4:48 a.m.
ENCLS(EINIT) instruction errors (during ENCLAVE_INIT ioctl call) are
now returned without a change instead of being translated to OS
generic errors. Documentation updated.
Signed-off-by: Serge Ayoun <serge.ayoun(a)intel.com>
---
Documentation/x86/intel_sgx.rst | 24 ++++++++++++++++++++++++
drivers/platform/x86/intel_sgx_ioctl.c | 16 ----------------
2 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/Documentation/x86/intel_sgx.rst b/Documentation/x86/intel_sgx.rst
index fb2f9df..1825c92 100644
--- a/Documentation/x86/intel_sgx.rst
+++ b/Documentation/x86/intel_sgx.rst
@@ -85,6 +85,29 @@ by using the ENCLS(EDBGRD) and ENCLS(EDBGWR) opcodes. The Intel
provided launch
enclave provides them always a valid EINITTOKEN and therefore they are a low
hanging fruit way to try out SGX.
+SGX_IOC_ENCLAVE_INIT Description:
+================================
+
+The SGX_IOC_ENCLAVE_INIT ioctl has a different behavior than the others: its
+return value may reflect the possible error returned by the ENCLS(EINIT)
+instruction:
+
+0x0: success
+0x1: (SGX_INVALID_SIG_STRUCT) the sigstruct has an invalid field
+0x2: (SGX_INVALID_ATTRIBUTE) the token or the sigstruct have an
+ unexpected or wrong attribute, mask or signer
+0x4: (SGX_INVALID_MEASUREMENT) the token or the sigstruct has an invalid
+ measurement
+0x8: (SGX_INVALID_SIGNATURE) signature validation check has failed
+0x10: (SGX_INVALID_LICENSE) The token license validation has failed
+0x20: (SGX_INVALID_CPUSVN) The token cpu svn used is not supported by
+ current cpu
+0x80: (SGX_UNMASKED_EVENT) system too busy to perform EINIT
+0x40000000: (SGX_POWER_LOSS) A sleep transition has occurred and the
+ enclave is not valid anymore
+0x40000001: (SGX_LE_ROLLBACK) The launch enclave isv svn of the the
+ license is not supported
+
SGX uapi
========
@@ -94,3 +117,4 @@ SGX uapi
sgx_ioc_enclave_init
.. kernel-doc:: arch/x86/include/uapi/asm/sgx.h
+
diff --git a/drivers/platform/x86/intel_sgx_ioctl.c
b/drivers/platform/x86/intel_sgx_ioctl.c
index e0e2f14..057f311 100644
--- a/drivers/platform/x86/intel_sgx_ioctl.c
+++ b/drivers/platform/x86/intel_sgx_ioctl.c
@@ -848,22 +848,6 @@ static int __sgx_encl_init(struct sgx_encl *encl, char *sigstruct,
out:
if (ret) {
sgx_dbg(encl, "EINIT returned %d\n", ret);
- switch (ret) {
- case SGX_UNMASKED_EVENT:
- ret = -EBUSY;
- break;
- case SGX_INVALID_SIG_STRUCT:
- case SGX_INVALID_ATTRIBUTE:
- case SGX_INVALID_MEASUREMENT:
- case SGX_INVALID_SIGNATURE:
- case SGX_INVALID_LICENSE:
- case SGX_INVALID_CPUSVN:
- ret = -EPERM;
- break;
- default:
- ret = -EFAULT;
- break;
- }
} else {
encl->flags |= SGX_ENCL_INITIALIZED;
--
1.9.1
---------------------------------------------------------------------
Intel Israel (74) Limited
This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
1:12 a.m.
On Thu, Mar 30, 2017 at 02:48:22PM +0300, Serge Ayoun wrote:
ENCLS(EINIT) instruction errors (during ENCLAVE_INIT ioctl call) are
now returned without a change instead of being translated to OS
generic errors. Documentation updated.
Signed-off-by: Serge Ayoun <serge.ayoun(a)intel.com>
---
Documentation/x86/intel_sgx.rst | 24 ++++++++++++++++++++++++
drivers/platform/x86/intel_sgx_ioctl.c | 16 ----------------
2 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/Documentation/x86/intel_sgx.rst b/Documentation/x86/intel_sgx.rst
index fb2f9df..1825c92 100644
--- a/Documentation/x86/intel_sgx.rst
+++ b/Documentation/x86/intel_sgx.rst
@@ -85,6 +85,29 @@ by using the ENCLS(EDBGRD) and ENCLS(EDBGWR) opcodes. The Intel
provided launch
enclave provides them always a valid EINITTOKEN and therefore they are a low
hanging fruit way to try out SGX.
+SGX_IOC_ENCLAVE_INIT Description:
+================================
+
+The SGX_IOC_ENCLAVE_INIT ioctl has a different behavior than the others: its
+return value may reflect the possible error returned by the ENCLS(EINIT)
+instruction:
+
+0x0: success
+0x1: (SGX_INVALID_SIG_STRUCT) the sigstruct has an invalid field
+0x2: (SGX_INVALID_ATTRIBUTE) the token or the sigstruct have an
+ unexpected or wrong attribute, mask or signer
+0x4: (SGX_INVALID_MEASUREMENT) the token or the sigstruct has an invalid
+ measurement
+0x8: (SGX_INVALID_SIGNATURE) signature validation check has failed
+0x10: (SGX_INVALID_LICENSE) The token license validation has failed
+0x20: (SGX_INVALID_CPUSVN) The token cpu svn used is not supported by
+ current cpu
+0x80: (SGX_UNMASKED_EVENT) system too busy to perform EINIT
+0x40000000: (SGX_POWER_LOSS) A sleep transition has occurred and the
+ enclave is not valid anymore
+0x40000001: (SGX_LE_ROLLBACK) The launch enclave isv svn of the the
+ license is not supported
+
The return values should be documented into the documentation comment in
intel_sgx_ioctl.c.
I'll propose the following for this particular fix. I'll take your code
change and take care of updating documentation.
/Jarkko
11:35 a.m.
It's now squashed.
/Jarkko
On Thu, Mar 30, 2017 at 02:48:22PM +0300, Serge Ayoun wrote:
ENCLS(EINIT) instruction errors (during ENCLAVE_INIT ioctl call) are
now returned without a change instead of being translated to OS
generic errors. Documentation updated.
Signed-off-by: Serge Ayoun <serge.ayoun(a)intel.com>
---
Documentation/x86/intel_sgx.rst | 24 ++++++++++++++++++++++++
drivers/platform/x86/intel_sgx_ioctl.c | 16 ----------------
2 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/Documentation/x86/intel_sgx.rst b/Documentation/x86/intel_sgx.rst
index fb2f9df..1825c92 100644
--- a/Documentation/x86/intel_sgx.rst
+++ b/Documentation/x86/intel_sgx.rst
@@ -85,6 +85,29 @@ by using the ENCLS(EDBGRD) and ENCLS(EDBGWR) opcodes. The Intel
provided launch
enclave provides them always a valid EINITTOKEN and therefore they are a low
hanging fruit way to try out SGX.
+SGX_IOC_ENCLAVE_INIT Description:
+================================
+
+The SGX_IOC_ENCLAVE_INIT ioctl has a different behavior than the others: its
+return value may reflect the possible error returned by the ENCLS(EINIT)
+instruction:
+
+0x0: success
+0x1: (SGX_INVALID_SIG_STRUCT) the sigstruct has an invalid field
+0x2: (SGX_INVALID_ATTRIBUTE) the token or the sigstruct have an
+ unexpected or wrong attribute, mask or signer
+0x4: (SGX_INVALID_MEASUREMENT) the token or the sigstruct has an invalid
+ measurement
+0x8: (SGX_INVALID_SIGNATURE) signature validation check has failed
+0x10: (SGX_INVALID_LICENSE) The token license validation has failed
+0x20: (SGX_INVALID_CPUSVN) The token cpu svn used is not supported by
+ current cpu
+0x80: (SGX_UNMASKED_EVENT) system too busy to perform EINIT
+0x40000000: (SGX_POWER_LOSS) A sleep transition has occurred and the
+ enclave is not valid anymore
+0x40000001: (SGX_LE_ROLLBACK) The launch enclave isv svn of the the
+ license is not supported
+
SGX uapi
========
@@ -94,3 +117,4 @@ SGX uapi
sgx_ioc_enclave_init
.. kernel-doc:: arch/x86/include/uapi/asm/sgx.h
+
diff --git a/drivers/platform/x86/intel_sgx_ioctl.c
b/drivers/platform/x86/intel_sgx_ioctl.c
index e0e2f14..057f311 100644
--- a/drivers/platform/x86/intel_sgx_ioctl.c
+++ b/drivers/platform/x86/intel_sgx_ioctl.c
@@ -848,22 +848,6 @@ static int __sgx_encl_init(struct sgx_encl *encl, char *sigstruct,
out:
if (ret) {
sgx_dbg(encl, "EINIT returned %d\n", ret);
- switch (ret) {
- case SGX_UNMASKED_EVENT:
- ret = -EBUSY;
- break;
- case SGX_INVALID_SIG_STRUCT:
- case SGX_INVALID_ATTRIBUTE:
- case SGX_INVALID_MEASUREMENT:
- case SGX_INVALID_SIGNATURE:
- case SGX_INVALID_LICENSE:
- case SGX_INVALID_CPUSVN:
- ret = -EPERM;
- break;
- default:
- ret = -EFAULT;
- break;
- }
} else {
encl->flags |= SGX_ENCL_INITIALIZED;
--
1.9.1
---------------------------------------------------------------------
Intel Israel (74) Limited
This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
_______________________________________________
intel-sgx-kernel-dev mailing list
intel-sgx-kernel-dev(a)lists.01.org
https://lists.01.org/mailman/listinfo/intel-sgx-kernel-dev
1917
days inactive
1918
days old
intel-sgx-kernel-dev@lists.01.org
2 comments
2 participants
participants (2)
-
Jarkko Sakkinen -
Serge Ayoun