1. Patchew
  2. linux
  3. [PATCH v10 0/6] Enable automatic SVN updates for SGX enclaves
  4. View patch

[PATCH v10 4/6] x86/sgx: Define error codes for use by ENCLS[EUPDATESVN]

Elena Reshetova posted 6 patches 2 months ago
[PATCH v10 4/6] x86/sgx: Define error codes for use by ENCLS[EUPDATESVN]
Posted by Elena Reshetova 2 months ago 
Add error codes for ENCLS[EUPDATESVN], then SGX CPUSVN update
process can know the execution state of EUPDATESVN and notify
userspace.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
---
 arch/x86/include/asm/sgx.h | 37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
index 6a0069761508..1abf1461fab6 100644
--- a/arch/x86/include/asm/sgx.h
+++ b/arch/x86/include/asm/sgx.h
@@ -28,21 +28,22 @@
 #define SGX_CPUID_EPC_MASK	GENMASK(3, 0)
 
 enum sgx_encls_function {
-	ECREATE	= 0x00,
-	EADD	= 0x01,
-	EINIT	= 0x02,
-	EREMOVE	= 0x03,
-	EDGBRD	= 0x04,
-	EDGBWR	= 0x05,
-	EEXTEND	= 0x06,
-	ELDU	= 0x08,
-	EBLOCK	= 0x09,
-	EPA	= 0x0A,
-	EWB	= 0x0B,
-	ETRACK	= 0x0C,
-	EAUG	= 0x0D,
-	EMODPR	= 0x0E,
-	EMODT	= 0x0F,
+	ECREATE		= 0x00,
+	EADD		= 0x01,
+	EINIT		= 0x02,
+	EREMOVE		= 0x03,
+	EDGBRD		= 0x04,
+	EDGBWR		= 0x05,
+	EEXTEND		= 0x06,
+	ELDU		= 0x08,
+	EBLOCK		= 0x09,
+	EPA		= 0x0A,
+	EWB		= 0x0B,
+	ETRACK		= 0x0C,
+	EAUG		= 0x0D,
+	EMODPR		= 0x0E,
+	EMODT		= 0x0F,
+	EUPDATESVN	= 0x18,
 };
 
 /**
@@ -73,6 +74,10 @@ enum sgx_encls_function {
  *				public key does not match IA32_SGXLEPUBKEYHASH.
  * %SGX_PAGE_NOT_MODIFIABLE:	The EPC page cannot be modified because it
  *				is in the PENDING or MODIFIED state.
+ * %SGX_INSUFFICIENT_ENTROPY:	Insufficient entropy in RNG.
+ * %SGX_NO_UPDATE:		EUPDATESVN was successful, but CPUSVN was not
+ *				updated because current SVN was not newer than
+ *				CPUSVN.
  * %SGX_UNMASKED_EVENT:		An unmasked event, e.g. INTR, was received
  */
 enum sgx_return_code {
@@ -81,6 +86,8 @@ enum sgx_return_code {
 	SGX_CHILD_PRESENT		= 13,
 	SGX_INVALID_EINITTOKEN		= 16,
 	SGX_PAGE_NOT_MODIFIABLE		= 20,
+	SGX_INSUFFICIENT_ENTROPY	= 29,
+	SGX_NO_UPDATE				= 31,
 	SGX_UNMASKED_EVENT		= 128,
 };
 
-- 
2.45.2
Re: [PATCH v10 4/6] x86/sgx: Define error codes for use by ENCLS[EUPDATESVN]
Posted by Dave Hansen 2 months ago 
On 8/1/25 04:25, Elena Reshetova wrote:
> Add error codes for ENCLS[EUPDATESVN], then SGX CPUSVN update
> process can know the execution state of EUPDATESVN and notify
> userspace.
> 
> Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
> ---
>  arch/x86/include/asm/sgx.h | 37 ++++++++++++++++++++++---------------
>  1 file changed, 22 insertions(+), 15 deletions(-)
> 
> diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
> index 6a0069761508..1abf1461fab6 100644
> --- a/arch/x86/include/asm/sgx.h
> +++ b/arch/x86/include/asm/sgx.h
> @@ -28,21 +28,22 @@
>  #define SGX_CPUID_EPC_MASK	GENMASK(3, 0)
>  
>  enum sgx_encls_function {
> -	ECREATE	= 0x00,
> -	EADD	= 0x01,
> -	EINIT	= 0x02,
> -	EREMOVE	= 0x03,
> -	EDGBRD	= 0x04,
> -	EDGBWR	= 0x05,
> -	EEXTEND	= 0x06,
> -	ELDU	= 0x08,
> -	EBLOCK	= 0x09,
> -	EPA	= 0x0A,
> -	EWB	= 0x0B,
> -	ETRACK	= 0x0C,
> -	EAUG	= 0x0D,
> -	EMODPR	= 0x0E,
> -	EMODT	= 0x0F,
> +	ECREATE		= 0x00,
> +	EADD		= 0x01,
> +	EINIT		= 0x02,
> +	EREMOVE		= 0x03,
> +	EDGBRD		= 0x04,
> +	EDGBWR		= 0x05,
> +	EEXTEND		= 0x06,
> +	ELDU		= 0x08,
> +	EBLOCK		= 0x09,
> +	EPA		= 0x0A,
> +	EWB		= 0x0B,
> +	ETRACK		= 0x0C,
> +	EAUG		= 0x0D,
> +	EMODPR		= 0x0E,
> +	EMODT		= 0x0F,
> +	EUPDATESVN	= 0x18,
>  };

This update is not consistent with the changelog nor the patch subject.

>  /**
> @@ -73,6 +74,10 @@ enum sgx_encls_function {
>   *				public key does not match IA32_SGXLEPUBKEYHASH.
>   * %SGX_PAGE_NOT_MODIFIABLE:	The EPC page cannot be modified because it
>   *				is in the PENDING or MODIFIED state.
> + * %SGX_INSUFFICIENT_ENTROPY:	Insufficient entropy in RNG.
> + * %SGX_NO_UPDATE:		EUPDATESVN was successful, but CPUSVN was not
> + *				updated because current SVN was not newer than
> + *				CPUSVN.

This comment bothers me. This is an *ERROR* code. It means that
EUPDATESVN was *NOT* successful. It failed. It didn't do an update.

Now, it's not a _bad_ error code. It's kinda like read() returning 0.
It's a "no harm no foul" kind of thing. But it's *NOT* success.

Ideally, we find a way to relay this in a very succinct way.
RE: [PATCH v10 4/6] x86/sgx: Define error codes for use by ENCLS[EUPDATESVN]
Posted by Reshetova, Elena 2 months ago 

> -----Original Message-----
> From: Hansen, Dave <dave.hansen@intel.com>
> Sent: Friday, August 1, 2025 7:57 PM
> To: Reshetova, Elena <elena.reshetova@intel.com>
> Cc: jarkko@kernel.org; seanjc@google.com; Huang, Kai
> <kai.huang@intel.com>; mingo@kernel.org; linux-sgx@vger.kernel.org; linux-
> kernel@vger.kernel.org; x86@kernel.org; Mallick, Asit K
> <asit.k.mallick@intel.com>; Scarlata, Vincent R <vincent.r.scarlata@intel.com>;
> Cai, Chong <chongc@google.com>; Aktas, Erdem <erdemaktas@google.com>;
> Annapurve, Vishal <vannapurve@google.com>; Bondarevska, Nataliia
> <bondarn@google.com>; Raynor, Scott <scott.raynor@intel.com>
> Subject: Re: [PATCH v10 4/6] x86/sgx: Define error codes for use by
> ENCLS[EUPDATESVN]
> 
> On 8/1/25 04:25, Elena Reshetova wrote:
> > Add error codes for ENCLS[EUPDATESVN], then SGX CPUSVN update
> > process can know the execution state of EUPDATESVN and notify
> > userspace.
> >
> > Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
> > ---
> >  arch/x86/include/asm/sgx.h | 37 ++++++++++++++++++++++---------------
> >  1 file changed, 22 insertions(+), 15 deletions(-)
> >
> > diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
> > index 6a0069761508..1abf1461fab6 100644
> > --- a/arch/x86/include/asm/sgx.h
> > +++ b/arch/x86/include/asm/sgx.h
> > @@ -28,21 +28,22 @@
> >  #define SGX_CPUID_EPC_MASK	GENMASK(3, 0)
> >
> >  enum sgx_encls_function {
> > -	ECREATE	= 0x00,
> > -	EADD	= 0x01,
> > -	EINIT	= 0x02,
> > -	EREMOVE	= 0x03,
> > -	EDGBRD	= 0x04,
> > -	EDGBWR	= 0x05,
> > -	EEXTEND	= 0x06,
> > -	ELDU	= 0x08,
> > -	EBLOCK	= 0x09,
> > -	EPA	= 0x0A,
> > -	EWB	= 0x0B,
> > -	ETRACK	= 0x0C,
> > -	EAUG	= 0x0D,
> > -	EMODPR	= 0x0E,
> > -	EMODT	= 0x0F,
> > +	ECREATE		= 0x00,
> > +	EADD		= 0x01,
> > +	EINIT		= 0x02,
> > +	EREMOVE		= 0x03,
> > +	EDGBRD		= 0x04,
> > +	EDGBWR		= 0x05,
> > +	EEXTEND		= 0x06,
> > +	ELDU		= 0x08,
> > +	EBLOCK		= 0x09,
> > +	EPA		= 0x0A,
> > +	EWB		= 0x0B,
> > +	ETRACK		= 0x0C,
> > +	EAUG		= 0x0D,
> > +	EMODPR		= 0x0E,
> > +	EMODT		= 0x0F,
> > +	EUPDATESVN	= 0x18,
> >  };
> 
> This update is not consistent with the changelog nor the patch subject.

I can remove the alignment fix.  

> 
> >  /**
> > @@ -73,6 +74,10 @@ enum sgx_encls_function {
> >   *				public key does not match
> IA32_SGXLEPUBKEYHASH.
> >   * %SGX_PAGE_NOT_MODIFIABLE:	The EPC page cannot be modified
> because it
> >   *				is in the PENDING or MODIFIED state.
> > + * %SGX_INSUFFICIENT_ENTROPY:	Insufficient entropy in RNG.
> > + * %SGX_NO_UPDATE:		EUPDATESVN was successful, but
> CPUSVN was not
> > + *				updated because current SVN was not newer
> than
> > + *				CPUSVN.
> 
> This comment bothers me. This is an *ERROR* code. It means that
> EUPDATESVN was *NOT* successful. It failed. It didn't do an update.
> 
> Now, it's not a _bad_ error code. It's kinda like read() returning 0.
> It's a "no harm no foul" kind of thing. But it's *NOT* success.

Yes, agree on both. 

> 
> Ideally, we find a way to relay this in a very succinct way.

Could you please elaborate what you mean by this? 
Changing the description? The name or? 

Best Regards,
Elena.
Re: [PATCH v10 4/6] x86/sgx: Define error codes for use by ENCLS[EUPDATESVN]
Posted by Dave Hansen 2 months ago 
On 8/4/25 00:21, Reshetova, Elena wrote:
...
>>> +	EUPDATESVN	= 0x18,
>>>  };
>>
>> This update is not consistent with the changelog nor the patch subject.
> 
> I can remove the alignment fix.  

It's not the alignment.

It's the definition of EUPDATESVN that goes completely unmentioned.

...
>> Ideally, we find a way to relay this in a very succinct way.
> 
> Could you please elaborate what you mean by this? 
> Changing the description? The name or? 

Relaying it in the comment next to the definition would be best.
RE: [PATCH v10 4/6] x86/sgx: Define error codes for use by ENCLS[EUPDATESVN]
Posted by Reshetova, Elena 2 months ago 
> -----Original Message-----
> From: Hansen, Dave <dave.hansen@intel.com>
> Sent: Monday, August 4, 2025 5:20 PM
> To: Reshetova, Elena <elena.reshetova@intel.com>
> Cc: jarkko@kernel.org; seanjc@google.com; Huang, Kai
> <kai.huang@intel.com>; mingo@kernel.org; linux-sgx@vger.kernel.org; linux-
> kernel@vger.kernel.org; x86@kernel.org; Mallick, Asit K
> <asit.k.mallick@intel.com>; Scarlata, Vincent R <vincent.r.scarlata@intel.com>;
> Cai, Chong <chongc@google.com>; Aktas, Erdem <erdemaktas@google.com>;
> Annapurve, Vishal <vannapurve@google.com>; Bondarevska, Nataliia
> <bondarn@google.com>; Raynor, Scott <scott.raynor@intel.com>
> Subject: Re: [PATCH v10 4/6] x86/sgx: Define error codes for use by
> ENCLS[EUPDATESVN]
> 
> On 8/4/25 00:21, Reshetova, Elena wrote:
> ...
> >>> +	EUPDATESVN	= 0x18,
> >>>  };
> >>
> >> This update is not consistent with the changelog nor the patch subject.
> >
> > I can remove the alignment fix.
> 
> It's not the alignment.
> 
> It's the definition of EUPDATESVN that goes completely unmentioned.

Yes, good catch, this should be moved to the next patch indeed. 

> 
> ...
> >> Ideally, we find a way to relay this in a very succinct way.
> >
> > Could you please elaborate what you mean by this?
> > Changing the description? The name or?
> 
> Relaying it in the comment next to the definition would be best.

Sure, will try to extend the current description to convey it better.

Best Regards,
Elena.

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.