On Tue, Jun 04, 2019 at 01:29:10PM -0700, Andy Lutomirski wrote: > On Fri, May 31, 2019 at 4:32 PM Sean Christopherson > <sean.j.christopherson@xxxxxxxxx> wrote: > > static int sgx_encl_add_page(struct sgx_encl *encl, unsigned long addr, > > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h > > index 47f58cfb6a19..0562775424a0 100644 > > --- a/include/linux/lsm_hooks.h > > +++ b/include/linux/lsm_hooks.h > > @@ -1446,6 +1446,14 @@ > > * @bpf_prog_free_security: > > * Clean up the security information stored inside bpf prog. > > * > > + * Security hooks for Intel SGX enclaves. > > + * > > + * @enclave_load: > > + * On success, returns 0 and optionally adjusts @allowed_prot > > + * @vma: the source memory region of the enclave page being loaded. > > + * @prot: the initial protection of the enclave page. > > What do you mean "initial"? The page is always mapped PROT_NONE when > this is called, right? I feel like I must be missing something here. Initial protection in the EPCM. Yet another reason to ignore SECINFO.
