Hi Jarkko, On 4/6/2022 12:30 AM, Jarkko Sakkinen wrote: > On Tue, 2022-04-05 at 11:59 -0700, Reinette Chatre wrote: >> I plan to replace the current "secinfo" field in struct sgx_enclave_restrict_permissions >> with a new "permissions" field that contain only the permissions. Please let >> me know if you have concerns with this (I also discuss this more in reply to >> your other message related to the page type change ioctl()). > > I'm cool with it but if it is named as "permissions", then > it is already software-defined entity, i.e. meaning just that > have this check in place in the ioctl: > > if (addp->permissions & !(PROT_READ | PROT_WRITE | PROT_EXEC)) > return -EINVAL; > I assume that we do still want to ensure that PROT_READ is always set. I was planning to keep it in the "SGX language" since this is about changing EPCM permissions with values from a runtime understanding SGX permissions in secinfo that will be provided to hardware understanding SGX permissions in secinfo. Thus: if (params.permissions & ~SGX_SECINFO_PERMISSION_MASK) return -EINVAL; if (!(params.permissions & SGX_SECINFO_R)) return -EINVAL; Reinette
