When we pass a pointer to a buffer as "user_check" in the EDL file, does it mean that the actual data which is pointed by that pointer will stay in the non-EPC part? Does It mean that when the enclave accesses that buffer, nor integrity verification, neither confidentiality is supported for that particular buffer?
You are correct. If you pass a pointer to a buffer to an enclave using user_check, the contents of that buffer are not copied into the trusted memory. The application developer must explicitly do all the pointer checking and data copying inside the enclave. With user_check, the actual, raw address of the memory location is passed.
Here is a great description of how and when to use user_check: https://software.intel.com/en-us/articles/intel-software-guard-extensions-tutorial-part-7-refining-the-enclave