Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.0/patches/2197504/?format=api
{ "id": 2197504, "url": "http://patchwork.ozlabs.org/api/1.0/patches/2197504/?format=api", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/1.0/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20260218015151.4052-3-graf@amazon.com>", "date": "2026-02-18T01:51:42", "name": "[02/10] linux-headers: Add nitro_enclaves.h", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "0432dd35cbb7d796b851e0163dea519fd32444ea", "submitter": { "id": 76572, "url": "http://patchwork.ozlabs.org/api/1.0/people/76572/?format=api", "name": "Alexander Graf", "email": "graf@amazon.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260218015151.4052-3-graf@amazon.com/mbox/", "series": [ { "id": 492503, "url": "http://patchwork.ozlabs.org/api/1.0/series/492503/?format=api", "date": "2026-02-18T01:51:40", "name": "Native Nitro Enclaves support", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/492503/mbox/" } ], "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2197504/checks/", "tags": {}, "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=amazon.com header.i=@amazon.com header.a=rsa-sha256\n header.s=amazoncorp2 header.b=HGNKdO3I;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fG00Y23Xdz1xwC\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 18 Feb 2026 12:53:33 +1100 (AEDT)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vsWjk-0007Aj-Dl; Tue, 17 Feb 2026 20:52:20 -0500", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <prvs=502105d20=graf@amazon.de>)\n id 1vsWjY-00077l-TN; Tue, 17 Feb 2026 20:52:10 -0500", "from pdx-out-005.esa.us-west-2.outbound.mail-perimeter.amazon.com\n ([52.13.214.179])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <prvs=502105d20=graf@amazon.de>)\n id 1vsWjW-0004Yi-Da; Tue, 17 Feb 2026 20:52:08 -0500", "from ip-10-5-0-115.us-west-2.compute.internal (HELO\n smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.0.115])\n by internal-pdx-out-005.esa.us-west-2.outbound.mail-perimeter.amazon.com with\n ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2026 01:52:01 +0000", "from EX19MTAUWA001.ant.amazon.com [205.251.233.182:1796]\n by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.14.39:2525]\n with esmtp (Farcaster)\n id 5097c958-82f7-4ad6-b0fd-8686e47214c8;\n Wed, 18 Feb 2026 01:52:01 +0000 (UTC)", "from EX19D020UWC004.ant.amazon.com (10.13.138.149) by\n EX19MTAUWA001.ant.amazon.com (10.250.64.204) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;\n Wed, 18 Feb 2026 01:52:00 +0000", "from ip-10-253-83-51.amazon.com (172.19.99.218) by\n EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;\n Wed, 18 Feb 2026 01:51:58 +0000" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2;\n t=1771379526; x=1802915526;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=yGwpH6mNXADUzH7l283Vcqo8pTgMS9qPjwIVA1ZPJ58=;\n b=HGNKdO3IhkUHGD8WlAcm16esybqRAf13/jjrGHFY7JxI6PJYQ772bxRO\n Vuph6zyvj2FPBrdF5C+6Tzfus44kS2c/7Rjy8EA0EFHaMpHEJv/QeO5WP\n 5yXQe9yvfWMDlNLTChO/YW9/GsyatdDH87OmMP2NOoV+cBfkVgWs51c3I\n A5Ft5YpMghAah7qI7fuGi1VoP/2/XaiCt+AqeCOM/GF+7QpeO5cOxO6LF\n RkwaMLAKVuAUcA6TmDiwNKq7mCdXNBkP6k4eYtCJdGRyr3ZFJKP7t7XM4\n 2OGjmNrXOkzUrK51lVqFAhD+whs/4rQewAazfAaU5i9xSRG/hQh1GCOza g==;", "X-CSE-ConnectionGUID": "RNK+XsRQT1iCEso/DI0gHA==", "X-CSE-MsgGUID": "NS7BQMwZS5GwenlipWFxpQ==", "X-IronPort-AV": "E=Sophos;i=\"6.21,297,1763424000\"; d=\"scan'208\";a=\"13261378\"", "X-Farcaster-Flow-ID": "5097c958-82f7-4ad6-b0fd-8686e47214c8", "From": "Alexander Graf <graf@amazon.com>", "To": "<qemu-devel@nongnu.org>", "CC": "<qemu-arm@nongnu.org>, Peter Maydell <peter.maydell@linaro.org>, \"Thomas\n Huth\" <thuth@redhat.com>, <alex.bennee@linaro.org>, <philmd@linaro.org>,\n <berrange@redhat.com>, <marcandre.lureau@redhat.com>, Cornelia Huck\n <cohuck@redhat.com>, <mst@redhat.com>, Dorjoy Chowdhury\n <dorjoychy111@gmail.com>, Pierrick Bouvier <pierrick.bouvier@linaro.org>,\n Paolo Bonzini <pbonzini@redhat.com>, Tyler Fanelli <tfanelli@redhat.com>,\n <mknaust@amazon.com>, <nh-open-source@amazon.com>", "Subject": "[PATCH 02/10] linux-headers: Add nitro_enclaves.h", "Date": "Wed, 18 Feb 2026 01:51:42 +0000", "Message-ID": "<20260218015151.4052-3-graf@amazon.com>", "X-Mailer": "git-send-email 2.47.1", "In-Reply-To": "<20260218015151.4052-1-graf@amazon.com>", "References": "<20260218015151.4052-1-graf@amazon.com>", "MIME-Version": "1.0", "X-Originating-IP": "[172.19.99.218]", "X-ClientProxiedBy": "EX19D046UWA001.ant.amazon.com (10.13.139.112) To\n EX19D020UWC004.ant.amazon.com (10.13.138.149)", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Received-SPF": "pass client-ip=52.13.214.179;\n envelope-from=prvs=502105d20=graf@amazon.de;\n helo=pdx-out-005.esa.us-west-2.outbound.mail-perimeter.amazon.com", "X-Spam_score_int": "-19", "X-Spam_score": "-2.0", "X-Spam_bar": "--", "X-Spam_report": "(-2.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.043,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,\n HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01,\n UNPARSEABLE_RELAY=0.001 autolearn=ham autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "QEMU is learning to drive the /dev/nitro_enclaves device node. Include\nits UAPI header into our local copy of kernel headers so it has all\ndefines we need to drive it.\n\nSigned-off-by: Alexander Graf <graf@amazon.com>\n---\n .../standard-headers/linux/nitro_enclaves.h | 359 ++++++++++++++++++\n 1 file changed, 359 insertions(+)\n create mode 100644 include/standard-headers/linux/nitro_enclaves.h", "diff": "diff --git a/include/standard-headers/linux/nitro_enclaves.h b/include/standard-headers/linux/nitro_enclaves.h\nnew file mode 100644\nindex 0000000000..5545267dd9\n--- /dev/null\n+++ b/include/standard-headers/linux/nitro_enclaves.h\n@@ -0,0 +1,359 @@\n+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */\n+/*\n+ * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.\n+ */\n+\n+#ifndef _LINUX_NITRO_ENCLAVES_H_\n+#define _LINUX_NITRO_ENCLAVES_H_\n+\n+#include \"standard-headers/linux/types.h\"\n+\n+/**\n+ * DOC: Nitro Enclaves (NE) Kernel Driver Interface\n+ */\n+\n+/**\n+ * NE_CREATE_VM - The command is used to create a slot that is associated with\n+ *\t\t an enclave VM.\n+ *\t\t The generated unique slot id is an output parameter.\n+ *\t\t The ioctl can be invoked on the /dev/nitro_enclaves fd, before\n+ *\t\t setting any resources, such as memory and vCPUs, for an\n+ *\t\t enclave. Memory and vCPUs are set for the slot mapped to an enclave.\n+ *\t\t A NE CPU pool has to be set before calling this function. The\n+ *\t\t pool can be set after the NE driver load, using\n+ *\t\t /sys/module/nitro_enclaves/parameters/ne_cpus.\n+ *\t\t Its format is the detailed in the cpu-lists section:\n+ *\t\t https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html\n+ *\t\t CPU 0 and its siblings have to remain available for the\n+ *\t\t primary / parent VM, so they cannot be set for enclaves. Full\n+ *\t\t CPU core(s), from the same NUMA node, need(s) to be included\n+ *\t\t in the CPU pool.\n+ *\n+ * Context: Process context.\n+ * Return:\n+ * * Enclave file descriptor\t\t- Enclave file descriptor used with\n+ *\t\t\t\t\t ioctl calls to set vCPUs and memory\n+ *\t\t\t\t\t regions, then start the enclave.\n+ * * -1\t\t\t\t- There was a failure in the ioctl logic.\n+ * On failure, errno is set to:\n+ * * EFAULT\t\t\t\t- copy_to_user() failure.\n+ * * ENOMEM\t\t\t\t- Memory allocation failure for internal\n+ *\t\t\t\t\t bookkeeping variables.\n+ * * NE_ERR_NO_CPUS_AVAIL_IN_POOL\t- No NE CPU pool set / no CPUs available\n+ *\t\t\t\t\t in the pool.\n+ * * Error codes from get_unused_fd_flags() and anon_inode_getfile().\n+ * * Error codes from the NE PCI device request.\n+ */\n+#define NE_CREATE_VM\t\t\t_IOR(0xAE, 0x20, uint64_t)\n+\n+/**\n+ * NE_ADD_VCPU - The command is used to set a vCPU for an enclave. The vCPU can\n+ *\t\t be auto-chosen from the NE CPU pool or it can be set by the\n+ *\t\t caller, with the note that it needs to be available in the NE\n+ *\t\t CPU pool. Full CPU core(s), from the same NUMA node, need(s) to\n+ *\t\t be associated with an enclave.\n+ *\t\t The vCPU id is an input / output parameter. If its value is 0,\n+ *\t\t then a CPU is chosen from the enclave CPU pool and returned via\n+ *\t\t this parameter.\n+ *\t\t The ioctl can be invoked on the enclave fd, before an enclave\n+ *\t\t is started.\n+ *\n+ * Context: Process context.\n+ * Return:\n+ * * 0\t\t\t\t\t- Logic successfully completed.\n+ * * -1\t\t\t\t- There was a failure in the ioctl logic.\n+ * On failure, errno is set to:\n+ * * EFAULT\t\t\t\t- copy_from_user() / copy_to_user() failure.\n+ * * ENOMEM\t\t\t\t- Memory allocation failure for internal\n+ *\t\t\t\t\t bookkeeping variables.\n+ * * EIO\t\t\t\t- Current task mm is not the same as the one\n+ *\t\t\t\t\t that created the enclave.\n+ * * NE_ERR_NO_CPUS_AVAIL_IN_POOL\t- No CPUs available in the NE CPU pool.\n+ * * NE_ERR_VCPU_ALREADY_USED\t\t- The provided vCPU is already used.\n+ * * NE_ERR_VCPU_NOT_IN_CPU_POOL\t- The provided vCPU is not available in the\n+ *\t\t\t\t\t NE CPU pool.\n+ * * NE_ERR_VCPU_INVALID_CPU_CORE\t- The core id of the provided vCPU is invalid\n+ *\t\t\t\t\t or out of range.\n+ * * NE_ERR_NOT_IN_INIT_STATE\t\t- The enclave is not in init state\n+ *\t\t\t\t\t (init = before being started).\n+ * * NE_ERR_INVALID_VCPU\t\t- The provided vCPU is not in the available\n+ *\t\t\t\t\t CPUs range.\n+ * * Error codes from the NE PCI device request.\n+ */\n+#define NE_ADD_VCPU\t\t\t_IOWR(0xAE, 0x21, uint32_t)\n+\n+/**\n+ * NE_GET_IMAGE_LOAD_INFO - The command is used to get information needed for\n+ *\t\t\t in-memory enclave image loading e.g. offset in\n+ *\t\t\t enclave memory to start placing the enclave image.\n+ *\t\t\t The image load info is an input / output parameter.\n+ *\t\t\t It includes info provided by the caller - flags -\n+ *\t\t\t and returns the offset in enclave memory where to\n+ *\t\t\t start placing the enclave image.\n+ *\t\t\t The ioctl can be invoked on the enclave fd, before\n+ *\t\t\t an enclave is started.\n+ *\n+ * Context: Process context.\n+ * Return:\n+ * * 0\t\t\t\t- Logic successfully completed.\n+ * * -1\t\t\t- There was a failure in the ioctl logic.\n+ * On failure, errno is set to:\n+ * * EFAULT\t\t\t- copy_from_user() / copy_to_user() failure.\n+ * * NE_ERR_NOT_IN_INIT_STATE\t- The enclave is not in init state (init =\n+ *\t\t\t\t before being started).\n+ * * NE_ERR_INVALID_FLAG_VALUE\t- The value of the provided flag is invalid.\n+ */\n+#define NE_GET_IMAGE_LOAD_INFO\t\t_IOWR(0xAE, 0x22, struct ne_image_load_info)\n+\n+/**\n+ * NE_SET_USER_MEMORY_REGION - The command is used to set a memory region for an\n+ *\t\t\t enclave, given the allocated memory from the\n+ *\t\t\t userspace. Enclave memory needs to be from the\n+ *\t\t\t same NUMA node as the enclave CPUs.\n+ *\t\t\t The user memory region is an input parameter. It\n+ *\t\t\t includes info provided by the caller - flags,\n+ *\t\t\t memory size and userspace address.\n+ *\t\t\t The ioctl can be invoked on the enclave fd,\n+ *\t\t\t before an enclave is started.\n+ *\n+ * Context: Process context.\n+ * Return:\n+ * * 0\t\t\t\t\t- Logic successfully completed.\n+ * * -1\t\t\t\t- There was a failure in the ioctl logic.\n+ * On failure, errno is set to:\n+ * * EFAULT\t\t\t\t- copy_from_user() failure.\n+ * * EINVAL\t\t\t\t- Invalid physical memory region(s) e.g.\n+ *\t\t\t\t\t unaligned address.\n+ * * EIO\t\t\t\t- Current task mm is not the same as\n+ *\t\t\t\t\t the one that created the enclave.\n+ * * ENOMEM\t\t\t\t- Memory allocation failure for internal\n+ *\t\t\t\t\t bookkeeping variables.\n+ * * NE_ERR_NOT_IN_INIT_STATE\t\t- The enclave is not in init state\n+ *\t\t\t\t\t (init = before being started).\n+ * * NE_ERR_INVALID_MEM_REGION_SIZE\t- The memory size of the region is not\n+ *\t\t\t\t\t multiple of 2 MiB.\n+ * * NE_ERR_INVALID_MEM_REGION_ADDR\t- Invalid user space address given.\n+ * * NE_ERR_UNALIGNED_MEM_REGION_ADDR\t- Unaligned user space address given.\n+ * * NE_ERR_MEM_REGION_ALREADY_USED\t- The memory region is already used.\n+ * * NE_ERR_MEM_NOT_HUGE_PAGE\t\t- The memory region is not backed by\n+ *\t\t\t\t\t huge pages.\n+ * * NE_ERR_MEM_DIFFERENT_NUMA_NODE\t- The memory region is not from the same\n+ *\t\t\t\t\t NUMA node as the CPUs.\n+ * * NE_ERR_MEM_MAX_REGIONS\t\t- The number of memory regions set for\n+ *\t\t\t\t\t the enclave reached maximum.\n+ * * NE_ERR_INVALID_PAGE_SIZE\t\t- The memory region is not backed by\n+ *\t\t\t\t\t pages multiple of 2 MiB.\n+ * * NE_ERR_INVALID_FLAG_VALUE\t\t- The value of the provided flag is invalid.\n+ * * Error codes from get_user_pages().\n+ * * Error codes from the NE PCI device request.\n+ */\n+#define NE_SET_USER_MEMORY_REGION\t_IOW(0xAE, 0x23, struct ne_user_memory_region)\n+\n+/**\n+ * NE_START_ENCLAVE - The command is used to trigger enclave start after the\n+ *\t\t enclave resources, such as memory and CPU, have been set.\n+ *\t\t The enclave start info is an input / output parameter. It\n+ *\t\t includes info provided by the caller - enclave cid and\n+ *\t\t flags - and returns the cid (if input cid is 0).\n+ *\t\t The ioctl can be invoked on the enclave fd, after an\n+ *\t\t enclave slot is created and resources, such as memory and\n+ *\t\t vCPUs are set for an enclave.\n+ *\n+ * Context: Process context.\n+ * Return:\n+ * * 0\t\t\t\t\t- Logic successfully completed.\n+ * * -1\t\t\t\t- There was a failure in the ioctl logic.\n+ * On failure, errno is set to:\n+ * * EFAULT\t\t\t\t- copy_from_user() / copy_to_user() failure.\n+ * * NE_ERR_NOT_IN_INIT_STATE\t\t- The enclave is not in init state\n+ *\t\t\t\t\t (init = before being started).\n+ * * NE_ERR_NO_MEM_REGIONS_ADDED\t- No memory regions are set.\n+ * * NE_ERR_NO_VCPUS_ADDED\t\t- No vCPUs are set.\n+ * * NE_ERR_FULL_CORES_NOT_USED\t- Full core(s) not set for the enclave.\n+ * * NE_ERR_ENCLAVE_MEM_MIN_SIZE\t- Enclave memory is less than minimum\n+ *\t\t\t\t\t memory size (64 MiB).\n+ * * NE_ERR_INVALID_FLAG_VALUE\t\t- The value of the provided flag is invalid.\n+ * * NE_ERR_INVALID_ENCLAVE_CID\t- The provided enclave CID is invalid.\n+ * * Error codes from the NE PCI device request.\n+ */\n+#define NE_START_ENCLAVE\t\t_IOWR(0xAE, 0x24, struct ne_enclave_start_info)\n+\n+/**\n+ * DOC: NE specific error codes\n+ */\n+\n+/**\n+ * NE_ERR_VCPU_ALREADY_USED - The provided vCPU is already used.\n+ */\n+#define NE_ERR_VCPU_ALREADY_USED\t\t(256)\n+/**\n+ * NE_ERR_VCPU_NOT_IN_CPU_POOL - The provided vCPU is not available in the\n+ *\t\t\t\t NE CPU pool.\n+ */\n+#define NE_ERR_VCPU_NOT_IN_CPU_POOL\t\t(257)\n+/**\n+ * NE_ERR_VCPU_INVALID_CPU_CORE - The core id of the provided vCPU is invalid\n+ *\t\t\t\t or out of range of the NE CPU pool.\n+ */\n+#define NE_ERR_VCPU_INVALID_CPU_CORE\t\t(258)\n+/**\n+ * NE_ERR_INVALID_MEM_REGION_SIZE - The user space memory region size is not\n+ *\t\t\t\t multiple of 2 MiB.\n+ */\n+#define NE_ERR_INVALID_MEM_REGION_SIZE\t\t(259)\n+/**\n+ * NE_ERR_INVALID_MEM_REGION_ADDR - The user space memory region address range\n+ *\t\t\t\t is invalid.\n+ */\n+#define NE_ERR_INVALID_MEM_REGION_ADDR\t\t(260)\n+/**\n+ * NE_ERR_UNALIGNED_MEM_REGION_ADDR - The user space memory region address is\n+ *\t\t\t\t not aligned.\n+ */\n+#define NE_ERR_UNALIGNED_MEM_REGION_ADDR\t(261)\n+/**\n+ * NE_ERR_MEM_REGION_ALREADY_USED - The user space memory region is already used.\n+ */\n+#define NE_ERR_MEM_REGION_ALREADY_USED\t\t(262)\n+/**\n+ * NE_ERR_MEM_NOT_HUGE_PAGE - The user space memory region is not backed by\n+ *\t\t\t contiguous physical huge page(s).\n+ */\n+#define NE_ERR_MEM_NOT_HUGE_PAGE\t\t(263)\n+/**\n+ * NE_ERR_MEM_DIFFERENT_NUMA_NODE - The user space memory region is backed by\n+ *\t\t\t\t pages from different NUMA nodes than the CPUs.\n+ */\n+#define NE_ERR_MEM_DIFFERENT_NUMA_NODE\t\t(264)\n+/**\n+ * NE_ERR_MEM_MAX_REGIONS - The supported max memory regions per enclaves has\n+ *\t\t\t been reached.\n+ */\n+#define NE_ERR_MEM_MAX_REGIONS\t\t\t(265)\n+/**\n+ * NE_ERR_NO_MEM_REGIONS_ADDED - The command to start an enclave is triggered\n+ *\t\t\t\t and no memory regions are added.\n+ */\n+#define NE_ERR_NO_MEM_REGIONS_ADDED\t\t(266)\n+/**\n+ * NE_ERR_NO_VCPUS_ADDED - The command to start an enclave is triggered and no\n+ *\t\t\t vCPUs are added.\n+ */\n+#define NE_ERR_NO_VCPUS_ADDED\t\t\t(267)\n+/**\n+ * NE_ERR_ENCLAVE_MEM_MIN_SIZE - The enclave memory size is lower than the\n+ *\t\t\t\t minimum supported.\n+ */\n+#define NE_ERR_ENCLAVE_MEM_MIN_SIZE\t\t(268)\n+/**\n+ * NE_ERR_FULL_CORES_NOT_USED - The command to start an enclave is triggered and\n+ *\t\t\t\tfull CPU cores are not set.\n+ */\n+#define NE_ERR_FULL_CORES_NOT_USED\t\t(269)\n+/**\n+ * NE_ERR_NOT_IN_INIT_STATE - The enclave is not in init state when setting\n+ *\t\t\t resources or triggering start.\n+ */\n+#define NE_ERR_NOT_IN_INIT_STATE\t\t(270)\n+/**\n+ * NE_ERR_INVALID_VCPU - The provided vCPU is out of range of the available CPUs.\n+ */\n+#define NE_ERR_INVALID_VCPU\t\t\t(271)\n+/**\n+ * NE_ERR_NO_CPUS_AVAIL_IN_POOL - The command to create an enclave is triggered\n+ *\t\t\t\t and no CPUs are available in the pool.\n+ */\n+#define NE_ERR_NO_CPUS_AVAIL_IN_POOL\t\t(272)\n+/**\n+ * NE_ERR_INVALID_PAGE_SIZE - The user space memory region is not backed by pages\n+ *\t\t\t multiple of 2 MiB.\n+ */\n+#define NE_ERR_INVALID_PAGE_SIZE\t\t(273)\n+/**\n+ * NE_ERR_INVALID_FLAG_VALUE - The provided flag value is invalid.\n+ */\n+#define NE_ERR_INVALID_FLAG_VALUE\t\t(274)\n+/**\n+ * NE_ERR_INVALID_ENCLAVE_CID - The provided enclave CID is invalid, either\n+ *\t\t\t\tbeing a well-known value or the CID of the\n+ *\t\t\t\tparent / primary VM.\n+ */\n+#define NE_ERR_INVALID_ENCLAVE_CID\t\t(275)\n+\n+/**\n+ * DOC: Image load info flags\n+ */\n+\n+/**\n+ * NE_EIF_IMAGE - Enclave Image Format (EIF)\n+ */\n+#define NE_EIF_IMAGE\t\t\t(0x01)\n+\n+#define NE_IMAGE_LOAD_MAX_FLAG_VAL\t(0x02)\n+\n+/**\n+ * struct ne_image_load_info - Info necessary for in-memory enclave image\n+ *\t\t\t loading (in / out).\n+ * @flags:\t\tFlags to determine the enclave image type\n+ *\t\t\t(e.g. Enclave Image Format - EIF) (in).\n+ * @memory_offset:\tOffset in enclave memory where to start placing the\n+ *\t\t\tenclave image (out).\n+ */\n+struct ne_image_load_info {\n+\tuint64_t\tflags;\n+\tuint64_t\tmemory_offset;\n+};\n+\n+/**\n+ * DOC: User memory region flags\n+ */\n+\n+/**\n+ * NE_DEFAULT_MEMORY_REGION - Memory region for enclave general usage.\n+ */\n+#define NE_DEFAULT_MEMORY_REGION\t(0x00)\n+\n+#define NE_MEMORY_REGION_MAX_FLAG_VAL\t(0x01)\n+\n+/**\n+ * struct ne_user_memory_region - Memory region to be set for an enclave (in).\n+ * @flags:\t\tFlags to determine the usage for the memory region (in).\n+ * @memory_size:\tThe size, in bytes, of the memory region to be set for\n+ *\t\t\tan enclave (in).\n+ * @userspace_addr:\tThe start address of the userspace allocated memory of\n+ *\t\t\tthe memory region to set for an enclave (in).\n+ */\n+struct ne_user_memory_region {\n+\tuint64_t\tflags;\n+\tuint64_t\tmemory_size;\n+\tuint64_t\tuserspace_addr;\n+};\n+\n+/**\n+ * DOC: Enclave start info flags\n+ */\n+\n+/**\n+ * NE_ENCLAVE_PRODUCTION_MODE - Start enclave in production mode.\n+ */\n+#define NE_ENCLAVE_PRODUCTION_MODE\t(0x00)\n+/**\n+ * NE_ENCLAVE_DEBUG_MODE - Start enclave in debug mode.\n+ */\n+#define NE_ENCLAVE_DEBUG_MODE\t\t(0x01)\n+\n+#define NE_ENCLAVE_START_MAX_FLAG_VAL\t(0x02)\n+\n+/**\n+ * struct ne_enclave_start_info - Setup info necessary for enclave start (in / out).\n+ * @flags:\t\tFlags for the enclave to start with (e.g. debug mode) (in).\n+ * @enclave_cid:\tContext ID (CID) for the enclave vsock device. If 0 as\n+ *\t\t\tinput, the CID is autogenerated by the hypervisor and\n+ *\t\t\treturned back as output by the driver (in / out).\n+ */\n+struct ne_enclave_start_info {\n+\tuint64_t\tflags;\n+\tuint64_t\tenclave_cid;\n+};\n+\n+#endif /* _LINUX_NITRO_ENCLAVES_H_ */\n", "prefixes": [ "02/10" ] }