| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DM8PR11MB5750515E878BAC6199882330E723A@DM8PR11MB5750.namprd11.prod.outlook.com>
Date: Mon, 4 Aug 2025 07:21:09 +0000
From: "Reshetova, Elena" <elena.reshetova@...el.com>
To: "Hansen, Dave" <dave.hansen@...el.com>
CC: "jarkko@...nel.org" <jarkko@...nel.org>, "seanjc@...gle.com"
<seanjc@...gle.com>, "Huang, Kai" <kai.huang@...el.com>, "mingo@...nel.org"
<mingo@...nel.org>, "linux-sgx@...r.kernel.org" <linux-sgx@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"x86@...nel.org" <x86@...nel.org>, "Mallick, Asit K"
<asit.k.mallick@...el.com>, "Scarlata, Vincent R"
<vincent.r.scarlata@...el.com>, "Cai, Chong" <chongc@...gle.com>, "Aktas,
Erdem" <erdemaktas@...gle.com>, "Annapurve, Vishal" <vannapurve@...gle.com>,
"Bondarevska, Nataliia" <bondarn@...gle.com>, "Raynor, Scott"
<scott.raynor@...el.com>
Subject: RE: [PATCH v10 4/6] x86/sgx: Define error codes for use by
ENCLS[EUPDATESVN]
> -----Original Message-----
> From: Hansen, Dave <dave.hansen@...el.com>
> Sent: Friday, August 1, 2025 7:57 PM
> To: Reshetova, Elena <elena.reshetova@...el.com>
> Cc: jarkko@...nel.org; seanjc@...gle.com; Huang, Kai
> <kai.huang@...el.com>; mingo@...nel.org; linux-sgx@...r.kernel.org; linux-
> kernel@...r.kernel.org; x86@...nel.org; Mallick, Asit K
> <asit.k.mallick@...el.com>; Scarlata, Vincent R <vincent.r.scarlata@...el.com>;
> Cai, Chong <chongc@...gle.com>; Aktas, Erdem <erdemaktas@...gle.com>;
> Annapurve, Vishal <vannapurve@...gle.com>; Bondarevska, Nataliia
> <bondarn@...gle.com>; Raynor, Scott <scott.raynor@...el.com>
> Subject: Re: [PATCH v10 4/6] x86/sgx: Define error codes for use by
> ENCLS[EUPDATESVN]
>
> On 8/1/25 04:25, Elena Reshetova wrote:
> > Add error codes for ENCLS[EUPDATESVN], then SGX CPUSVN update
> > process can know the execution state of EUPDATESVN and notify
> > userspace.
> >
> > Signed-off-by: Elena Reshetova <elena.reshetova@...el.com>
> > ---
> > arch/x86/include/asm/sgx.h | 37 ++++++++++++++++++++++---------------
> > 1 file changed, 22 insertions(+), 15 deletions(-)
> >
> > diff --git a/arch/x86/include/asm/sgx.h b/arch/x86/include/asm/sgx.h
> > index 6a0069761508..1abf1461fab6 100644
> > --- a/arch/x86/include/asm/sgx.h
> > +++ b/arch/x86/include/asm/sgx.h
> > @@ -28,21 +28,22 @@
> > #define SGX_CPUID_EPC_MASK GENMASK(3, 0)
> >
> > enum sgx_encls_function {
> > - ECREATE = 0x00,
> > - EADD = 0x01,
> > - EINIT = 0x02,
> > - EREMOVE = 0x03,
> > - EDGBRD = 0x04,
> > - EDGBWR = 0x05,
> > - EEXTEND = 0x06,
> > - ELDU = 0x08,
> > - EBLOCK = 0x09,
> > - EPA = 0x0A,
> > - EWB = 0x0B,
> > - ETRACK = 0x0C,
> > - EAUG = 0x0D,
> > - EMODPR = 0x0E,
> > - EMODT = 0x0F,
> > + ECREATE = 0x00,
> > + EADD = 0x01,
> > + EINIT = 0x02,
> > + EREMOVE = 0x03,
> > + EDGBRD = 0x04,
> > + EDGBWR = 0x05,
> > + EEXTEND = 0x06,
> > + ELDU = 0x08,
> > + EBLOCK = 0x09,
> > + EPA = 0x0A,
> > + EWB = 0x0B,
> > + ETRACK = 0x0C,
> > + EAUG = 0x0D,
> > + EMODPR = 0x0E,
> > + EMODT = 0x0F,
> > + EUPDATESVN = 0x18,
> > };
>
> This update is not consistent with the changelog nor the patch subject.
I can remove the alignment fix.
>
> > /**
> > @@ -73,6 +74,10 @@ enum sgx_encls_function {
> > * public key does not match
> IA32_SGXLEPUBKEYHASH.
> > * %SGX_PAGE_NOT_MODIFIABLE: The EPC page cannot be modified
> because it
> > * is in the PENDING or MODIFIED state.
> > + * %SGX_INSUFFICIENT_ENTROPY: Insufficient entropy in RNG.
> > + * %SGX_NO_UPDATE: EUPDATESVN was successful, but
> CPUSVN was not
> > + * updated because current SVN was not newer
> than
> > + * CPUSVN.
>
> This comment bothers me. This is an *ERROR* code. It means that
> EUPDATESVN was *NOT* successful. It failed. It didn't do an update.
>
> Now, it's not a _bad_ error code. It's kinda like read() returning 0.
> It's a "no harm no foul" kind of thing. But it's *NOT* success.
Yes, agree on both.
>
> Ideally, we find a way to relay this in a very succinct way.
Could you please elaborate what you mean by this?
Changing the description? The name or?
Best Regards,
Elena.
Powered by blists - more mailing lists