If it's just CPUID, one possibility could be to mark the EPC sections
specially in KVM_SET_USER_MEMORY_REGION and synthesize the leaves within
KVM; or even look inside the VMA structs and detect EPC regions that way.
I experimented with those options, and a few others, and they all lack the
flexibility of making EPC just another memory backend.
For synthesizing CPUID within KVM:
- Requires a vendor specific memory region flag for all architectures to work
around a quirk of one userspace VMM.
- Pushes a lot of complexity into KVM, e.g. KVM needs to update CPUID in
response to memslot changes, and needs to query memslots in response to
CPUID changes.
- Does KVM or userspace define the section attributes, e.g. confidentiality,
integrity, etc...? If KVM, are they hardcoded to match the host? What
happens if a future Intel platform supports multiple EPC sections with
different attributes? If userspace, how does userspace communicate the
attributes?
- How does userspace know what KVM enumerated to the guest? See the whole
KVM_GET_CPUID2 fiasco...
- Prevents userspace from enumerating EPC without a memslot, e.g. to trap on
the first EPC access for tracking purposes.
For probing VMAs:
- In addition to the above issues, requires MMU notifier integration to
update
CPUID in response to a VMA change.
- Requires SGX subsystem to provide a helper to identify EPC VMAs.
In short, I feel very strongly that this is QEMU's problem to solve.