Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver

From: Dave Hansen
Date: Mon Oct 26 2020 - 17:26:17 EST


On 6/26/20 8:34 AM, Borislav Petkov wrote:
>> + if (!(atomic_read(&encl->flags) & SGX_ENCL_CREATED))
>> + return -EINVAL;
>> +
>> + if (copy_from_user(&addp, arg, sizeof(addp)))
>> + return -EFAULT;
>> +
>> + if (!IS_ALIGNED(addp.offset, PAGE_SIZE) ||
>> + !IS_ALIGNED(addp.src, PAGE_SIZE))
>> + return -EINVAL;
>> +
>> + if (!(access_ok(addp.src, PAGE_SIZE)))
>> + return -EFAULT;
>> +
>> + if (addp.length & (PAGE_SIZE - 1))
>> + return -EINVAL;
> How many pages are allowed? Unlimited? I'm hoping some limits are
> checked somewhere...

What were you concerned about here? Was it how long the syscall could
take, or that one user could exhaust all the enclave memory in one call?

Some later versions of this patch have a 1MB limit per to reduce how
long each SGX_IOC_ENCLAVE_ADD_PAGES call spends in the kernel. But, I'm
not _sure_ that's what you were intending.