Re: [PATCH] x86/sgx: Avoid using iterator after loop in sgx_mmu_notifier_release()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jarkko Sakkinen <jarkko@kernel.org>
To: Jakob Koschel <jkl820.git@gmail.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
	linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org,
	Pietro Borrello <borrello@diag.uniroma1.it>,
	Cristiano Giuffrida <c.giuffrida@vu.nl>,
	"Bos, H.J." <h.j.bos@vu.nl>
Subject: Re: [PATCH] x86/sgx: Avoid using iterator after loop in sgx_mmu_notifier_release()
Date: Wed, 8 Feb 2023 04:01:05 +0200	[thread overview]
Message-ID: <Y+MCYYQJ0G5w1H63@kernel.org> (raw)
In-Reply-To: <20230206-sgx-use-after-iter-v1-1-c09fb5300b5e@gmail.com>

On Mon, Feb 06, 2023 at 11:39:02AM +0100, Jakob Koschel wrote:
> If &encl_mm->encl->mm_list does not contain the searched 'encl_mm',
> 'tmp' will not point to a valid sgx_encl_mm struct.

Please explain.

Perhaps, extend with something like ", and can be turned into
transient gadget."

> 
> Since the code within the guarded block is just called when the element
> is found, it can simply be moved into the list iterator.
> Within the list iterator 'tmp' is guaranteed to point to a valid
> element.
> 
> Signed-off-by: Jakob Koschel <jkl820.git@gmail.com>
> ---
> Linus proposed to avoid any use of the list iterator variable after the
> loop, in the attempt to move the list iterator variable declaration into
> the marcro to avoid any potential misuse after the loop.
> Using it in a pointer comparision after the loop is undefined behavior
> and should be omitted if possible [1].
> 
> Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/ [1]

I would move all this to the commit message. It is useful information.

> ---
>  arch/x86/kernel/cpu/sgx/encl.c | 10 ++++------
>  1 file changed, 4 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c
> index 2a0e90fe2abc..db585b780141 100644
> --- a/arch/x86/kernel/cpu/sgx/encl.c
> +++ b/arch/x86/kernel/cpu/sgx/encl.c
> @@ -764,15 +764,13 @@ static void sgx_mmu_notifier_release(struct mmu_notifier *mn,
>  	list_for_each_entry(tmp, &encl_mm->encl->mm_list, list) {
>  		if (tmp == encl_mm) {
>  			list_del_rcu(&encl_mm->list);
> -			break;
> +			spin_unlock(&encl_mm->encl->mm_lock);
> +			synchronize_srcu(&encl_mm->encl->srcu);
> +			mmu_notifier_put(mn);
> +			return;
>  		}
>  	}
>  	spin_unlock(&encl_mm->encl->mm_lock);
> -
> -	if (tmp == encl_mm) {
> -		synchronize_srcu(&encl_mm->encl->srcu);
> -		mmu_notifier_put(mn);
> -	}
>  }
>  
>  static void sgx_mmu_notifier_free(struct mmu_notifier *mn)
> 
> ---
> base-commit: d2d11f342b179f1894a901f143ec7c008caba43e
> change-id: 20230206-sgx-use-after-iter-f584c1d64c87
> 
> Best regards,
> -- 
> Jakob Koschel <jkl820.git@gmail.com>
> 

BR, Jarkko

     prev parent reply	other threads:[~2023-02-08  2:01 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-06 10:39 [PATCH] x86/sgx: Avoid using iterator after loop in sgx_mmu_notifier_release() Jakob Koschel
2023-02-06 17:10 ` Dave Hansen
2023-02-06 18:06   ` Jakob Koschel
2023-02-08  2:02   ` Jarkko Sakkinen
2023-02-08  2:01 ` Jarkko Sakkinen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y+MCYYQJ0G5w1H63@kernel.org \
    --to=jarkko@kernel.org \
    --cc=borrello@diag.uniroma1.it \
    --cc=bp@alien8.de \
    --cc=c.giuffrida@vu.nl \
    --cc=dave.hansen@linux.intel.com \
    --cc=h.j.bos@vu.nl \
    --cc=hpa@zytor.com \
    --cc=jkl820.git@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-sgx@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.