{"id":2197504,"url":"http://patchwork.ozlabs.org/api/1.0/patches/2197504/?format=json","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.0/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260218015151.4052-3-graf@amazon.com>","date":"2026-02-18T01:51:42","name":"[02/10] linux-headers: Add nitro_enclaves.h","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"0432dd35cbb7d796b851e0163dea519fd32444ea","submitter":{"id":76572,"url":"http://patchwork.ozlabs.org/api/1.0/people/76572/?format=json","name":"Alexander Graf","email":"graf@amazon.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260218015151.4052-3-graf@amazon.com/mbox/","series":[{"id":492503,"url":"http://patchwork.ozlabs.org/api/1.0/series/492503/?format=json","date":"2026-02-18T01:51:40","name":"Native Nitro Enclaves support","version":1,"mbox":"http://patchwork.ozlabs.org/series/492503/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2197504/checks/","tags":{},"headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=amazon.com header.i=@amazon.com header.a=rsa-sha256\n header.s=amazoncorp2 header.b=HGNKdO3I;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fG00Y23Xdz1xwC\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 18 Feb 2026 12:53:33 +1100 (AEDT)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vsWjk-0007Aj-Dl; Tue, 17 Feb 2026 20:52:20 -0500","from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <prvs=502105d20=graf@amazon.de>)\n id 1vsWjY-00077l-TN; Tue, 17 Feb 2026 20:52:10 -0500","from pdx-out-005.esa.us-west-2.outbound.mail-perimeter.amazon.com\n ([52.13.214.179])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <prvs=502105d20=graf@amazon.de>)\n id 1vsWjW-0004Yi-Da; Tue, 17 Feb 2026 20:52:08 -0500","from ip-10-5-0-115.us-west-2.compute.internal (HELO\n smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.0.115])\n by internal-pdx-out-005.esa.us-west-2.outbound.mail-perimeter.amazon.com with\n ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2026 01:52:01 +0000","from EX19MTAUWA001.ant.amazon.com [205.251.233.182:1796]\n by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.14.39:2525]\n with esmtp (Farcaster)\n id 5097c958-82f7-4ad6-b0fd-8686e47214c8;\n Wed, 18 Feb 2026 01:52:01 +0000 (UTC)","from EX19D020UWC004.ant.amazon.com (10.13.138.149) by\n EX19MTAUWA001.ant.amazon.com (10.250.64.204) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;\n Wed, 18 Feb 2026 01:52:00 +0000","from ip-10-253-83-51.amazon.com (172.19.99.218) by\n EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;\n Wed, 18 Feb 2026 01:51:58 +0000"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2;\n t=1771379526; x=1802915526;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=yGwpH6mNXADUzH7l283Vcqo8pTgMS9qPjwIVA1ZPJ58=;\n b=HGNKdO3IhkUHGD8WlAcm16esybqRAf13/jjrGHFY7JxI6PJYQ772bxRO\n Vuph6zyvj2FPBrdF5C+6Tzfus44kS2c/7Rjy8EA0EFHaMpHEJv/QeO5WP\n 5yXQe9yvfWMDlNLTChO/YW9/GsyatdDH87OmMP2NOoV+cBfkVgWs51c3I\n A5Ft5YpMghAah7qI7fuGi1VoP/2/XaiCt+AqeCOM/GF+7QpeO5cOxO6LF\n RkwaMLAKVuAUcA6TmDiwNKq7mCdXNBkP6k4eYtCJdGRyr3ZFJKP7t7XM4\n 2OGjmNrXOkzUrK51lVqFAhD+whs/4rQewAazfAaU5i9xSRG/hQh1GCOza g==;","X-CSE-ConnectionGUID":"RNK+XsRQT1iCEso/DI0gHA==","X-CSE-MsgGUID":"NS7BQMwZS5GwenlipWFxpQ==","X-IronPort-AV":"E=Sophos;i=\"6.21,297,1763424000\"; d=\"scan'208\";a=\"13261378\"","X-Farcaster-Flow-ID":"5097c958-82f7-4ad6-b0fd-8686e47214c8","From":"Alexander Graf <graf@amazon.com>","To":"<qemu-devel@nongnu.org>","CC":"<qemu-arm@nongnu.org>, Peter Maydell <peter.maydell@linaro.org>, \"Thomas\n Huth\" <thuth@redhat.com>, <alex.bennee@linaro.org>, <philmd@linaro.org>,\n <berrange@redhat.com>, <marcandre.lureau@redhat.com>, Cornelia Huck\n <cohuck@redhat.com>, <mst@redhat.com>, Dorjoy Chowdhury\n <dorjoychy111@gmail.com>, Pierrick Bouvier <pierrick.bouvier@linaro.org>,\n Paolo Bonzini <pbonzini@redhat.com>, Tyler Fanelli <tfanelli@redhat.com>,\n <mknaust@amazon.com>, <nh-open-source@amazon.com>","Subject":"[PATCH 02/10] linux-headers: Add nitro_enclaves.h","Date":"Wed, 18 Feb 2026 01:51:42 +0000","Message-ID":"<20260218015151.4052-3-graf@amazon.com>","X-Mailer":"git-send-email 2.47.1","In-Reply-To":"<20260218015151.4052-1-graf@amazon.com>","References":"<20260218015151.4052-1-graf@amazon.com>","MIME-Version":"1.0","X-Originating-IP":"[172.19.99.218]","X-ClientProxiedBy":"EX19D046UWA001.ant.amazon.com (10.13.139.112) To\n EX19D020UWC004.ant.amazon.com (10.13.138.149)","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Received-SPF":"pass client-ip=52.13.214.179;\n envelope-from=prvs=502105d20=graf@amazon.de;\n helo=pdx-out-005.esa.us-west-2.outbound.mail-perimeter.amazon.com","X-Spam_score_int":"-19","X-Spam_score":"-2.0","X-Spam_bar":"--","X-Spam_report":"(-2.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.043,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,\n HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01,\n UNPARSEABLE_RELAY=0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development <qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<https://lists.nongnu.org/archive/html/qemu-devel>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"QEMU is learning to drive the /dev/nitro_enclaves device node. Include\nits UAPI header into our local copy of kernel headers so it has all\ndefines we need to drive it.\n\nSigned-off-by: Alexander Graf <graf@amazon.com>\n---\n .../standard-headers/linux/nitro_enclaves.h   | 359 ++++++++++++++++++\n 1 file changed, 359 insertions(+)\n create mode 100644 include/standard-headers/linux/nitro_enclaves.h","diff":"diff --git a/include/standard-headers/linux/nitro_enclaves.h b/include/standard-headers/linux/nitro_enclaves.h\nnew file mode 100644\nindex 0000000000..5545267dd9\n--- /dev/null\n+++ b/include/standard-headers/linux/nitro_enclaves.h\n@@ -0,0 +1,359 @@\n+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */\n+/*\n+ * Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.\n+ */\n+\n+#ifndef _LINUX_NITRO_ENCLAVES_H_\n+#define _LINUX_NITRO_ENCLAVES_H_\n+\n+#include \"standard-headers/linux/types.h\"\n+\n+/**\n+ * DOC: Nitro Enclaves (NE) Kernel Driver Interface\n+ */\n+\n+/**\n+ * NE_CREATE_VM - The command is used to create a slot that is associated with\n+ *\t\t  an enclave VM.\n+ *\t\t  The generated unique slot id is an output parameter.\n+ *\t\t  The ioctl can be invoked on the /dev/nitro_enclaves fd, before\n+ *\t\t  setting any resources, such as memory and vCPUs, for an\n+ *\t\t  enclave. Memory and vCPUs are set for the slot mapped to an enclave.\n+ *\t\t  A NE CPU pool has to be set before calling this function. The\n+ *\t\t  pool can be set after the NE driver load, using\n+ *\t\t  /sys/module/nitro_enclaves/parameters/ne_cpus.\n+ *\t\t  Its format is the detailed in the cpu-lists section:\n+ *\t\t  https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html\n+ *\t\t  CPU 0 and its siblings have to remain available for the\n+ *\t\t  primary / parent VM, so they cannot be set for enclaves. Full\n+ *\t\t  CPU core(s), from the same NUMA node, need(s) to be included\n+ *\t\t  in the CPU pool.\n+ *\n+ * Context: Process context.\n+ * Return:\n+ * * Enclave file descriptor\t\t- Enclave file descriptor used with\n+ *\t\t\t\t\t  ioctl calls to set vCPUs and memory\n+ *\t\t\t\t\t  regions, then start the enclave.\n+ * *  -1\t\t\t\t- There was a failure in the ioctl logic.\n+ * On failure, errno is set to:\n+ * * EFAULT\t\t\t\t- copy_to_user() failure.\n+ * * ENOMEM\t\t\t\t- Memory allocation failure for internal\n+ *\t\t\t\t\t  bookkeeping variables.\n+ * * NE_ERR_NO_CPUS_AVAIL_IN_POOL\t- No NE CPU pool set / no CPUs available\n+ *\t\t\t\t\t  in the pool.\n+ * * Error codes from get_unused_fd_flags() and anon_inode_getfile().\n+ * * Error codes from the NE PCI device request.\n+ */\n+#define NE_CREATE_VM\t\t\t_IOR(0xAE, 0x20, uint64_t)\n+\n+/**\n+ * NE_ADD_VCPU - The command is used to set a vCPU for an enclave. The vCPU can\n+ *\t\t be auto-chosen from the NE CPU pool or it can be set by the\n+ *\t\t caller, with the note that it needs to be available in the NE\n+ *\t\t CPU pool. Full CPU core(s), from the same NUMA node, need(s) to\n+ *\t\t be associated with an enclave.\n+ *\t\t The vCPU id is an input / output parameter. If its value is 0,\n+ *\t\t then a CPU is chosen from the enclave CPU pool and returned via\n+ *\t\t this parameter.\n+ *\t\t The ioctl can be invoked on the enclave fd, before an enclave\n+ *\t\t is started.\n+ *\n+ * Context: Process context.\n+ * Return:\n+ * * 0\t\t\t\t\t- Logic successfully completed.\n+ * *  -1\t\t\t\t- There was a failure in the ioctl logic.\n+ * On failure, errno is set to:\n+ * * EFAULT\t\t\t\t- copy_from_user() / copy_to_user() failure.\n+ * * ENOMEM\t\t\t\t- Memory allocation failure for internal\n+ *\t\t\t\t\t  bookkeeping variables.\n+ * * EIO\t\t\t\t- Current task mm is not the same as the one\n+ *\t\t\t\t\t  that created the enclave.\n+ * * NE_ERR_NO_CPUS_AVAIL_IN_POOL\t- No CPUs available in the NE CPU pool.\n+ * * NE_ERR_VCPU_ALREADY_USED\t\t- The provided vCPU is already used.\n+ * * NE_ERR_VCPU_NOT_IN_CPU_POOL\t- The provided vCPU is not available in the\n+ *\t\t\t\t\t  NE CPU pool.\n+ * * NE_ERR_VCPU_INVALID_CPU_CORE\t- The core id of the provided vCPU is invalid\n+ *\t\t\t\t\t  or out of range.\n+ * * NE_ERR_NOT_IN_INIT_STATE\t\t- The enclave is not in init state\n+ *\t\t\t\t\t  (init = before being started).\n+ * * NE_ERR_INVALID_VCPU\t\t- The provided vCPU is not in the available\n+ *\t\t\t\t\t  CPUs range.\n+ * * Error codes from the NE PCI device request.\n+ */\n+#define NE_ADD_VCPU\t\t\t_IOWR(0xAE, 0x21, uint32_t)\n+\n+/**\n+ * NE_GET_IMAGE_LOAD_INFO - The command is used to get information needed for\n+ *\t\t\t    in-memory enclave image loading e.g. offset in\n+ *\t\t\t    enclave memory to start placing the enclave image.\n+ *\t\t\t    The image load info is an input / output parameter.\n+ *\t\t\t    It includes info provided by the caller - flags -\n+ *\t\t\t    and returns the offset in enclave memory where to\n+ *\t\t\t    start placing the enclave image.\n+ *\t\t\t    The ioctl can be invoked on the enclave fd, before\n+ *\t\t\t    an enclave is started.\n+ *\n+ * Context: Process context.\n+ * Return:\n+ * * 0\t\t\t\t- Logic successfully completed.\n+ * *  -1\t\t\t- There was a failure in the ioctl logic.\n+ * On failure, errno is set to:\n+ * * EFAULT\t\t\t- copy_from_user() / copy_to_user() failure.\n+ * * NE_ERR_NOT_IN_INIT_STATE\t- The enclave is not in init state (init =\n+ *\t\t\t\t  before being started).\n+ * * NE_ERR_INVALID_FLAG_VALUE\t- The value of the provided flag is invalid.\n+ */\n+#define NE_GET_IMAGE_LOAD_INFO\t\t_IOWR(0xAE, 0x22, struct ne_image_load_info)\n+\n+/**\n+ * NE_SET_USER_MEMORY_REGION - The command is used to set a memory region for an\n+ *\t\t\t       enclave, given the allocated memory from the\n+ *\t\t\t       userspace. Enclave memory needs to be from the\n+ *\t\t\t       same NUMA node as the enclave CPUs.\n+ *\t\t\t       The user memory region is an input parameter. It\n+ *\t\t\t       includes info provided by the caller - flags,\n+ *\t\t\t       memory size and userspace address.\n+ *\t\t\t       The ioctl can be invoked on the enclave fd,\n+ *\t\t\t       before an enclave is started.\n+ *\n+ * Context: Process context.\n+ * Return:\n+ * * 0\t\t\t\t\t- Logic successfully completed.\n+ * *  -1\t\t\t\t- There was a failure in the ioctl logic.\n+ * On failure, errno is set to:\n+ * * EFAULT\t\t\t\t- copy_from_user() failure.\n+ * * EINVAL\t\t\t\t- Invalid physical memory region(s) e.g.\n+ *\t\t\t\t\t  unaligned address.\n+ * * EIO\t\t\t\t- Current task mm is not the same as\n+ *\t\t\t\t\t  the one that created the enclave.\n+ * * ENOMEM\t\t\t\t- Memory allocation failure for internal\n+ *\t\t\t\t\t  bookkeeping variables.\n+ * * NE_ERR_NOT_IN_INIT_STATE\t\t- The enclave is not in init state\n+ *\t\t\t\t\t  (init = before being started).\n+ * * NE_ERR_INVALID_MEM_REGION_SIZE\t- The memory size of the region is not\n+ *\t\t\t\t\t  multiple of 2 MiB.\n+ * * NE_ERR_INVALID_MEM_REGION_ADDR\t- Invalid user space address given.\n+ * * NE_ERR_UNALIGNED_MEM_REGION_ADDR\t- Unaligned user space address given.\n+ * * NE_ERR_MEM_REGION_ALREADY_USED\t- The memory region is already used.\n+ * * NE_ERR_MEM_NOT_HUGE_PAGE\t\t- The memory region is not backed by\n+ *\t\t\t\t\t  huge pages.\n+ * * NE_ERR_MEM_DIFFERENT_NUMA_NODE\t- The memory region is not from the same\n+ *\t\t\t\t\t  NUMA node as the CPUs.\n+ * * NE_ERR_MEM_MAX_REGIONS\t\t- The number of memory regions set for\n+ *\t\t\t\t\t  the enclave reached maximum.\n+ * * NE_ERR_INVALID_PAGE_SIZE\t\t- The memory region is not backed by\n+ *\t\t\t\t\t  pages multiple of 2 MiB.\n+ * * NE_ERR_INVALID_FLAG_VALUE\t\t- The value of the provided flag is invalid.\n+ * * Error codes from get_user_pages().\n+ * * Error codes from the NE PCI device request.\n+ */\n+#define NE_SET_USER_MEMORY_REGION\t_IOW(0xAE, 0x23, struct ne_user_memory_region)\n+\n+/**\n+ * NE_START_ENCLAVE - The command is used to trigger enclave start after the\n+ *\t\t      enclave resources, such as memory and CPU, have been set.\n+ *\t\t      The enclave start info is an input / output parameter. It\n+ *\t\t      includes info provided by the caller - enclave cid and\n+ *\t\t      flags - and returns the cid (if input cid is 0).\n+ *\t\t      The ioctl can be invoked on the enclave fd, after an\n+ *\t\t      enclave slot is created and resources, such as memory and\n+ *\t\t      vCPUs are set for an enclave.\n+ *\n+ * Context: Process context.\n+ * Return:\n+ * * 0\t\t\t\t\t- Logic successfully completed.\n+ * *  -1\t\t\t\t- There was a failure in the ioctl logic.\n+ * On failure, errno is set to:\n+ * * EFAULT\t\t\t\t- copy_from_user() / copy_to_user() failure.\n+ * * NE_ERR_NOT_IN_INIT_STATE\t\t- The enclave is not in init state\n+ *\t\t\t\t\t  (init = before being started).\n+ * * NE_ERR_NO_MEM_REGIONS_ADDED\t- No memory regions are set.\n+ * * NE_ERR_NO_VCPUS_ADDED\t\t- No vCPUs are set.\n+ * *  NE_ERR_FULL_CORES_NOT_USED\t- Full core(s) not set for the enclave.\n+ * * NE_ERR_ENCLAVE_MEM_MIN_SIZE\t- Enclave memory is less than minimum\n+ *\t\t\t\t\t  memory size (64 MiB).\n+ * * NE_ERR_INVALID_FLAG_VALUE\t\t- The value of the provided flag is invalid.\n+ * *  NE_ERR_INVALID_ENCLAVE_CID\t- The provided enclave CID is invalid.\n+ * * Error codes from the NE PCI device request.\n+ */\n+#define NE_START_ENCLAVE\t\t_IOWR(0xAE, 0x24, struct ne_enclave_start_info)\n+\n+/**\n+ * DOC: NE specific error codes\n+ */\n+\n+/**\n+ * NE_ERR_VCPU_ALREADY_USED - The provided vCPU is already used.\n+ */\n+#define NE_ERR_VCPU_ALREADY_USED\t\t(256)\n+/**\n+ * NE_ERR_VCPU_NOT_IN_CPU_POOL - The provided vCPU is not available in the\n+ *\t\t\t\t NE CPU pool.\n+ */\n+#define NE_ERR_VCPU_NOT_IN_CPU_POOL\t\t(257)\n+/**\n+ * NE_ERR_VCPU_INVALID_CPU_CORE - The core id of the provided vCPU is invalid\n+ *\t\t\t\t  or out of range of the NE CPU pool.\n+ */\n+#define NE_ERR_VCPU_INVALID_CPU_CORE\t\t(258)\n+/**\n+ * NE_ERR_INVALID_MEM_REGION_SIZE - The user space memory region size is not\n+ *\t\t\t\t    multiple of 2 MiB.\n+ */\n+#define NE_ERR_INVALID_MEM_REGION_SIZE\t\t(259)\n+/**\n+ * NE_ERR_INVALID_MEM_REGION_ADDR - The user space memory region address range\n+ *\t\t\t\t    is invalid.\n+ */\n+#define NE_ERR_INVALID_MEM_REGION_ADDR\t\t(260)\n+/**\n+ * NE_ERR_UNALIGNED_MEM_REGION_ADDR - The user space memory region address is\n+ *\t\t\t\t      not aligned.\n+ */\n+#define NE_ERR_UNALIGNED_MEM_REGION_ADDR\t(261)\n+/**\n+ * NE_ERR_MEM_REGION_ALREADY_USED - The user space memory region is already used.\n+ */\n+#define NE_ERR_MEM_REGION_ALREADY_USED\t\t(262)\n+/**\n+ * NE_ERR_MEM_NOT_HUGE_PAGE - The user space memory region is not backed by\n+ *\t\t\t      contiguous physical huge page(s).\n+ */\n+#define NE_ERR_MEM_NOT_HUGE_PAGE\t\t(263)\n+/**\n+ * NE_ERR_MEM_DIFFERENT_NUMA_NODE - The user space memory region is backed by\n+ *\t\t\t\t    pages from different NUMA nodes than the CPUs.\n+ */\n+#define NE_ERR_MEM_DIFFERENT_NUMA_NODE\t\t(264)\n+/**\n+ * NE_ERR_MEM_MAX_REGIONS - The supported max memory regions per enclaves has\n+ *\t\t\t    been reached.\n+ */\n+#define NE_ERR_MEM_MAX_REGIONS\t\t\t(265)\n+/**\n+ * NE_ERR_NO_MEM_REGIONS_ADDED - The command to start an enclave is triggered\n+ *\t\t\t\t and no memory regions are added.\n+ */\n+#define NE_ERR_NO_MEM_REGIONS_ADDED\t\t(266)\n+/**\n+ * NE_ERR_NO_VCPUS_ADDED - The command to start an enclave is triggered and no\n+ *\t\t\t   vCPUs are added.\n+ */\n+#define NE_ERR_NO_VCPUS_ADDED\t\t\t(267)\n+/**\n+ * NE_ERR_ENCLAVE_MEM_MIN_SIZE - The enclave memory size is lower than the\n+ *\t\t\t\t minimum supported.\n+ */\n+#define NE_ERR_ENCLAVE_MEM_MIN_SIZE\t\t(268)\n+/**\n+ * NE_ERR_FULL_CORES_NOT_USED - The command to start an enclave is triggered and\n+ *\t\t\t\tfull CPU cores are not set.\n+ */\n+#define NE_ERR_FULL_CORES_NOT_USED\t\t(269)\n+/**\n+ * NE_ERR_NOT_IN_INIT_STATE - The enclave is not in init state when setting\n+ *\t\t\t      resources or triggering start.\n+ */\n+#define NE_ERR_NOT_IN_INIT_STATE\t\t(270)\n+/**\n+ * NE_ERR_INVALID_VCPU - The provided vCPU is out of range of the available CPUs.\n+ */\n+#define NE_ERR_INVALID_VCPU\t\t\t(271)\n+/**\n+ * NE_ERR_NO_CPUS_AVAIL_IN_POOL - The command to create an enclave is triggered\n+ *\t\t\t\t  and no CPUs are available in the pool.\n+ */\n+#define NE_ERR_NO_CPUS_AVAIL_IN_POOL\t\t(272)\n+/**\n+ * NE_ERR_INVALID_PAGE_SIZE - The user space memory region is not backed by pages\n+ *\t\t\t      multiple of 2 MiB.\n+ */\n+#define NE_ERR_INVALID_PAGE_SIZE\t\t(273)\n+/**\n+ * NE_ERR_INVALID_FLAG_VALUE - The provided flag value is invalid.\n+ */\n+#define NE_ERR_INVALID_FLAG_VALUE\t\t(274)\n+/**\n+ * NE_ERR_INVALID_ENCLAVE_CID - The provided enclave CID is invalid, either\n+ *\t\t\t\tbeing a well-known value or the CID of the\n+ *\t\t\t\tparent / primary VM.\n+ */\n+#define NE_ERR_INVALID_ENCLAVE_CID\t\t(275)\n+\n+/**\n+ * DOC: Image load info flags\n+ */\n+\n+/**\n+ * NE_EIF_IMAGE - Enclave Image Format (EIF)\n+ */\n+#define NE_EIF_IMAGE\t\t\t(0x01)\n+\n+#define NE_IMAGE_LOAD_MAX_FLAG_VAL\t(0x02)\n+\n+/**\n+ * struct ne_image_load_info - Info necessary for in-memory enclave image\n+ *\t\t\t       loading (in / out).\n+ * @flags:\t\tFlags to determine the enclave image type\n+ *\t\t\t(e.g. Enclave Image Format - EIF) (in).\n+ * @memory_offset:\tOffset in enclave memory where to start placing the\n+ *\t\t\tenclave image (out).\n+ */\n+struct ne_image_load_info {\n+\tuint64_t\tflags;\n+\tuint64_t\tmemory_offset;\n+};\n+\n+/**\n+ * DOC: User memory region flags\n+ */\n+\n+/**\n+ * NE_DEFAULT_MEMORY_REGION - Memory region for enclave general usage.\n+ */\n+#define NE_DEFAULT_MEMORY_REGION\t(0x00)\n+\n+#define NE_MEMORY_REGION_MAX_FLAG_VAL\t(0x01)\n+\n+/**\n+ * struct ne_user_memory_region - Memory region to be set for an enclave (in).\n+ * @flags:\t\tFlags to determine the usage for the memory region (in).\n+ * @memory_size:\tThe size, in bytes, of the memory region to be set for\n+ *\t\t\tan enclave (in).\n+ * @userspace_addr:\tThe start address of the userspace allocated memory of\n+ *\t\t\tthe memory region to set for an enclave (in).\n+ */\n+struct ne_user_memory_region {\n+\tuint64_t\tflags;\n+\tuint64_t\tmemory_size;\n+\tuint64_t\tuserspace_addr;\n+};\n+\n+/**\n+ * DOC: Enclave start info flags\n+ */\n+\n+/**\n+ * NE_ENCLAVE_PRODUCTION_MODE - Start enclave in production mode.\n+ */\n+#define NE_ENCLAVE_PRODUCTION_MODE\t(0x00)\n+/**\n+ * NE_ENCLAVE_DEBUG_MODE - Start enclave in debug mode.\n+ */\n+#define NE_ENCLAVE_DEBUG_MODE\t\t(0x01)\n+\n+#define NE_ENCLAVE_START_MAX_FLAG_VAL\t(0x02)\n+\n+/**\n+ * struct ne_enclave_start_info - Setup info necessary for enclave start (in / out).\n+ * @flags:\t\tFlags for the enclave to start with (e.g. debug mode) (in).\n+ * @enclave_cid:\tContext ID (CID) for the enclave vsock device. If 0 as\n+ *\t\t\tinput, the CID is autogenerated by the hypervisor and\n+ *\t\t\treturned back as output by the driver (in / out).\n+ */\n+struct ne_enclave_start_info {\n+\tuint64_t\tflags;\n+\tuint64_t\tenclave_cid;\n+};\n+\n+#endif /* _LINUX_NITRO_ENCLAVES_H_ */\n","prefixes":["02/10"]}