> From: Christopherson, Sean J > Sent: Friday, May 31, 2019 4:32 PM > > diff --git a/include/linux/security.h b/include/linux/security.h index > 659071c2e57c..2f7925eeef7e 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -392,6 +392,8 @@ void security_inode_invalidate_secctx(struct inode *inode); int > security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int > security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int > security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); > +int security_enclave_load(struct vm_area_struct *vma, unsigned long prot, > + unsigned long *allowed_prot); Per my comments to the cover letter, security_enclave_load() should have a signature similar to the following: int security_enclave_load(struct file *enclave_fd, unsigned long linear_address, unsigned long nr_pages, int prot, struct vm_area_struct *source_vma); @enclave_fd identifies the enclave to which new pages are being added. @linear_address/@nr_pages specifies the linear range of pages being added. @prot specifies the initial protection of those newly added pages. It is taken from the vma covering the target range. @source_vma covers the source pages in the case of EADD. An LSM is expected to make sure security_file_mprotect(source_vma, prot, prot) would succeed before checking anything else, unless @source_vma is NULL, indicating pages are being EAUG'ed. In all cases, LSM is expected to "remember" @prot for all those pages to be checked in future security_file_mprotect() invocations. > #else /* CONFIG_SECURITY */
