On 2/2/21 2:21 PM, Edgecombe, Rick P wrote: > On Tue, 2021-01-26 at 23:10 +1300, Kai Huang wrote: >> This series adds KVM SGX virtualization support. The first 15 patches >> starting >> with x86/sgx or x86/cpu.. are necessary changes to x86 and SGX >> core/driver to >> support KVM SGX virtualization, while the rest are patches to KVM >> subsystem. > > Do we need to restrict normal KVM host kernel access to EPC (i.e. via > __kvm_map_gfn() and friends)? As best I can tell the exact behavior of > this kind of access is undefined. The concern would be if any HW ever > treated it as an error, the guest could subject the host kernel to it. > Is it worth a check in those? Geez, you're right. It's not even a page fault we can recover from. SDM, Vol. 3D 37-1, 37.3 ACCESS-CONTROL REQUIREMENTS, says: "Non-enclave accesses to EPC memory result in undefined behavior"
