[v22,05/24] x86/sgx: Add ENCLS architectural error codes

Message ID	20190903142655.21943-6-jarkko.sakkinen@linux.intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=NgZr=W6=vger.kernel.org=linux-sgx-owner@kernel.org> From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-sgx@vger.kernel.org Cc: akpm@linux-foundation.org, dave.hansen@intel.com, sean.j.christopherson@intel.com, nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, haitao.huang@intel.com, andriy.shevchenko@linux.intel.com, tglx@linutronix.de, kai.svahn@intel.com, bp@alien8.de, josh@joshtriplett.org, luto@kernel.org, kai.huang@intel.com, rientjes@google.com, cedric.xing@intel.com, Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Subject: [PATCH v22 05/24] x86/sgx: Add ENCLS architectural error codes Date: Tue, 3 Sep 2019 17:26:36 +0300 Message-Id: <20190903142655.21943-6-jarkko.sakkinen@linux.intel.com> In-Reply-To: <20190903142655.21943-1-jarkko.sakkinen@linux.intel.com> References: <20190903142655.21943-1-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-sgx-owner@vger.kernel.org Precedence: bulk
Series	Intel SGX foundations \| expand [v22,00/24] Intel SGX foundations [v22,01/24] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits [v22,02/24] x86/cpufeatures: x86/msr: Intel SGX Launch Control hardware bits [v22,03/24] x86/mm: x86/sgx: Signal SIGSEGV with PF_SGX [v22,04/24] x86/cpu/intel: Detect SGX supprt [v22,05/24] x86/sgx: Add ENCLS architectural error codes [v22,06/24] x86/sgx: Add SGX microarchitectural data structures [v22,07/24] x86/sgx: Add wrappers for ENCLS leaf functions [v22,08/24] x86/sgx: Enumerate and track EPC sections [v22,09/24] x86/sgx: Add functions to allocate and free EPC pages [v22,10/24] x86/sgx: Add sgx_einit() for wrapping ENCLS[EINIT] [v22,11/24] mm: Introduce vm_ops->may_mprotect() [v22,12/24] x86/sgx: Linux Enclave Driver [v22,13/24] x86/sgx: Add provisioning [v22,14/24] x86/sgx: Add a page reclaimer [v22,15/24] x86/sgx: ptrace() support for the SGX driver [v22,16/24] x86/vdso: Add support for exception fixup in vDSO functions [v22,17/24] x86/fault: Add helper function to sanitize error code [v22,18/24] x86/traps: Attempt to fixup exceptions in vDSO before signaling [v22,19/24] x86/vdso: Add __vdso_sgx_enter_enclave() to wrap SGX enclave transitions [v22,20/24] selftests/x86: Add a selftest for SGX [v22,21/24] selftests/x86: Recurse into subdirectories [v22,22/24] x86/sgx: Update MAINTAINERS [v22,23/24] docs: x86/sgx: Document microarchitecture [v22,24/24] docs: x86/sgx: Document kernel internals

Message ID

20190903142655.21943-6-jarkko.sakkinen@linux.intel.com (mailing list archive)

State

New, archived

Headers

From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org,
        linux-sgx@vger.kernel.org
Cc: akpm@linux-foundation.org, dave.hansen@intel.com,
        sean.j.christopherson@intel.com, nhorman@redhat.com,
        npmccallum@redhat.com, serge.ayoun@intel.com,
        shay.katz-zamir@intel.com, haitao.huang@intel.com,
        andriy.shevchenko@linux.intel.com, tglx@linutronix.de,
        kai.svahn@intel.com, bp@alien8.de, josh@joshtriplett.org,
        luto@kernel.org, kai.huang@intel.com, rientjes@google.com,
        cedric.xing@intel.com,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Subject: [PATCH v22 05/24] x86/sgx: Add ENCLS architectural error codes
Date: Tue,  3 Sep 2019 17:26:36 +0300
Message-Id: <20190903142655.21943-6-jarkko.sakkinen@linux.intel.com>
In-Reply-To: <20190903142655.21943-1-jarkko.sakkinen@linux.intel.com>
References: <20190903142655.21943-1-jarkko.sakkinen@linux.intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-sgx-owner@vger.kernel.org
Precedence: bulk

Series

Intel SGX foundations | expand

Commit Message

Jarkko Sakkinen Sept. 3, 2019, 2:26 p.m. UTC

Document ENCLS architectural error codes. These error codes are returned by
the SGX opcodes. Make the header as part of the uapi so that they can be
used in some situations directly returned to the user space (ENCLS[EINIT]
leaf function error codes could be one potential use case).

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 arch/x86/include/uapi/asm/sgx_errno.h | 91 +++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 arch/x86/include/uapi/asm/sgx_errno.h

Comments

Borislav Petkov Sept. 27, 2019, 10:20 a.m. UTC | #1

On Tue, Sep 03, 2019 at 05:26:36PM +0300, Jarkko Sakkinen wrote:
> Document ENCLS architectural error codes. These error codes are returned by
> the SGX opcodes. Make the header as part of the uapi so that they can be
> used in some situations directly returned to the user space (ENCLS[EINIT]
> leaf function error codes could be one potential use case).
> 
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> ---
>  arch/x86/include/uapi/asm/sgx_errno.h | 91 +++++++++++++++++++++++++++
>  1 file changed, 91 insertions(+)
>  create mode 100644 arch/x86/include/uapi/asm/sgx_errno.h
> 
> diff --git a/arch/x86/include/uapi/asm/sgx_errno.h b/arch/x86/include/uapi/asm/sgx_errno.h
> new file mode 100644
> index 000000000000..48b87aed58d7
> --- /dev/null
> +++ b/arch/x86/include/uapi/asm/sgx_errno.h
> @@ -0,0 +1,91 @@
> +/* SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause */
> +/*
> + * Copyright(c) 2018 Intel Corporation.
> + *
> + * Contains the architecturally defined error codes that are returned by SGX
> + * instructions, e.g. ENCLS, and may be propagated to userspace via errno.
> + */
> +
> +#ifndef _UAPI_ASM_X86_SGX_ERRNO_H
> +#define _UAPI_ASM_X86_SGX_ERRNO_H
> +
> +/**
> + * enum sgx_encls_leaves - return codes for ENCLS, ENCLU and ENCLV
> + * %SGX_SUCCESS:		No error.
> + * %SGX_INVALID_SIG_STRUCT:	SIGSTRUCT contains an invalid value.
> + * %SGX_INVALID_ATTRIBUTE:	Enclave is not attempting to access a resource

That first "not" looks wrong.

> + *				for which it is not authorized.
> + * %SGX_BLKSTATE:		EPC page is already blocked.
> + * %SGX_INVALID_MEASUREMENT:	SIGSTRUCT or EINITTOKEN contains an incorrect
> + *				measurement.
> + * %SGX_NOTBLOCKABLE:		EPC page type is not one which can be blocked.
> + * %SGX_PG_INVLD:		EPC page is invalid (and cannot be blocked).
> + * %SGX_EPC_PAGE_CONFLICT:	EPC page in use by another SGX instruction.
> + * %SGX_INVALID_SIGNATURE:	Enclave's signature does not validate with
> + *				public key enclosed in SIGSTRUCT.
> + * %SGX_MAC_COMPARE_FAIL:	MAC check failed when reloading EPC page.
> + * %SGX_PAGE_NOT_BLOCKED:	EPC page is not marked as blocked.
> + * %SGX_NOT_TRACKED:		ETRACK has not been completed on the EPC page.
> + * %SGX_VA_SLOT_OCCUPIED:	Version array slot contains a valid entry.
> + * %SGX_CHILD_PRESENT:		Enclave has child pages present in the EPC.
> + * %SGX_ENCLAVE_ACT:		Logical processors are currently executing
> + *				inside the enclave.
> + * %SGX_ENTRYEPOCH_LOCKED:	SECS locked for EPOCH update, i.e. an ETRACK is
> + *				currently executing on the SECS.
> + * %SGX_INVALID_EINITTOKEN:	EINITTOKEN is invalid and enclave signer's
> + *				public key does not match IA32_SGXLEPUBKEYHASH.
> + * %SGX_PREV_TRK_INCMPL:	All processors did not complete the previous
> + *				tracking sequence.
> + * %SGX_PG_IS_SECS:		Target EPC page is an SECS and cannot be
> + *				blocked.
> + * %SGX_PAGE_ATTRIBUTES_MISMATCH:	Attributes of the EPC page do not match
> + *					the expected values.

You sometimes call it "PG" and sometimes "PAGE". Unify?

> + * %SGX_PAGE_NOT_MODIFIABLE:	EPC page cannot be modified because it is in
> + *				the PENDING or MODIFIED state.
> + * %SGX_PAGE_NOT_DEBUGGABLE:	EPC page cannot be modified because it is in
> + *				the PENDING or MODIFIED state.

Same description text?

...

Jarkko Sakkinen Sept. 27, 2019, 4:08 p.m. UTC | #2

On Fri, Sep 27, 2019 at 12:20:13PM +0200, Borislav Petkov wrote:
> On Tue, Sep 03, 2019 at 05:26:36PM +0300, Jarkko Sakkinen wrote:
> > Document ENCLS architectural error codes. These error codes are returned by
> > the SGX opcodes. Make the header as part of the uapi so that they can be
> > used in some situations directly returned to the user space (ENCLS[EINIT]
> > leaf function error codes could be one potential use case).
> > 
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com>
> > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> > ---
> >  arch/x86/include/uapi/asm/sgx_errno.h | 91 +++++++++++++++++++++++++++
> >  1 file changed, 91 insertions(+)
> >  create mode 100644 arch/x86/include/uapi/asm/sgx_errno.h
> > 
> > diff --git a/arch/x86/include/uapi/asm/sgx_errno.h b/arch/x86/include/uapi/asm/sgx_errno.h
> > new file mode 100644
> > index 000000000000..48b87aed58d7
> > --- /dev/null
> > +++ b/arch/x86/include/uapi/asm/sgx_errno.h
> > @@ -0,0 +1,91 @@
> > +/* SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause */
> > +/*
> > + * Copyright(c) 2018 Intel Corporation.
> > + *
> > + * Contains the architecturally defined error codes that are returned by SGX
> > + * instructions, e.g. ENCLS, and may be propagated to userspace via errno.
> > + */
> > +
> > +#ifndef _UAPI_ASM_X86_SGX_ERRNO_H
> > +#define _UAPI_ASM_X86_SGX_ERRNO_H
> > +
> > +/**
> > + * enum sgx_encls_leaves - return codes for ENCLS, ENCLU and ENCLV
> > + * %SGX_SUCCESS:		No error.
> > + * %SGX_INVALID_SIG_STRUCT:	SIGSTRUCT contains an invalid value.
> > + * %SGX_INVALID_ATTRIBUTE:	Enclave is not attempting to access a resource
> 
> That first "not" looks wrong.
> 
> > + *				for which it is not authorized.
> > + * %SGX_BLKSTATE:		EPC page is already blocked.
> > + * %SGX_INVALID_MEASUREMENT:	SIGSTRUCT or EINITTOKEN contains an incorrect
> > + *				measurement.
> > + * %SGX_NOTBLOCKABLE:		EPC page type is not one which can be blocked.
> > + * %SGX_PG_INVLD:		EPC page is invalid (and cannot be blocked).
> > + * %SGX_EPC_PAGE_CONFLICT:	EPC page in use by another SGX instruction.
> > + * %SGX_INVALID_SIGNATURE:	Enclave's signature does not validate with
> > + *				public key enclosed in SIGSTRUCT.
> > + * %SGX_MAC_COMPARE_FAIL:	MAC check failed when reloading EPC page.
> > + * %SGX_PAGE_NOT_BLOCKED:	EPC page is not marked as blocked.
> > + * %SGX_NOT_TRACKED:		ETRACK has not been completed on the EPC page.
> > + * %SGX_VA_SLOT_OCCUPIED:	Version array slot contains a valid entry.
> > + * %SGX_CHILD_PRESENT:		Enclave has child pages present in the EPC.
> > + * %SGX_ENCLAVE_ACT:		Logical processors are currently executing
> > + *				inside the enclave.
> > + * %SGX_ENTRYEPOCH_LOCKED:	SECS locked for EPOCH update, i.e. an ETRACK is
> > + *				currently executing on the SECS.
> > + * %SGX_INVALID_EINITTOKEN:	EINITTOKEN is invalid and enclave signer's
> > + *				public key does not match IA32_SGXLEPUBKEYHASH.
> > + * %SGX_PREV_TRK_INCMPL:	All processors did not complete the previous
> > + *				tracking sequence.
> > + * %SGX_PG_IS_SECS:		Target EPC page is an SECS and cannot be
> > + *				blocked.
> > + * %SGX_PAGE_ATTRIBUTES_MISMATCH:	Attributes of the EPC page do not match
> > + *					the expected values.
> 
> You sometimes call it "PG" and sometimes "PAGE". Unify?
> 
> > + * %SGX_PAGE_NOT_MODIFIABLE:	EPC page cannot be modified because it is in
> > + *				the PENDING or MODIFIED state.
> > + * %SGX_PAGE_NOT_DEBUGGABLE:	EPC page cannot be modified because it is in
> > + *				the PENDING or MODIFIED state.
> 
> Same description text?

Thanks for the remarks. I think I define only the error codes in the
next version that actually get used by the driver and document them
properly. Should become way more cleaner.

/Jarkko

Sean Christopherson Sept. 27, 2019, 5:20 p.m. UTC | #3

On Fri, Sep 27, 2019 at 07:08:42PM +0300, Jarkko Sakkinen wrote:
> On Fri, Sep 27, 2019 at 12:20:13PM +0200, Borislav Petkov wrote:
> > On Tue, Sep 03, 2019 at 05:26:36PM +0300, Jarkko Sakkinen wrote:
> > > Document ENCLS architectural error codes. These error codes are returned by
> > > the SGX opcodes. Make the header as part of the uapi so that they can be
> > > used in some situations directly returned to the user space (ENCLS[EINIT]
> > > leaf function error codes could be one potential use case).
> > > 
> > > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > > Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com>
> > > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> > > ---
> > >  arch/x86/include/uapi/asm/sgx_errno.h | 91 +++++++++++++++++++++++++++
> > >  1 file changed, 91 insertions(+)
> > >  create mode 100644 arch/x86/include/uapi/asm/sgx_errno.h
> > > 
> > > diff --git a/arch/x86/include/uapi/asm/sgx_errno.h b/arch/x86/include/uapi/asm/sgx_errno.h
> > > new file mode 100644
> > > index 000000000000..48b87aed58d7
> > > --- /dev/null
> > > +++ b/arch/x86/include/uapi/asm/sgx_errno.h
> > > @@ -0,0 +1,91 @@
> > > +/* SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause */
> > > +/*
> > > + * Copyright(c) 2018 Intel Corporation.
> > > + *
> > > + * Contains the architecturally defined error codes that are returned by SGX
> > > + * instructions, e.g. ENCLS, and may be propagated to userspace via errno.
> > > + */
> > > +
> > > +#ifndef _UAPI_ASM_X86_SGX_ERRNO_H
> > > +#define _UAPI_ASM_X86_SGX_ERRNO_H
> > > +
> > > +/**
> > > + * enum sgx_encls_leaves - return codes for ENCLS, ENCLU and ENCLV
> > > + * %SGX_SUCCESS:		No error.
> > > + * %SGX_INVALID_SIG_STRUCT:	SIGSTRUCT contains an invalid value.
> > > + * %SGX_INVALID_ATTRIBUTE:	Enclave is not attempting to access a resource
> > 
> > That first "not" looks wrong.
> > 
> > > + *				for which it is not authorized.
> > > + * %SGX_BLKSTATE:		EPC page is already blocked.
> > > + * %SGX_INVALID_MEASUREMENT:	SIGSTRUCT or EINITTOKEN contains an incorrect
> > > + *				measurement.
> > > + * %SGX_NOTBLOCKABLE:		EPC page type is not one which can be blocked.
> > > + * %SGX_PG_INVLD:		EPC page is invalid (and cannot be blocked).
> > > + * %SGX_EPC_PAGE_CONFLICT:	EPC page in use by another SGX instruction.
> > > + * %SGX_INVALID_SIGNATURE:	Enclave's signature does not validate with
> > > + *				public key enclosed in SIGSTRUCT.
> > > + * %SGX_MAC_COMPARE_FAIL:	MAC check failed when reloading EPC page.
> > > + * %SGX_PAGE_NOT_BLOCKED:	EPC page is not marked as blocked.
> > > + * %SGX_NOT_TRACKED:		ETRACK has not been completed on the EPC page.
> > > + * %SGX_VA_SLOT_OCCUPIED:	Version array slot contains a valid entry.
> > > + * %SGX_CHILD_PRESENT:		Enclave has child pages present in the EPC.
> > > + * %SGX_ENCLAVE_ACT:		Logical processors are currently executing
> > > + *				inside the enclave.
> > > + * %SGX_ENTRYEPOCH_LOCKED:	SECS locked for EPOCH update, i.e. an ETRACK is
> > > + *				currently executing on the SECS.
> > > + * %SGX_INVALID_EINITTOKEN:	EINITTOKEN is invalid and enclave signer's
> > > + *				public key does not match IA32_SGXLEPUBKEYHASH.
> > > + * %SGX_PREV_TRK_INCMPL:	All processors did not complete the previous
> > > + *				tracking sequence.
> > > + * %SGX_PG_IS_SECS:		Target EPC page is an SECS and cannot be
> > > + *				blocked.
> > > + * %SGX_PAGE_ATTRIBUTES_MISMATCH:	Attributes of the EPC page do not match
> > > + *					the expected values.
> > 
> > You sometimes call it "PG" and sometimes "PAGE". Unify?

We pulled the names verbatim from the SDM.  I agree that diverging from
the SDM makes sense.  I'll also see if the SDM can be updated to use
consistent names.

> > > + * %SGX_PAGE_NOT_MODIFIABLE:	EPC page cannot be modified because it is in
> > > + *				the PENDING or MODIFIED state.
> > > + * %SGX_PAGE_NOT_DEBUGGABLE:	EPC page cannot be modified because it is in
> > > + *				the PENDING or MODIFIED state.
> > 
> > Same description text?
> 
> Thanks for the remarks. I think I define only the error codes in the
> next version that actually get used by the driver and document them
> properly. Should become way more cleaner.

Please keep all error codes.  For errors that inevitably occur during
development, it's very helpful to have the complete list in the kernel
(well, reasonably complete).  I hate having to open and search through the
SDM just to decipher a random numeric error code.

Jarkko Sakkinen Oct. 1, 2019, 8:23 p.m. UTC | #4

On Fri, Sep 27, 2019 at 10:20:12AM -0700, Sean Christopherson wrote:
> Please keep all error codes.  For errors that inevitably occur during
> development, it's very helpful to have the complete list in the kernel
> (well, reasonably complete).  I hate having to open and search through the
> SDM just to decipher a random numeric error code.

Unfortunately I choose here the otherwise because they serve no semantic
purpose. That is clutter by definition.

What I do is that when there is a new version of SDM I just print to
pages defining the error codes. I also keep manual "sdm-3d.pdf" all the
time open in Firefox.

I can understand your grief if you have a single PDF SDM but the purpose
of Linux GIT tree is not to fix your workflows :-) You can easily fix
them yourself.

/Jarkko

diff --git a/arch/x86/include/uapi/asm/sgx_errno.h b/arch/x86/include/uapi/asm/sgx_errno.h
new file mode 100644
index 000000000000..48b87aed58d7
--- /dev/null
+++ b/arch/x86/include/uapi/asm/sgx_errno.h
@@ -0,0 +1,91 @@ 
+/* SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause */
+/*
+ * Copyright(c) 2018 Intel Corporation.
+ *
+ * Contains the architecturally defined error codes that are returned by SGX
+ * instructions, e.g. ENCLS, and may be propagated to userspace via errno.
+ */
+
+#ifndef _UAPI_ASM_X86_SGX_ERRNO_H
+#define _UAPI_ASM_X86_SGX_ERRNO_H
+
+/**
+ * enum sgx_encls_leaves - return codes for ENCLS, ENCLU and ENCLV
+ * %SGX_SUCCESS:		No error.
+ * %SGX_INVALID_SIG_STRUCT:	SIGSTRUCT contains an invalid value.
+ * %SGX_INVALID_ATTRIBUTE:	Enclave is not attempting to access a resource
+ *				for which it is not authorized.
+ * %SGX_BLKSTATE:		EPC page is already blocked.
+ * %SGX_INVALID_MEASUREMENT:	SIGSTRUCT or EINITTOKEN contains an incorrect
+ *				measurement.
+ * %SGX_NOTBLOCKABLE:		EPC page type is not one which can be blocked.
+ * %SGX_PG_INVLD:		EPC page is invalid (and cannot be blocked).
+ * %SGX_EPC_PAGE_CONFLICT:	EPC page in use by another SGX instruction.
+ * %SGX_INVALID_SIGNATURE:	Enclave's signature does not validate with
+ *				public key enclosed in SIGSTRUCT.
+ * %SGX_MAC_COMPARE_FAIL:	MAC check failed when reloading EPC page.
+ * %SGX_PAGE_NOT_BLOCKED:	EPC page is not marked as blocked.
+ * %SGX_NOT_TRACKED:		ETRACK has not been completed on the EPC page.
+ * %SGX_VA_SLOT_OCCUPIED:	Version array slot contains a valid entry.
+ * %SGX_CHILD_PRESENT:		Enclave has child pages present in the EPC.
+ * %SGX_ENCLAVE_ACT:		Logical processors are currently executing
+ *				inside the enclave.
+ * %SGX_ENTRYEPOCH_LOCKED:	SECS locked for EPOCH update, i.e. an ETRACK is
+ *				currently executing on the SECS.
+ * %SGX_INVALID_EINITTOKEN:	EINITTOKEN is invalid and enclave signer's
+ *				public key does not match IA32_SGXLEPUBKEYHASH.
+ * %SGX_PREV_TRK_INCMPL:	All processors did not complete the previous
+ *				tracking sequence.
+ * %SGX_PG_IS_SECS:		Target EPC page is an SECS and cannot be
+ *				blocked.
+ * %SGX_PAGE_ATTRIBUTES_MISMATCH:	Attributes of the EPC page do not match
+ *					the expected values.
+ * %SGX_PAGE_NOT_MODIFIABLE:	EPC page cannot be modified because it is in
+ *				the PENDING or MODIFIED state.
+ * %SGX_PAGE_NOT_DEBUGGABLE:	EPC page cannot be modified because it is in
+ *				the PENDING or MODIFIED state.
+ * %SGX_INVALID_COUNTER:	{In,De}crementing a counter would cause it to
+ *				{over,under}flow.
+ * %SGX_PG_NONEPC:		Target page is not an EPC page.
+ * %SGX_TRACK_NOT_REQUIRED:	Target page type does not require tracking.
+ * %SGX_INVALID_CPUSVN:		Security version number reported by CPU is less
+ *				than what is required by the enclave.
+ * %SGX_INVALID_ISVSVN:		Security version number of enclave is less than
+ *				what is required by the KEYREQUEST struct.
+ * %SGX_UNMASKED_EVENT:		An unmasked event, e.g. INTR, was received
+ *				while the instruction was executing.
+ * %SGX_INVALID_KEYNAME:	Requested key is not supported by hardware.
+ */
+enum sgx_return_codes {
+	SGX_SUCCESS			= 0,
+	SGX_INVALID_SIG_STRUCT		= 1,
+	SGX_INVALID_ATTRIBUTE		= 2,
+	SGX_BLKSTATE			= 3,
+	SGX_INVALID_MEASUREMENT		= 4,
+	SGX_NOTBLOCKABLE		= 5,
+	SGX_PG_INVLD			= 6,
+	SGX_EPC_PAGE_CONFLICT		= 7,
+	SGX_INVALID_SIGNATURE		= 8,
+	SGX_MAC_COMPARE_FAIL		= 9,
+	SGX_PAGE_NOT_BLOCKED		= 10,
+	SGX_NOT_TRACKED			= 11,
+	SGX_VA_SLOT_OCCUPIED		= 12,
+	SGX_CHILD_PRESENT		= 13,
+	SGX_ENCLAVE_ACT			= 14,
+	SGX_ENTRYEPOCH_LOCKED		= 15,
+	SGX_INVALID_EINITTOKEN		= 16,
+	SGX_PREV_TRK_INCMPL		= 17,
+	SGX_PG_IS_SECS			= 18,
+	SGX_PAGE_ATTRIBUTES_MISMATCH	= 19,
+	SGX_PAGE_NOT_MODIFIABLE		= 20,
+	SGX_PAGE_NOT_DEBUGGABLE		= 21,
+	SGX_INVALID_COUNTER		= 25,
+	SGX_PG_NONEPC			= 26,
+	SGX_TRACK_NOT_REQUIRED		= 27,
+	SGX_INVALID_CPUSVN		= 32,
+	SGX_INVALID_ISVSVN		= 64,
+	SGX_UNMASKED_EVENT		= 128,
+	SGX_INVALID_KEYNAME		= 256,
+};
+
+#endif /* _UAPI_ASM_X86_SGX_ERRNO_H */

[v22,05/24] x86/sgx: Add ENCLS architectural error codes

Commit Message

Comments

Patch