Set the PROVISIONKEY flag in attributes_mask, a.k.a. the mask of allowed
attributes for the enclave, when the enclave's owner demonstrates access
to /dev/sgx/provision. Setting the flag in the enclave's attributes
effectively declares intent to access the key, whereas the ioctl()'s
intent is to grant access to the key.
Fixes: 80e062767a37 ("x86/sgx: Add SGX_IOC_ENCLAVE_PROVISION")
Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
---
arch/x86/kernel/cpu/sgx/ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index ec38a9416788..16d0c9abafc2 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -763,7 +763,7 @@ static long sgx_ioc_enclave_provision(struct sgx_encl *encl, void __user *arg)
goto out;
}
- encl->attributes |= SGX_ATTR_PROVISIONKEY;
+ encl->attributes_mask |= SGX_ATTR_PROVISIONKEY;
ret = 0;
out:
--
2.28.0
