Add error codes for ENCLS[EUPDATESVN], then SGX CPUSVN update
process can know the execution state of EUPDATESVN and notify
userspace.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
---
arch/x86/include/asm/sgx.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
index 6a0069761508..2da5b3b117a1 100644
--- a/arch/x86/include/asm/sgx.h
+++ b/arch/x86/include/asm/sgx.h
@@ -73,6 +73,10 @@ enum sgx_encls_function {
* public key does not match IA32_SGXLEPUBKEYHASH.
* %SGX_PAGE_NOT_MODIFIABLE: The EPC page cannot be modified because it
* is in the PENDING or MODIFIED state.
+ * %SGX_INSUFFICIENT_ENTROPY: Insufficient entropy in RNG.
+ * %SGX_NO_UPDATE: EUPDATESVN could not update the CPUSVN because the
+ * current SVN was not newer than CPUSVN. This is the most
+ * common error code returned by EUPDATESVN.
* %SGX_UNMASKED_EVENT: An unmasked event, e.g. INTR, was received
*/
enum sgx_return_code {
@@ -81,6 +85,8 @@ enum sgx_return_code {
SGX_CHILD_PRESENT = 13,
SGX_INVALID_EINITTOKEN = 16,
SGX_PAGE_NOT_MODIFIABLE = 20,
+ SGX_INSUFFICIENT_ENTROPY = 29,
+ SGX_NO_UPDATE = 31,
SGX_UNMASKED_EVENT = 128,
};
--
2.45.2On Wed, 2025-08-06 at 11:11 +0300, Elena Reshetova wrote:
> Add error codes for ENCLS[EUPDATESVN], then SGX CPUSVN update
> process can know the execution state of EUPDATESVN and notify
> userspace.
I would also add some text to explain why other error codes are not
defined:
EUPDATESVN will be called when no active SGX user is guaranteed. Only add
the error codes that can legally happen. E.g., it could also fail due to
"SGX not ready" when there's SGX users but it wouldn't happen in this
implementation.
>
> Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
> ---
> arch/x86/include/asm/sgx.h | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
> index 6a0069761508..2da5b3b117a1 100644
> --- a/arch/x86/include/asm/sgx.h
> +++ b/arch/x86/include/asm/sgx.h
> @@ -73,6 +73,10 @@ enum sgx_encls_function {
> * public key does not match IA32_SGXLEPUBKEYHASH.
> * %SGX_PAGE_NOT_MODIFIABLE: The EPC page cannot be modified because it
> * is in the PENDING or MODIFIED state.
> + * %SGX_INSUFFICIENT_ENTROPY: Insufficient entropy in RNG.
> + * %SGX_NO_UPDATE: EUPDATESVN could not update the CPUSVN because the
> + * current SVN was not newer than CPUSVN. This is the most
> + * common error code returned by EUPDATESVN.
> * %SGX_UNMASKED_EVENT: An unmasked event, e.g. INTR, was received
> */
> enum sgx_return_code {
> @@ -81,6 +85,8 @@ enum sgx_return_code {
> SGX_CHILD_PRESENT = 13,
> SGX_INVALID_EINITTOKEN = 16,
> SGX_PAGE_NOT_MODIFIABLE = 20,
> + SGX_INSUFFICIENT_ENTROPY = 29,
> + SGX_NO_UPDATE = 31,
> SGX_UNMASKED_EVENT = 128,
> };
>
> -----Original Message----- > From: Huang, Kai <kai.huang@intel.com> > Sent: Thursday, August 7, 2025 2:50 AM > To: Reshetova, Elena <elena.reshetova@intel.com>; Hansen, Dave > <dave.hansen@intel.com> > Cc: seanjc@google.com; mingo@kernel.org; Scarlata, Vincent R > <vincent.r.scarlata@intel.com>; x86@kernel.org; jarkko@kernel.org; > Annapurve, Vishal <vannapurve@google.com>; linux-kernel@vger.kernel.org; > Mallick, Asit K <asit.k.mallick@intel.com>; Aktas, Erdem > <erdemaktas@google.com>; Cai, Chong <chongc@google.com>; Bondarevska, > Nataliia <bondarn@google.com>; linux-sgx@vger.kernel.org; Raynor, Scott > <scott.raynor@intel.com> > Subject: Re: [PATCH v11 3/5] x86/sgx: Define error codes for use by > ENCLS[EUPDATESVN] > > On Wed, 2025-08-06 at 11:11 +0300, Elena Reshetova wrote: > > Add error codes for ENCLS[EUPDATESVN], then SGX CPUSVN update > > process can know the execution state of EUPDATESVN and notify > > userspace. > > I would also add some text to explain why other error codes are not > defined: > > EUPDATESVN will be called when no active SGX user is guaranteed. Only add > the error codes that can legally happen. E.g., it could also fail due to > "SGX not ready" when there's SGX users but it wouldn't happen in this > implementation. Sure, will add in the next iteration, thanks!
On Wed, 2025-08-06 at 11:11 +0300, Elena Reshetova wrote:
> Add error codes for ENCLS[EUPDATESVN], then SGX CPUSVN update
> process can know the execution state of EUPDATESVN and notify
> userspace.
>
> Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
> ---
> arch/x86/include/asm/sgx.h | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
> index 6a0069761508..2da5b3b117a1 100644
> --- a/arch/x86/include/asm/sgx.h
> +++ b/arch/x86/include/asm/sgx.h
> @@ -73,6 +73,10 @@ enum sgx_encls_function {
> * public key does not match IA32_SGXLEPUBKEYHASH.
> * %SGX_PAGE_NOT_MODIFIABLE: The EPC page cannot be modified because it
> * is in the PENDING or MODIFIED state.
> + * %SGX_INSUFFICIENT_ENTROPY: Insufficient entropy in RNG.
> + * %SGX_NO_UPDATE: EUPDATESVN could not update the CPUSVN because the
> + * current SVN was not newer than CPUSVN. This is the most
> + * common error code returned by EUPDATESVN.
> * %SGX_UNMASKED_EVENT: An unmasked event, e.g. INTR, was received
> */
> enum sgx_return_code {
> @@ -81,6 +85,8 @@ enum sgx_return_code {
> SGX_CHILD_PRESENT = 13,
> SGX_INVALID_EINITTOKEN = 16,
> SGX_PAGE_NOT_MODIFIABLE = 20,
> + SGX_INSUFFICIENT_ENTROPY = 29,
> + SGX_NO_UPDATE = 31,
It seems the tap/writespace is broken, i.e., this error code is not
aligned with others.
> SGX_UNMASKED_EVENT = 128,
> };
>
> -----Original Message-----
> From: Huang, Kai <kai.huang@intel.com>
> Sent: Thursday, August 7, 2025 2:42 AM
> To: Reshetova, Elena <elena.reshetova@intel.com>; Hansen, Dave
> <dave.hansen@intel.com>
> Cc: seanjc@google.com; mingo@kernel.org; Scarlata, Vincent R
> <vincent.r.scarlata@intel.com>; x86@kernel.org; jarkko@kernel.org;
> Annapurve, Vishal <vannapurve@google.com>; linux-kernel@vger.kernel.org;
> Mallick, Asit K <asit.k.mallick@intel.com>; Aktas, Erdem
> <erdemaktas@google.com>; Cai, Chong <chongc@google.com>; Bondarevska,
> Nataliia <bondarn@google.com>; linux-sgx@vger.kernel.org; Raynor, Scott
> <scott.raynor@intel.com>
> Subject: Re: [PATCH v11 3/5] x86/sgx: Define error codes for use by
> ENCLS[EUPDATESVN]
>
> On Wed, 2025-08-06 at 11:11 +0300, Elena Reshetova wrote:
> > Add error codes for ENCLS[EUPDATESVN], then SGX CPUSVN update
> > process can know the execution state of EUPDATESVN and notify
> > userspace.
> >
> > Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
> > ---
> > arch/x86/include/asm/sgx.h | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
> > index 6a0069761508..2da5b3b117a1 100644
> > --- a/arch/x86/include/asm/sgx.h
> > +++ b/arch/x86/include/asm/sgx.h
> > @@ -73,6 +73,10 @@ enum sgx_encls_function {
> > * public key does not match
> IA32_SGXLEPUBKEYHASH.
> > * %SGX_PAGE_NOT_MODIFIABLE: The EPC page cannot be modified
> because it
> > * is in the PENDING or MODIFIED state.
> > + * %SGX_INSUFFICIENT_ENTROPY: Insufficient entropy in RNG.
> > + * %SGX_NO_UPDATE: EUPDATESVN could not update the
> CPUSVN because the
> > + * current SVN was not newer than CPUSVN. This
> is the most
> > + * common error code returned by EUPDATESVN.
> > * %SGX_UNMASKED_EVENT: An unmasked event, e.g. INTR, was
> received
> > */
> > enum sgx_return_code {
> > @@ -81,6 +85,8 @@ enum sgx_return_code {
> > SGX_CHILD_PRESENT = 13,
> > SGX_INVALID_EINITTOKEN = 16,
> > SGX_PAGE_NOT_MODIFIABLE = 20,
> > + SGX_INSUFFICIENT_ENTROPY = 29,
> > + SGX_NO_UPDATE = 31,
>
> It seems the tap/writespace is broken, i.e., this error code is not
> aligned with others.
Not sure how this happened, will fix.
>
> > SGX_UNMASKED_EVENT = 128,
> > };
> >
© 2016 - 2025 Red Hat, Inc.