On 9/19/22 23:39, Zhiquan Li wrote: > Today, if a guest accesses an SGX EPC page with memory failure, > the kernel behavior will kill the entire guest. This blast > radius is too large. It would be idea to kill only the SGX ideal ^ > application inside the guest. > > To fix this, send a SIGBUS to host userspace (like QEMU) which can > follow up by injecting a #MC to the guest. This doesn't make any sense to me. It's *ALREADY* sending a SIGBUS. So, whatever is making this better, it's not "send a SIGBUS" that's doing it. What does this patch actually do to reduce the blast radius? > SGX virtual EPC driver doesn't explicitly prevent virtual EPC instance > being shared by multiple VMs via fork(). However KVM doesn't support > running a VM across multiple mm structures, and the de facto userspace > hypervisor (Qemu) doesn't use fork() to create a new VM, so in practice > this should not happen. This is out of the blue. Why is this here? What happens if a hypervisor *DOES* fork()? What's the fallout?
