ETRACKC

ETRACKC — Activates EBLOCK Checks

Opcode/Instruction Op/En 64/32 bit Mode Support CPUID Feature Flag Description
EAX = 11H ENCLS[ETRACKC] IR V/V EAX[6] This leaf function activates EBLOCK checks.

Instruction Operand Encoding

Op/En EAX RCX
IR ETRACK (In) Return error code (Out) Address of the destination EPC page (In, EA) Address of the SECS page (In, EA)

Description

The ETRACKC instruction is thread safe variant of ETRACK leaf and can be executed concurrently with other CPU threads operating on the same SECS.

This leaf function provides the mechanism for hardware to track that software has completed the required TLB address clears successfully. The instruction can only be executed when the current privilege level is 0.

The content of RCX is an effective address of an EPC page.

The table below provides additional information on the memory parameter of ETRACK leaf function.

ETRACKC Memory Parameter Semantics

EPCPAGE
Read/Write access permitted by Enclave

The error codes are:

Error Code Value Description
No Error 0 ETRACKC successful.
SGX_EPC_PAGE_CONFLICT 7 Failure due to concurrent operation of another SGX instruction.
SGX_PG_INVLD 6 Target page is not a VALID EPC page.
SGX_PREV_TRK_INCMPL 17 All processors did not complete the previous tracking sequence.
SGX_TRACK_NOT_REQUIRED 27 Target page type does not require tracking.
Table 40-48. ETRACKC Return Value in RAX

Concurrency Restrictions

Leaf Parameter Base Concurrency Restrictions
Access On Conflict SGX_CONFLICT VM Exit Qualification
ETRACKC Target [DS:RCX] Shared SGX_EPC_PAGE_ CONFLICT
SECS implicit Concurrent
Table 40-49. Base Concurrency Restrictions of ETRACKC
Leaf Parameter Additional Concurrency Restrictions
vs. EACCEPT, EACCEPTCOPY, EMODPE, EMODPR, EMODT vs. EADD, EEXTEND, EINIT vs. ETRACK, ETRACKC
Access On Conflict Access On Conflict Access On Conflict
ETRACKC Target [DS:RCX] Concurrent Concurrent Concurrent
SECS implicit Concurrent Concurrent Exclusive SGX_EPC_PAGE _CONFLICT
Table 40-50. Additional Concurrency Restrictions of ETRACKC

Operation

Temp Variables in ETRACKC Operational Flow

Name Type Size (Bits) Description
TMP_SECS Physical Address 64 Physical address of the SECS of the page being modified.

(* check alignment of EPCPAGE (RCX) *)

IF (DS:RCX is not 4KByte Aligned) THEN

#GP(0); FI;

(* check that EPCPAGE (DS:RCX) is the address of an EPC page *)

IF (DS:RCX does not resolve within an EPC) THEN

#PF(DS:RCX, PFEC.SGX); FI;

(* Check the EPC page for concurrency *)

IF (EPC page is being modified) THEN

RFLAGS.ZF ← 1;

RFLAGS.CF ← 0;

RAX ← SGX_EPC_PAGE_CONFLICT;

goto DONE_POST_LOCK_RELEASE;

FI;

(* check to make sure the page is valid *)

IF (EPCM(DS:RCX).VALID = 0) THEN

RFLAGS.ZF ← 1;

RFLAGS.CF ← 0;

RAX ← SGX_PG_INVLD;

GOTO DONE;

FI;

(* find out the target SECS page *)

IF (EPCM(DS:RCX).PT is PT_REG or PT_TCS or PT_TRIM) THEN

TMP_SECS←Obtain SECS through EPCM(DS:RCX).ENCLAVESECS;

ELSE IF (EPCM(DS:RCX).PT is PT_SECS) THEN

TMP_SECS←Obtain SECS through (DS:RCX);

ELSE

RFLAGS.ZF ← 0;

RFLAGS.CF ← 1;

RAX ← SGX_TRACK_NOT_REQUIRED;

GOTO DONE;

FI;

(* Check concurrency with other Intel SGX instructions *)

IF (Other Intel SGX instructions using tracking facility on this SECS) THEN

IF ((VMX non-root mode) and

(ENABLE_EPC_VIRTUALIZATION_EXTENSIONS Execution Control = 1)) THEN

VMCS.Exit_reason ← SGX_CONFLICT;

VMCS.Exit_qualification.code ← TRACKING_RESOURCE_CONFLICT;

VMCS.Exit_qualification.error ← 0;

VMCS.Guest-physical_address ←

SECS(TMP_SECS).ENCLAVECONTEXT;

VMCS.Guest-linear_address ← 0;

Deliver VMEXIT;

FI;

RFLAGS.ZF ← 1;

RFLAGS.CF ← 0;

RAX ← SGX_EPC_PAGE_CONFLICT;

GOTO DONE;

FI;

(* All processors must have completed the previous tracking cycle*)

IF ( (TMP_SECS).TRACKING =ΜΈ 0) )

THEN

IF ((VMX non-root mode) and

(ENABLE_EPC_VIRTUALIZATION_EXTENSIONS Execution Control = 1)) THEN

VMCS.Exit_reason ← SGX_CONFLICT;

VMCS.Exit_qualification.code ← TRACKING_REFERENCE_CONFLICT;

VMCS.Exit_qualification.error ← 0;

VMCS.Guest-physical_address ←

SECS(TMP_SECS).ENCLAVECONTEXT;

VMCS.Guest-linear_address ← 0;

Deliver VMEXIT;

FI;

RFLAGS.ZF ← 1;

RFLAGS.CF ← 0;

RAX ← SGX_PREV_TRK_INCMPL;

GOTO DONE;

FI;

RFLAGS.ZF ← 0;

RFLAGS.CF ← 0;

RAX←0;

DONE:

(* clear flags *)

RFLAGS.PF,AF,OF,SF ← 0;

Flags Affected

ZF is set if ETRACKC fails due to concurrent operations with another SGX instructions or target page is an invalid EPC page or tracking is not completed on SECS page; otherwise cleared.

CF is set if target page is not of a type that requires tracking; otherwise cleared.

PF, AF, OF and SF are cleared.

Protected Mode Exceptions

#GP(0) If the memory operand violates access-control policies of DS segment.
If DS segment is unusable.
If the memory operand is not properly aligned.
#PF(error code) If the memory operand expected to be in EPC does not resolve to an EPC page.
If a page fault occurs in access memory operand.

64-Bit Mode Exceptions

#GP(0) If a memory address is in a non-canonical form.
If a memory operand is not properly aligned.
#PF(error code) If the memory operand expected to be in EPC does not resolve to an EPC page.
If a page fault occurs in access memory operand.