On 2/3/21 3:32 PM, Sean Christopherson wrote: >>>> Yeah, special casing KVM is almost always the wrong thing to do. >>>> Anything that KVM can do, other subsystems will do as well. >>> Agreed. Thwarting ioremap itself seems like the right way to go. >> This sounds irrelevant to KVM SGX, thus I won't include it to KVM SGX series. > I would say it's relevant, but a pre-existing bug. Same net effect on what's > needed for this series.. > > I say it's a pre-existing bug, because I'm pretty sure KVM can be coerced into > accessing the EPC by handing KVM a memslot that's backed by an enclave that was > created by host userspace (via /dev/sgx_enclave). Dang, you beat me to it. I was composing another email that said the exact same thing. I guess we need to take a closer look at the KVM fallout from this. It's a few spots where it KVM knew it might be consuming garbage. It just get extra weird stinky garbage now.
