On Tue, 2021-01-26 at 23:10 +1300, Kai Huang wrote: > This series adds KVM SGX virtualization support. The first 15 patches > starting > with x86/sgx or x86/cpu.. are necessary changes to x86 and SGX > core/driver to > support KVM SGX virtualization, while the rest are patches to KVM > subsystem. Do we need to restrict normal KVM host kernel access to EPC (i.e. via __kvm_map_gfn() and friends)? As best I can tell the exact behavior of this kind of access is undefined. The concern would be if any HW ever treated it as an error, the guest could subject the host kernel to it. Is it worth a check in those?
