Re: [PATCH v25 07/21] x86/sgx: Enumerate and track EPC sections

[Sean Christopherson]

On Thu, Feb 06, 2020 at 05:35:19PM +0200, Jarkko Sakkinen wrote:
> On Wed, Feb 05, 2020 at 11:57:00AM -0800, Sean Christopherson wrote:
> >   3. Breaks on-demand paging when running in a VM, e.g. if the VMM chooses
> >      to allocate a physical EPC page when it's actually accessed by the
> >      VM.  I don't expect this to be a problem any time soon, as all VMMs
> >      will likely preallocate EPC pages until KVM (or any other hypervisor)
> >      gains EPC oversusbscription support, which may or may not ever happen.
> >      But, I'd prefer to simply not have the problem in the first place.
> 
> So wouldn't it be better to revisit this when the VM changes are added.

No, because the guest kernel (this code) and the host hypervisor (KVM code)
are separate assets.  Folks will pick up this code use it for guest kernels
and start deploying it, e.g. for cloud workloads.  At some point after KVM
support lands upstream (assuming we get there), CSPs et al will (in theory)
move to the upstream version of KVM instead of running out-of-tree patches.
But, the guest kernels will stay the same and continue to exhibit the
undesirable behavior.

KVM is also not the only hypervisor that supports SGX, e.g. HyperV already
supports exposing SGX to guests.