Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3552253imu; Fri, 30 Nov 2018 02:09:33 -0800 (PST) X-Google-Smtp-Source: AFSGD/WkZJexv6NSGLziuTavOZz6wSLv0/5x2BAtI1n/2nqUa8ezjl+6F5HLDcO/HZn7q1yJ+xaF X-Received: by 2002:a17:902:e290:: with SMTP id cf16mr5215388plb.81.1543572573499; Fri, 30 Nov 2018 02:09:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543572573; cv=none; d=google.com; s=arc-20160816; b=n0imIPvwisaDnZR302AggziOgl70+FBeqmXoDIG8GOgSLVU63TiK3j7GKomZh/rvXn MZiy9N8l5vul3NZgx5Gj5FB+RXsrrhnSWCkVyiUh/QV7O5dNhyCAsgkD93bi6sTVqVVM bpjuiNzuSuM45+/Gl0/ox6aqKomFt+9gJMOr8IqlBqT5Z89Y4x4G4ZnsFO5/nmTrkkq+ HU1GV9S6B6Q9OfEJ5AoPcbJ2YCu/nzYzyOatb7EHdwsXnvVczmkXr7Qm3bQ1EtLBsIXN RkO/1BI/o3ldR2R/2BTIXFe8MvDA14e3Ecnc9hSf5GrltNlkoJkrqp4GfZL8cRCYzpwZ 5NFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject; bh=ZMbFPJ7ghlRUl4Jm8z2JvA4E5dOg248mgQVp1+j4BRo=; b=kz7rvJpt9GwldRVLlpRW25qrn7NkVEoDsW3Hr9nDOjiLVGLPNJjFOJ5XHC0XUmQsPQ ZEv7E0omnTl9Y8X55kZg1g7xvZ7PQ1itw2fhvc8NLoeSvKNWSjAgYNQebvIW6EY5k47H sWsxV33lmu7Fsz7Ijy3NkmphPkAooS2/vJiB1EdwdHtTxbDmsgaIhAHteiyI12dCuF6M gXZ7x0XcZCCqjVjqysp8x/3f8kQ5uPP7PjMg1a6IxZacWKVxi+GS2v1Yunaay8tJl7ZF 88yJ6cZRpL1HK6JtSZubY6E5JlhFLUPi/jsgku7BtWO2vv59g6Aar5PQucXAFmYhoKmX KMDw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bj7-v6si4739521plb.193.2018.11.30.02.09.18; Fri, 30 Nov 2018 02:09:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726736AbeK3VQP (ORCPT + 99 others); Fri, 30 Nov 2018 16:16:15 -0500 Received: from mx1.redhat.com ([209.132.183.28]:41688 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726521AbeK3VQP (ORCPT ); Fri, 30 Nov 2018 16:16:15 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8051530820EA; Fri, 30 Nov 2018 10:07:28 +0000 (UTC) Received: from [10.36.112.24] (ovpn-112-24.ams2.redhat.com [10.36.112.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 515B3604CF; Fri, 30 Nov 2018 10:07:23 +0000 (UTC) Subject: Re: [RFC PATCH V2 00/11] Intel EPT-Based Sub-page Protection Support To: Zhang Yi , mdontu@bitdefender.com, ncitu@bitdefender.com Cc: rkrcmar@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org References: From: Paolo Bonzini Openpgp: preference=signencrypt Autocrypt: addr=pbonzini@redhat.com; prefer-encrypt=mutual; keydata= xsEhBFRCcBIBDqDGsz4K0zZun3jh+U6Z9wNGLKQ0kSFyjN38gMqU1SfP+TUNQepFHb/Gc0E2 CxXPkIBTvYY+ZPkoTh5xF9oS1jqI8iRLzouzF8yXs3QjQIZ2SfuCxSVwlV65jotcjD2FTN04 hVopm9llFijNZpVIOGUTqzM4U55sdsCcZUluWM6x4HSOdw5F5Utxfp1wOjD/v92Lrax0hjiX DResHSt48q+8FrZzY+AUbkUS+Jm34qjswdrgsC5uxeVcLkBgWLmov2kMaMROT0YmFY6A3m1S P/kXmHDXxhe23gKb3dgwxUTpENDBGcfEzrzilWueOeUWiOcWuFOed/C3SyijBx3Av/lbCsHU Vx6pMycNTdzU1BuAroB+Y3mNEuW56Yd44jlInzG2UOwt9XjjdKkJZ1g0P9dwptwLEgTEd3Fo UdhAQyRXGYO8oROiuh+RZ1lXp6AQ4ZjoyH8WLfTLf5g1EKCTc4C1sy1vQSdzIRu3rBIjAvnC tGZADei1IExLqB3uzXKzZ1BZ+Z8hnt2og9hb7H0y8diYfEk2w3R7wEr+Ehk5NQsT2MPI2QBd wEv1/Aj1DgUHZAHzG1QN9S8wNWQ6K9DqHZTBnI1hUlkp22zCSHK/6FwUCuYp1zcAEQEAAc0f UGFvbG8gQm9uemluaSA8Ym9uemluaUBnbnUub3JnPsLBTQQTAQIAIwUCVEJ7AwIbAwcLCQgH AwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEH4VEAzNNmmxNcwOniaZVLsuy1lW/ntYCA0Caz0i sHpmecK8aWlvL9wpQCk4GlOX9L1emyYXZPmzIYB0IRqmSzAlZxi+A2qm9XOxs5gJ2xqMEXX5 FMtUH3kpkWWJeLqe7z0EoQdUI4EG988uv/tdZyqjUn2XJE+K01x7r3MkUSFz/HZKZiCvYuze VlS0NTYdUt5jBXualvAwNKfxEkrxeHjxgdFHjYWhjflahY7TNRmuqPM/Lx7wAuyoDjlYNE40 Z+Kun4/KjMbjgpcF4Nf3PJQR8qXI6p3so2qsSn91tY7DFSJO6v2HwFJkC2jU95wxfNmTEUZc znXahYbVOwCDJRuPrE5GKFd/XJU9u5hNtr/uYipHij01WXal2cce1S5mn1/HuM1yo1u8xdHy IupCd57EWI948e8BlhpujUCU2tzOb2iYS0kpmJ9/oLVZrOcSZCcCl2P0AaCAsj59z2kwQS9D du0WxUs8waso0Qq6tDEHo8yLCOJDzSz4oojTtWe4zsulVnWV+wu70AioemAT8S6JOtlu60C5 dHgQUD1Tp+ReXpDKXmjbASJx4otvW0qah3o6JaqO79tbDqIvncu3tewwp6c85uZd48JnIOh3 utBAu684nJakbbvZUGikJfxd887ATQRUQnHuAQgAx4dxXO6/Zun0eVYOnr5GRl76+2UrAAem Vv9Yfn2PbDIbxXqLff7oyVJIkw4WdhQIIvvtu5zH24iYjmdfbg8iWpP7NqxUQRUZJEWbx2CR wkMHtOmzQiQ2tSLjKh/cHeyFH68xjeLcinR7jXMrHQK+UCEw6jqi1oeZzGvfmxarUmS0uRuf fAb589AJW50kkQK9VD/9QC2FJISSUDnRC0PawGSZDXhmvITJMdD4TjYrePYhSY4uuIV02v02 8TVAaYbIhxvDY0hUQE4r8ZbGRLn52bEzaIPgl1p/adKfeOUeMReg/CkyzQpmyB1TSk8lDMxQ zCYHXAzwnGi8WU9iuE1P0wARAQABwsEzBBgBAgAJBQJUQnHuAhsMAAoJEH4VEAzNNmmxp1EO oJy0uZggJm7gZKeJ7iUpeX4eqUtqelUw6gU2daz2hE/jsxsTbC/w5piHmk1H1VWDKEM4bQBT uiJ0bfo55SWsUNN+c9hhIX+Y8LEe22izK3w7mRpvGcg+/ZRG4DEMHLP6JVsv5GMpoYwYOmHn plOzCXHvmdlW0i6SrMsBDl9rw4AtIa6bRwWLim1lQ6EM3PWifPrWSUPrPcw4OLSwFk0CPqC4 HYv/7ZnASVkR5EERFF3+6iaaVi5OgBd81F1TCvCX2BEyIDRZLJNvX3TOd5FEN+lIrl26xecz 876SvcOb5SL5SKg9/rCBufdPSjojkGFWGziHiFaYhbuI2E+NfWLJtd+ZvWAAV+O0d8vFFSvr iy9enJ8kxJwhC0ECbSKFY+W1eTIhMD3aeAKY90drozWEyHhENf4l/V+Ja5vOnW+gCDQkGt2Y 1lJAPPSIqZKvHzGShdh8DduC0U3xYkfbGAUvbxeepjgzp0uEnBXfPTy09JGpgWbg0w91GyfT /ujKaGd4vxG2Ei+MMNDmS1SMx7wu0evvQ5kT9NPzyq8R2GIhVSiAd2jioGuTjX6AZCFv3ToO 53DliFMkVTecLptsXaesuUHgL9dKIfvpm+rNXRn9wAwGjk0X/A== Message-ID: <1c7e9821-df4b-9b1c-76aa-d1c4c654c952@redhat.com> Date: Fri, 30 Nov 2018 11:07:14 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Fri, 30 Nov 2018 10:07:28 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 30/11/18 08:52, Zhang Yi wrote: > Here is a patch-series which adding EPT-Based Sub-page Write Protection Support. > > Introduction: > > EPT-Based Sub-page Write Protection referred to as SPP, it is a capability which > allow Virtual Machine Monitors(VMM) to specify write-permission for guest > physical memory at a sub-page(128 byte) granularity. When this capability is > utilized, the CPU enforces write-access permissions for sub-page regions of 4K > pages as specified by the VMM. EPT-based sub-page permissions is intended to > enable fine-grained memory write enforcement by a VMM for security(guest OS > monitoring) and usages such as device virtualization and memory check-point. > > SPPT is active when the "sub-page write protection" VM-execution control is 1. > SPPT looks up the guest physical addresses to derive a 64 bit "sub-page > permission" value containing sub-page write permissions. The lookup from > guest-physical addresses to the sub-page region permissions is determined by a > set of SPPT paging structures. > > When the "sub-page write protection" VM-execution control is 1, the SPPT is used > to lookup write permission bits for the 128 byte sub-page regions containing in > the 4KB guest physical page. EPT specifies the 4KB page level privileges that > software is allowed when accessing the guest physical address, whereas SPPT > defines the write permissions for software at the 128 byte granularity regions > within a 4KB page. Write accesses prevented due to sub-page permissions looked > up via SPPT are reported as EPT violation VM exits. Similar to EPT, a logical > processor uses SPPT to lookup sub-page region write permissions for > guest-physical addresses only when those addresses are used to access memory. Hi, I think the right thing to do here would be to first get VM introspection in KVM, as SPP is mostly an introspection feature and it should be controller by the introspector rather than the KVM userspace. Mihai, if you resubmit, I promise that I will look at it promptly. Paolo