Re: [intel-sgx-kernel-dev] [PATCH v7 4/8] intel_sgx: driver for Intel Software Guard Extensions
From: Jarkko Sakkinen
Date: Thu Dec 14 2017 - 08:10:17 EST
On Tue, Dec 12, 2017 at 01:46:48PM -0800, Sean Christopherson wrote:
> So it looks like you avoid the described case by moving B to the head of
> the list in sgx_eldu. The bug I am seeing is still straightforward to
> theorize:
>
> 1. Three VA pages. List = A->B->C
> 2. Fill A and B, use one entry in C. List = C->B->A
> 3. ELDU, freeing a slot in B. List = B->C->A
> 4. EWB, consuming the last slot in B. List = B->C->A
> 5. ELDU, freeing a slot in A. List = A->B->C
> 6. EWB, consuming the last slot in A. List = A->B->C
> 7. ELDU, but both A and B are full
> 8. Explode
I see. It is easy to fix by moving back to of the list immediately after
last allocation. Thanks for pointing this out.
/Jarkko