On Thu, 2023-04-06 at 08:54 +0000, Huang, Kai wrote:
> On Wed, 2023-04-05 at 16:45 -0700, Sean Christopherson wrote:
> > Inject a #GP when emulating/forwarding a valid ENCLS leaf if the vCPU has
> > paging disabled, e.g. if KVM is intercepting ECREATE to enforce additional
> > restrictions. The pseudocode in the SDM lists all #GP triggers, including
> > CR0.PG=0, as being checked after the ENLCS-exiting checks, i.e. the
> > VM-Exit will occur before the CPU performs the CR0.PG check.
> >
> > Fixes: 70210c044b4e ("KVM: VMX: Add SGX ENCLS[ECREATE] handler to enforce CPUID restrictions")
> > Cc: Binbin Wu <binbin.wu@xxxxxxxxxxxxxxx>
> > Cc: Kai Huang <kai.huang@xxxxxxxxx>
> > Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
>
> Reviewed-by: Kai Huang <kai.huang@xxxxxxxxx>
>
> >
Tested by running ENCLS in protected mode before enabling paging, and in my test
the #GP was injected to the guest.
Tested-by: Kai Huang <kai.huang@xxxxxxxxx>
