From owner-svn-src-head@freebsd.org Tue Mar 19 02:34:00 2019 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E06B01538E20; Tue, 19 Mar 2019 02:33:59 +0000 (UTC) (envelope-from mw@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 713BC8DC49; Tue, 19 Mar 2019 02:33:59 +0000 (UTC) (envelope-from mw@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 40FE92A09; Tue, 19 Mar 2019 02:33:59 +0000 (UTC) (envelope-from mw@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x2J2Xxb7084478; Tue, 19 Mar 2019 02:33:59 GMT (envelope-from mw@FreeBSD.org) Received: (from mw@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x2J2Xxu2084477; Tue, 19 Mar 2019 02:33:59 GMT (envelope-from mw@FreeBSD.org) Message-Id: <201903190233.x2J2Xxu2084477@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mw set sender to mw@FreeBSD.org using -f From: Marcin Wojtas Date: Tue, 19 Mar 2019 02:33:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r345288 - head/sys/amd64/sgx X-SVN-Group: head X-SVN-Commit-Author: mw X-SVN-Commit-Paths: head/sys/amd64/sgx X-SVN-Commit-Revision: 345288 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 713BC8DC49 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.95)[-0.951,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Mar 2019 02:34:00 -0000 Author: mw Date: Tue Mar 19 02:33:58 2019 New Revision: 345288 URL: https://svnweb.freebsd.org/changeset/base/345288 Log: Prevent loading SGX with incorrect EPC data It may happen on some machines, that even if SGX is disabled in firmware, the driver would still attach despite EPC base and size equal zero. Such behaviour causes a kernel panic when the module is unloaded. Add a simple check to make sure we only attach when these values are correctly set. Submitted by: Kornel Duleba Reviewed by: br Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D19595 Modified: head/sys/amd64/sgx/sgx.c Modified: head/sys/amd64/sgx/sgx.c ============================================================================== --- head/sys/amd64/sgx/sgx.c Tue Mar 19 00:29:18 2019 (r345287) +++ head/sys/amd64/sgx/sgx.c Tue Mar 19 02:33:58 2019 (r345288) @@ -1075,6 +1075,12 @@ sgx_get_epc_area(struct sgx_softc *sc) (cp[2] & 0xfffff000); sc->npages = sc->epc_size / SGX_PAGE_SIZE; + if (sc->epc_size == 0 || sc->epc_base == 0) { + printf("%s: Incorrect EPC data: EPC base %lx, size %lu\n", + __func__, sc->epc_base, sc->epc_size); + return (EINVAL); + } + if (cp[3] & 0xffff) sc->enclave_size_max = (1 << ((cp[3] >> 8) & 0xff)); else