| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z8eUcELiMdcM5IJq@kernel.org> Date: Wed, 5 Mar 2025 02:01:52 +0200 From: Jarkko Sakkinen <jarkko@...nel.org> To: Dave Hansen <dave.hansen@...el.com> Cc: linux-sgx@...r.kernel.org, Dave Hansen <dave.hansen@...ux.intel.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, Dan Carpenter <dan.carpenter@...aro.org>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] arch/x86: Fix size overflows in sgx_encl_create() On Tue, Mar 04, 2025 at 03:30:54PM -0800, Dave Hansen wrote: > On 3/4/25 14:56, Jarkko Sakkinen wrote: > > The total size calculated for EPC can overflow u64 given the added up page > > for SECS. Further, the total size calculated for shmem can overflow even > > when the EPC size stays within limits of u64, given that it adds the extra > > space for 128 byte PCMD structures (one for each page). > > > > Address this by adding the necessary validation for each partial results > > before going forward. Return -E2BIG when an overflow is detected. > > Wouldn't this be a lot simpler if we just had some sane limit that's > *FAR* below where u64 will overflow? Yes, we can simply check right at the get go that the uarch requirement of SGX is satisfied: secs->size is power of two. BR, Jarkko
Powered by blists - more mailing lists