svn commit: r345288 - head/sys/amd64/sgx
Marcin Wojtas
mw at FreeBSD.org
Tue Mar 19 02:34:00 UTC 2019
Author: mw
Date: Tue Mar 19 02:33:58 2019
New Revision: 345288
URL: https://svnweb.freebsd.org/changeset/base/345288
Log:
Prevent loading SGX with incorrect EPC data
It may happen on some machines, that even if SGX is disabled
in firmware, the driver would still attach despite EPC base and
size equal zero. Such behaviour causes a kernel panic when the
module is unloaded. Add a simple check to make sure we
only attach when these values are correctly set.
Submitted by: Kornel Duleba <mindal at semihalf.com>
Reviewed by: br
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D19595
Modified:
head/sys/amd64/sgx/sgx.c
Modified: head/sys/amd64/sgx/sgx.c
==============================================================================
--- head/sys/amd64/sgx/sgx.c Tue Mar 19 00:29:18 2019 (r345287)
+++ head/sys/amd64/sgx/sgx.c Tue Mar 19 02:33:58 2019 (r345288)
@@ -1075,6 +1075,12 @@ sgx_get_epc_area(struct sgx_softc *sc)
(cp[2] & 0xfffff000);
sc->npages = sc->epc_size / SGX_PAGE_SIZE;
+ if (sc->epc_size == 0 || sc->epc_base == 0) {
+ printf("%s: Incorrect EPC data: EPC base %lx, size %lu\n",
+ __func__, sc->epc_base, sc->epc_size);
+ return (EINVAL);
+ }
+
if (cp[3] & 0xffff)
sc->enclave_size_max = (1 << ((cp[3] >> 8) & 0xff));
else
More information about the svn-src-head
mailing list