From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751995AbdJRONY (ORCPT ); Wed, 18 Oct 2017 10:13:24 -0400 Received: from mx01.bbu.dsd.mx.bitdefender.com ([91.199.104.161]:37156 "EHLO mx01.bbu.dsd.mx.bitdefender.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751184AbdJRONV (ORCPT ); Wed, 18 Oct 2017 10:13:21 -0400 Message-ID: <1508335998.3230.118.camel@bitdefender.com> Subject: Re: [PATCH RFC 00/10] Intel EPT-Based Sub-page Write Protection Support. From: Mihai =?UTF-8?Q?Don=C8=9Bu?= To: Paolo Bonzini , Jim Mattson , kvm list , LKML , Radim =?UTF-8?Q?Kr=C4=8Dm=C3=A1=C5=99?= , Alex Williamson Date: Wed, 18 Oct 2017 17:13:18 +0300 In-Reply-To: <96efaece-306c-cde3-06d6-553505612136@redhat.com> References: <250725286.12444082.1507929205754.JavaMail.zimbra@redhat.com> <20171016000841.GB66870@dazhang1-ssd.sh.intel.com> <96efaece-306c-cde3-06d6-553505612136@redhat.com> Organization: Bitdefender Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.5 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.6 on smtp03.buh.bitdefender.org, sigver: 7.73500 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.8.1074, Dats: 464156, Stamp: 3], Multi: [Enabled, t: (0.000010,0.012741)], BW: [Enabled, t: (0.000011)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.004645), Flags: 85D2ED72; NN_LEGIT_VALID_REPLY; NN_LEGIT_SUMM_400_WORDS; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS], SGN: [Enabled, t: (0.014822,0.000145)], URL: [Enabled, t: (0.000005)], RTDA: [Enabled, t: (0.291312), Hit: No, Details: v2.6.13; Id: 15.5f480u.1bsklslan.1bc3b], total: 0(775) X-BitDefender-CF-Stamp: none Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2017-10-18 at 11:35 +0200, Paolo Bonzini wrote: > On 16/10/2017 02:08, Yi Zhang wrote: > > > And the introspection facility by Mihai uses a completely > > > different API for the introspector, based on sockets rather than ioctls. > > > So I'm not sure this is the right API at all. > > > > Currently, We only block the write access, As far as I know an example, > > we now using it in a security daemon: > > Understood. However, I think QEMU is the wrong place to set this up. > > If the kernel wants to protect _itself_, it should use a hypercall. If > an introspector appliance wants to protect the guest kernel, it should > use the socket that connects it to the hypervisor. We have been looking at using SPP for VMI for quite some time. If a guest kernel will be able to control it (can it do so with EPT?) then it would be useful a simple switch that disables this ability, as an introspector wouldn't want the guest is trying to protect to interfere with it. Also, if Intel doesn't have a specific use case for it that requires separate access to SPP control, then maybe we can fold it into the VMI API we are working on? Thanks, > > Consider It has a server which launching in the host user-space, and a > > client launching in the guest kernel. Yes, they are communicate with > > sockets. The guest kernel wanna protect a special area to prevent all > > the process including the kernel itself modify this area. the client > > could send the guest physical address via the security socket to server > > side, and server would update these protection into KVM. Thus, all the > > write access in a guest specific area will be blocked. > > > > Now the implementation only on the second half(maybe third ^_^) of this > > example: 'How kvm set the write-protect into a specific GFN?' > > > > Maybe a user space tools which use ioctl let kvm mmu update the > > write-protection is a better choice. -- Mihai Donțu