> -	if (add_arg.offset + add_arg.length - PAGE_SIZE >= encl->size)
> +	if (sgx_validate_offset_length(encl, add_arg.offset, add_arg.length))
>  		return -EINVAL;
>  
>  	if (copy_from_user(&secinfo, (void __user *)add_arg.secinfo,
> -- 
> 2.25.1
> 


Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ