| Message ID | 1490874502-2898-1-git-send-email-serge.ayoun@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Thu, Mar 30, 2017 at 02:48:22PM +0300, Serge Ayoun wrote: > ENCLS(EINIT) instruction errors (during ENCLAVE_INIT ioctl call) are > now returned without a change instead of being translated to OS > generic errors. Documentation updated. > > Signed-off-by: Serge Ayoun <serge.ayoun@intel.com> > --- > Documentation/x86/intel_sgx.rst | 24 ++++++++++++++++++++++++ > drivers/platform/x86/intel_sgx_ioctl.c | 16 ---------------- > 2 files changed, 24 insertions(+), 16 deletions(-) > > diff --git a/Documentation/x86/intel_sgx.rst b/Documentation/x86/intel_sgx.rst > index fb2f9df..1825c92 100644 > --- a/Documentation/x86/intel_sgx.rst > +++ b/Documentation/x86/intel_sgx.rst > @@ -85,6 +85,29 @@ by using the ENCLS(EDBGRD) and ENCLS(EDBGWR) opcodes. The Intel provided launch > enclave provides them always a valid EINITTOKEN and therefore they are a low > hanging fruit way to try out SGX. > > +SGX_IOC_ENCLAVE_INIT Description: > +================================ > + > +The SGX_IOC_ENCLAVE_INIT ioctl has a different behavior than the others: its > +return value may reflect the possible error returned by the ENCLS(EINIT) > +instruction: > + > +0x0: success > +0x1: (SGX_INVALID_SIG_STRUCT) the sigstruct has an invalid field > +0x2: (SGX_INVALID_ATTRIBUTE) the token or the sigstruct have an > + unexpected or wrong attribute, mask or signer > +0x4: (SGX_INVALID_MEASUREMENT) the token or the sigstruct has an invalid > + measurement > +0x8: (SGX_INVALID_SIGNATURE) signature validation check has failed > +0x10: (SGX_INVALID_LICENSE) The token license validation has failed > +0x20: (SGX_INVALID_CPUSVN) The token cpu svn used is not supported by > + current cpu > +0x80: (SGX_UNMASKED_EVENT) system too busy to perform EINIT > +0x40000000: (SGX_POWER_LOSS) A sleep transition has occurred and the > + enclave is not valid anymore > +0x40000001: (SGX_LE_ROLLBACK) The launch enclave isv svn of the the > + license is not supported > + The return values should be documented into the documentation comment in intel_sgx_ioctl.c. I'll propose the following for this particular fix. I'll take your code change and take care of updating documentation. /Jarkko
It's now squashed. /Jarkko On Thu, Mar 30, 2017 at 02:48:22PM +0300, Serge Ayoun wrote: > ENCLS(EINIT) instruction errors (during ENCLAVE_INIT ioctl call) are > now returned without a change instead of being translated to OS > generic errors. Documentation updated. > > Signed-off-by: Serge Ayoun <serge.ayoun@intel.com> > --- > Documentation/x86/intel_sgx.rst | 24 ++++++++++++++++++++++++ > drivers/platform/x86/intel_sgx_ioctl.c | 16 ---------------- > 2 files changed, 24 insertions(+), 16 deletions(-) > > diff --git a/Documentation/x86/intel_sgx.rst b/Documentation/x86/intel_sgx.rst > index fb2f9df..1825c92 100644 > --- a/Documentation/x86/intel_sgx.rst > +++ b/Documentation/x86/intel_sgx.rst > @@ -85,6 +85,29 @@ by using the ENCLS(EDBGRD) and ENCLS(EDBGWR) opcodes. The Intel provided launch > enclave provides them always a valid EINITTOKEN and therefore they are a low > hanging fruit way to try out SGX. > > +SGX_IOC_ENCLAVE_INIT Description: > +================================ > + > +The SGX_IOC_ENCLAVE_INIT ioctl has a different behavior than the others: its > +return value may reflect the possible error returned by the ENCLS(EINIT) > +instruction: > + > +0x0: success > +0x1: (SGX_INVALID_SIG_STRUCT) the sigstruct has an invalid field > +0x2: (SGX_INVALID_ATTRIBUTE) the token or the sigstruct have an > + unexpected or wrong attribute, mask or signer > +0x4: (SGX_INVALID_MEASUREMENT) the token or the sigstruct has an invalid > + measurement > +0x8: (SGX_INVALID_SIGNATURE) signature validation check has failed > +0x10: (SGX_INVALID_LICENSE) The token license validation has failed > +0x20: (SGX_INVALID_CPUSVN) The token cpu svn used is not supported by > + current cpu > +0x80: (SGX_UNMASKED_EVENT) system too busy to perform EINIT > +0x40000000: (SGX_POWER_LOSS) A sleep transition has occurred and the > + enclave is not valid anymore > +0x40000001: (SGX_LE_ROLLBACK) The launch enclave isv svn of the the > + license is not supported > + > SGX uapi > ======== > > @@ -94,3 +117,4 @@ SGX uapi > sgx_ioc_enclave_init > > .. kernel-doc:: arch/x86/include/uapi/asm/sgx.h > + > diff --git a/drivers/platform/x86/intel_sgx_ioctl.c b/drivers/platform/x86/intel_sgx_ioctl.c > index e0e2f14..057f311 100644 > --- a/drivers/platform/x86/intel_sgx_ioctl.c > +++ b/drivers/platform/x86/intel_sgx_ioctl.c > @@ -848,22 +848,6 @@ static int __sgx_encl_init(struct sgx_encl *encl, char *sigstruct, > out: > if (ret) { > sgx_dbg(encl, "EINIT returned %d\n", ret); > - switch (ret) { > - case SGX_UNMASKED_EVENT: > - ret = -EBUSY; > - break; > - case SGX_INVALID_SIG_STRUCT: > - case SGX_INVALID_ATTRIBUTE: > - case SGX_INVALID_MEASUREMENT: > - case SGX_INVALID_SIGNATURE: > - case SGX_INVALID_LICENSE: > - case SGX_INVALID_CPUSVN: > - ret = -EPERM; > - break; > - default: > - ret = -EFAULT; > - break; > - } > } else { > encl->flags |= SGX_ENCL_INITIALIZED; > > -- > 1.9.1 > > --------------------------------------------------------------------- > Intel Israel (74) Limited > > This e-mail and any attachments may contain confidential material for > the sole use of the intended recipient(s). Any review or distribution > by others is strictly prohibited. If you are not the intended > recipient, please contact the sender and delete all copies. > > _______________________________________________ > intel-sgx-kernel-dev mailing list > intel-sgx-kernel-dev@lists.01.org > https://lists.01.org/mailman/listinfo/intel-sgx-kernel-dev
diff --git a/Documentation/x86/intel_sgx.rst b/Documentation/x86/intel_sgx.rst index fb2f9df..1825c92 100644 --- a/Documentation/x86/intel_sgx.rst +++ b/Documentation/x86/intel_sgx.rst @@ -85,6 +85,29 @@ by using the ENCLS(EDBGRD) and ENCLS(EDBGWR) opcodes. The Intel provided launch enclave provides them always a valid EINITTOKEN and therefore they are a low hanging fruit way to try out SGX. +SGX_IOC_ENCLAVE_INIT Description: +================================ + +The SGX_IOC_ENCLAVE_INIT ioctl has a different behavior than the others: its +return value may reflect the possible error returned by the ENCLS(EINIT) +instruction: + +0x0: success +0x1: (SGX_INVALID_SIG_STRUCT) the sigstruct has an invalid field +0x2: (SGX_INVALID_ATTRIBUTE) the token or the sigstruct have an + unexpected or wrong attribute, mask or signer +0x4: (SGX_INVALID_MEASUREMENT) the token or the sigstruct has an invalid + measurement +0x8: (SGX_INVALID_SIGNATURE) signature validation check has failed +0x10: (SGX_INVALID_LICENSE) The token license validation has failed +0x20: (SGX_INVALID_CPUSVN) The token cpu svn used is not supported by + current cpu +0x80: (SGX_UNMASKED_EVENT) system too busy to perform EINIT +0x40000000: (SGX_POWER_LOSS) A sleep transition has occurred and the + enclave is not valid anymore +0x40000001: (SGX_LE_ROLLBACK) The launch enclave isv svn of the the + license is not supported + SGX uapi ======== @@ -94,3 +117,4 @@ SGX uapi sgx_ioc_enclave_init .. kernel-doc:: arch/x86/include/uapi/asm/sgx.h + diff --git a/drivers/platform/x86/intel_sgx_ioctl.c b/drivers/platform/x86/intel_sgx_ioctl.c index e0e2f14..057f311 100644 --- a/drivers/platform/x86/intel_sgx_ioctl.c +++ b/drivers/platform/x86/intel_sgx_ioctl.c @@ -848,22 +848,6 @@ static int __sgx_encl_init(struct sgx_encl *encl, char *sigstruct, out: if (ret) { sgx_dbg(encl, "EINIT returned %d\n", ret); - switch (ret) { - case SGX_UNMASKED_EVENT: - ret = -EBUSY; - break; - case SGX_INVALID_SIG_STRUCT: - case SGX_INVALID_ATTRIBUTE: - case SGX_INVALID_MEASUREMENT: - case SGX_INVALID_SIGNATURE: - case SGX_INVALID_LICENSE: - case SGX_INVALID_CPUSVN: - ret = -EPERM; - break; - default: - ret = -EFAULT; - break; - } } else { encl->flags |= SGX_ENCL_INITIALIZED;
ENCLS(EINIT) instruction errors (during ENCLAVE_INIT ioctl call) are now returned without a change instead of being translated to OS generic errors. Documentation updated. Signed-off-by: Serge Ayoun <serge.ayoun@intel.com> --- Documentation/x86/intel_sgx.rst | 24 ++++++++++++++++++++++++ drivers/platform/x86/intel_sgx_ioctl.c | 16 ---------------- 2 files changed, 24 insertions(+), 16 deletions(-)