On 22/03/21 21:43, Kai Huang wrote:
That was my recollection as well from previous threads but, to be fair
to Boris, the commit message is a lot more scary (and, which is what
triggers me, puts the blame on KVM). It just says "KVM does not track
how guest pages are used, which means that SGX virtualization use of
EREMOVE might fail".
I don't see the commit msg being scary. EREMOVE might fail but virtual EPC code
can handle that. This is the reason to break out EREMOVE from original
sgx_free_epc_page(), so virtual EPC code can have its own logic of handling
EREMOVE failure.
I should explain what I mean by scary.
What you wrote above, "EREMOVE might fail but virtual EPC code can
handle that" sounds fine. But it doesn't say the failure mode, so it's
hiding information.
What I would like to have, "EREMOVE might fail and will be leaked, but
virtual EPC code will not crash and in any case there are much worse
problems waiting to happen" is fine. (It's even better with an
explanation of the problems).
Your message however was in the middle: "EREMOVE might fail, virtual EPC
code will not crash but the page will be leaked". It gives the failure
mode but not how the problem arises, and it is this combination that
results in something scary-sounding.
Paolo