Preserve any existing attributes set via ENCLAVE_SET_ATTRIBUTE when setting the always allowed attributes during ENCLAVE_CREATE. There is no requirement that ENCLAVE_SET_ATTRIBUTE can only be called after the enclave is created. Note, this does not fix a race condition between ENCLAVE_CREATE and ENCLAVE_SET_ATTRIBUTE, as the latter doesn't take encl->lock. This will be addressed in a future patch. Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx> --- arch/x86/kernel/cpu/sgx/ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index 7134d68aecb3..103851babc75 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -232,7 +232,7 @@ static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs) encl->secs.encl = encl; encl->secs_attributes = secs->attributes; - encl->allowed_attributes = SGX_ATTR_ALLOWED_MASK; + encl->allowed_attributes |= SGX_ATTR_ALLOWED_MASK; encl->base = secs->base; encl->size = secs->size; encl->ssaframesize = secs->ssa_frame_size; -- 2.22.0
