> > > > Oooh, right. It's not that FP+SSE are always allowed, it's that FP+SSE must always > > be _set_. So this? > > > > xfrm & ~(vcpu->arch.guest_supported_xcr0 | XFEATURE_MASK_FPSSE) || > > (xfrm & XFEATURE_MASK_FPSSE) != XFEATURE_MASK_FPSSE > > Looks good. > > I'll try to get some test done with this code change. > Tested this series with your above code change by running simple SGX app in the guest. For this particular case, tested with ECREATE with xfrm = 0x1 in the guest, and guest can receive #GP. So for the entire series: Reviewed-by: Kai Huang <kai.huang@xxxxxxxxx> Tested-by: Kai Huang <kai.huang@xxxxxxxxx> >
