On 2/2/21 2:33 PM, Sean Christopherson wrote: >> Do we need to restrict normal KVM host kernel access to EPC (i.e. via >> __kvm_map_gfn() and friends)? As best I can tell the exact behavior of >> this kind of access is undefined. The concern would be if any HW ever >> treated it as an error, the guest could subject the host kernel to it. >> Is it worth a check in those? > I don't think so. The SDM does state that the exact behavior is uArch specific, > but it also explicitly states that the access will be altered, which IMO doesn't > leave any wiggle room for a future CPU to fault instead of using some form of > abort semantics. > > Attempts to execute, read, or write to linear addresses mapped to EPC pages > when not inside an enclave will result in the processor altering the access to > preserve the confidentiality and integrity of the enclave. The exact behavior > may be different between implementations. I seem to remember much stronger language in the SDM about this. I've always thought of SGX as a big unrecoverable machine-check party waiting to happen. I'll ask around internally at Intel and see what folks say. Basically, should we be afraid of a big bad EPC access?
