EBLOCK — Mark a page in EPC as Blocked

Opcode/Instruction Op/En 64/32 bit Mode Support CPUID Feature Flag Description
EAX = 09H ENCLS[EBLOCK] IR V/V SGX1 This leaf function marks a page in the EPC as blocked.

Instruction Operand Encoding

Op/En EAX RCX
IR EBLOCK (In) Return error code (Out) Effective address of the EPC page (In)

Description

This leaf function causes an EPC page to be marked as BLOCKED. This instruction can only be executed when current privilege level is 0.

The content of RCX is an effective address of an EPC page. The DS segment is used to create linear address. Segment override is not supported.

An error code is returned in RAX.

The table below provides additional information on the memory parameter of EBLOCK leaf function.

EBLOCK Memory Parameter Semantics

EPCPAGE
Read/Write access permitted by Enclave

The error codes are:

Error Code (see Table 38-4) Description
No Error EBLOCK successful.
SGX_BLKSTATE Page already blocked. This value is used to indicate to a VMM that the page was already in BLOCKED state as a result of EBLOCK and thus will need to be restored to this state when it is eventually reloaded (using ELDB).
SGX_ENTRYEPOCH_LOCKED SECS locked for Entry Epoch update. This value indicates that an ETRACK is currently executing on the SECS. The EBLOCK should be reattempted.
SGX_NOTBLOCKABLE Page type is not one which can be blocked.
SGX_PG_INVLD Page is not valid and cannot be blocked.
SGX_EPC_PAGE_CONFLICT Page is being written by EADD, EAUG, ECREATE, ELDU/B, EMODT, or EWB.
Table 38-12. EBLOCK Return Value in RAX

Concurrency Restrictions

Leaf Parameter Base Concurrency Restrictions
Access On Conflict SGX_CONFLICT VM Exit Qualification
EBLOCK Target [DS:RCX] Shared SGX_EPC_PAGE_ CONFLICT
Table 38-13. Base Concurrency Restrictions of EBLOCK
Leaf Parameter Additional Concurrency Restrictions
vs. EACCEPT, EACCEPTCOPY, vs. EADD, EEXTEND, EINIT vs. ETRACK, ETRACKC Access vs. ETRACK, ETRACKC Access On Conflict Access vs. ETRACK, ETRACKC Access On Conflict EMODPE, EMODPR, EMODT vs. EADD, EEXTEND, EINIT vs. EADD, EEXTEND, EINIT vs. ETRACK, ETRACKC vs. ETRACK, ETRACKC
Access On Conflict Access On Conflict Access Access On Conflict Access On Conflict
EBLOCK Target [DS:RCX] Concurrent Concurrent Concurrent
Table 38-14. Additional Concurrency Restrictions of EBLOCK

Operation

Temp Variables in EBLOCK Operational Flow

Name Type Size (Bits) Description
TMP_BLKSTATE Integer 64 Page is already blocked.

IF (DS:RCX is not 4KByte Aligned)

THEN #GP(0); FI;

IF (DS:RCX does not resolve within an EPC)

THEN #PF(DS:RCX); FI;

RFLAGS.ZF,CF,PF,AF,OF,SF := 0;

RAX := 0;

(* Check the EPC page for concurrency*)

IF (EPC page in use)

THEN

RFLAGS.ZF := 1;

RAX := SGX_EPC_PAGE_CONFLICT;

GOTO DONE;

FI;

IF (EPCM(DS:RCX). VALID = 0)

THEN

RFLAGS.ZF := 1;

RAX := SGX_PG_INVLD;

GOTO DONE;

FI;

IF ( (EPCM(DS:RCX).PT ≠ PT_REG) and (EPCM(DS:RCX).PT ≠ PT_TCS) and (EPCM(DS:RCX).PT ≠ PT_TRIM)

and EPCM(DS:RCX).PT ≠ PT_SS_FIRST) and (EPCM(DS:RCX).PT ≠ PT_SS_REST))

THEN

RFLAGS.CF := 1;

IF (EPCM(DS:RCX).PT = PT_SECS)

THEN RAX := SGX_PG_IS_SECS;

ELSE RAX := SGX_NOTBLOCKABLE;

FI;

GOTO DONE;

FI;

(* Check if the page is already blocked and report blocked state *)

TMP_BLKSTATE := EPCM(DS:RCX).BLOCKED;

(* at this point, the page must be valid and PT_TCS or PT_REG or PT_TRIM*)

IF (TMP_BLKSTATE = 1)

THEN

RFLAGS.CF := 1;

RAX := SGX_BLKSTATE;

ELSE

EPCM(DS:RCX).BLOCKED := 1

FI;

DONE:

Flags Affected

Sets ZF if SECS is in use or invalid, otherwise cleared. Sets CF if page is BLOCKED or not blockable, otherwise cleared. Clears PF, AF, OF, SF.

Protected Mode Exceptions

#GP(0) If a memory operand effective address is outside the DS segment limit.
If a memory operand is not properly aligned.
If the specified EPC resource is in use.
#PF(error code) If a page fault occurs in accessing memory operands.
If a memory operand is not an EPC page.

64-Bit Mode Exceptions

#GP(0) If a memory operand is non-canonical form.
If a memory operand is not properly aligned.
If the specified EPC resource is in use.
#PF(error code) If a page fault occurs in accessing memory operands.
If a memory operand is not an EPC page.