On Tue, Sep 15, 2020 at 02:05:13PM +0300, Jarkko Sakkinen wrote:
> +/**
> + * sgx_ioc_enclave_set_attribute - handler for %SGX_IOC_ENCLAVE_PROVISION
> + * @filep: open file to /dev/sgx
> + * @arg: userspace pointer to a struct sgx_enclave_provision instance
> + *
> + * Mark the enclave as being allowed to access a restricted attribute bit.
> + * The requested attribute is specified via the attribute_fd field in the
> + * provided struct sgx_enclave_provision. The attribute_fd must be a
> + * handle to an SGX attribute file, e.g. "/dev/sgx/provision".
> + *
> + * Failure to explicitly request access to a restricted attribute will cause
> + * sgx_ioc_enclave_init() to fail. Currently, the only restricted attribute
> + * is access to the PROVISION_KEY.
> + *
> + * Note, access to the EINITTOKEN_KEY is disallowed entirely.
> + *
> + * Return: 0 on success, -errno otherwise
> + */
> +static long sgx_ioc_enclave_provision(struct sgx_encl *encl,
> + void __user *arg)
> +{
> + struct sgx_enclave_provision params;
> + struct file *attribute_file;
> + int ret;
> +
> + if (copy_from_user(¶ms, arg, sizeof(params)))
> + return -EFAULT;
> +
> + attribute_file = fget(params.attribute_fd);
> + if (!attribute_file)
> + return -EINVAL;
> +
> + if (attribute_file->f_op != &sgx_provision_fops) {
> + ret = -EINVAL;
> + goto out;
> + }
> +
> + encl->attributes |= SGX_ATTR_PROVISIONKEY;
This is wrong, it needs to be
encl->attributes_mask |= SGX_ATTR_PROVISION;
else sgx_encl_init() will fail this check
if (encl->attributes & ~encl->attributes_mask)
return -EACCES;
This obviously needs a selftest...
> + ret = 0;
> +
> +out:
> + fput(attribute_file);
> + return ret;
> +}
