Refine the kdoc of sgx_ioc_enclave_add_page() with a proper description about the interaction with mmap(). Without documentation, it is impossible to review the code change. Cc: Serge Ayoun <serge.ayoun@xxxxxxxxx> Cc: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> Cc: Sean Christoherson <sean.j.christopherson@xxxxxxxxx> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> --- arch/x86/kernel/cpu/sgx/ioctl.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index ead9fb2d9b69..4d305b2c08e2 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -442,14 +442,22 @@ static int sgx_encl_add_page(struct sgx_encl *encl, } /** - * sgx_ioc_enclave_add_page - handler for %SGX_IOC_ENCLAVE_ADD_PAGE - * + * sgx_ioc_enclave_add_page() - The handler for %SGX_IOC_ENCLAVE_ADD_PAGE * @filep: open file to /dev/sgx * @arg: a user pointer to a struct sgx_enclave_add_page instance * * Add a page to an uninitialized enclave (EADD), and optionally extend the * enclave's measurement with the contents of the page (EEXTEND). * + * SECINFO limits the maximum permissions, which can be given to mmap(). When + * mapping a range of pages, a page with least permissions will be the limit + * for the whole address range. This differing access levels to the enclave + * memory based on task privileges. + * + * A non-existent page is interpreted as a page with no permissions. In effect, + * this allows mmap() with PROT_NONE to be used to seek an address range for + * the enclave that can be then populated into SECS. + * * Return: * 0 on success, * -EINVAL if other than RWX protection bits have been set -- 2.20.1
