| Message ID | 20201001210208.19070-1-sean.j.christopherson@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86/sgx: Update correct attributes variable when allowing provisioning | expand |
On Thu, Oct 01, 2020 at 02:02:08PM -0700, Sean Christopherson wrote: > Set the PROVISIONKEY flag in attributes_mask, a.k.a. the mask of allowed > attributes for the enclave, when the enclave's owner demonstrates access > to /dev/sgx/provision. Setting the flag in the enclave's attributes > effectively declares intent to access the key, whereas the ioctl()'s > intent is to grant access to the key. > > Fixes: 80e062767a37 ("x86/sgx: Add SGX_IOC_ENCLAVE_PROVISION") > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> Thank you! For this kind of fixes ignore the fixes tag and just put at most a lore link to the response or something. I feel bad that you went all that trouble writing the paragraph :-) Anyway, thanks again. > --- > arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c > index ec38a9416788..16d0c9abafc2 100644 > --- a/arch/x86/kernel/cpu/sgx/ioctl.c > +++ b/arch/x86/kernel/cpu/sgx/ioctl.c > @@ -763,7 +763,7 @@ static long sgx_ioc_enclave_provision(struct sgx_encl *encl, void __user *arg) > goto out; > } > > - encl->attributes |= SGX_ATTR_PROVISIONKEY; > + encl->attributes_mask |= SGX_ATTR_PROVISIONKEY; > ret = 0; > > out: > -- > 2.28.0 > /Jarkko
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index ec38a9416788..16d0c9abafc2 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -763,7 +763,7 @@ static long sgx_ioc_enclave_provision(struct sgx_encl *encl, void __user *arg) goto out; } - encl->attributes |= SGX_ATTR_PROVISIONKEY; + encl->attributes_mask |= SGX_ATTR_PROVISIONKEY; ret = 0; out:
Set the PROVISIONKEY flag in attributes_mask, a.k.a. the mask of allowed attributes for the enclave, when the enclave's owner demonstrates access to /dev/sgx/provision. Setting the flag in the enclave's attributes effectively declares intent to access the key, whereas the ioctl()'s intent is to grant access to the key. Fixes: 80e062767a37 ("x86/sgx: Add SGX_IOC_ENCLAVE_PROVISION") Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> --- arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)