Re: [PATCH v5] x86/sgx: Fix use-after-free in sgx_mmu_notifier_release()

On 1/30/21 11:20 AM, Jarkko Sakkinen wrote: ...

Example scenario would such that all removals "side-channel" through the notifier callback. Then mmu_notifier_unregister() gets called exactly zero times. No MMU notifier srcu sync would be then happening.

NOTE: There's bunch of other examples, I'm just giving one.

Could you flesh this out a bit? I don't quite understand the scenario from what you describe above.

In any case, I'm open to other implementations that fix the race we know about. If you think you have a better fix, I'm happy to review it and make sure it closes the other race.