Received: by 10.223.164.221 with SMTP id h29csp4842229wrb;
        Fri, 20 Oct 2017 01:48:42 -0700 (PDT)
X-Google-Smtp-Source: ABhQp+QJCi7fsYKJ0X1fhOFhxeDoeTKnJlr6ko+HJ6gH6aC9vXhxO0d5Vx4rwU/iHNyMO9fqLfKB
X-Received: by 10.98.247.26 with SMTP id h26mr4245837pfi.233.1508489322305;
        Fri, 20 Oct 2017 01:48:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1508489322; cv=none;
        d=google.com; s=arc-20160816;
        b=soxUdm4zPRk2jrQSLqkmIZ4T/FmQ1LpdzjuohEEjC0l9dqVZ6y4LdOuXZEzK4dBRb7
         Xut1DIfm+palEqSqjhi3VYxMlf0lD0FM2IcjG/Ca54//B7782Z81S38Bu3+69mIl5E9z
         nM2gJsaEfeMunW/ovz1h4CGtCNjmkTnrURHSgwFbycLjdMUxns45GJzjdhY3wRUqfmCG
         NqsR0+h9AbZ/yD4oKLjslZafpOk99+X71SShddEvbbzxheeHb9OmNQrEdRnPA3omDSvq
         jzAYuzwPLQFir9DyLaZD/hPar3nO8OcUcoBmhaml2GPieL2jfzwaY16NsTB2/pLYxOpp
         aXNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-transfer-encoding:content-disposition:mime-version
         :references:mail-followup-to:message-id:subject:cc:to:from:date
         :arc-authentication-results;
        bh=gyIqeNBbF9+ZPxc+/TldB1kDQMR/gMR7IZ9mtNMg468=;
        b=xl2utV1ToMVD9xcuF/6ukFIF5vTSCmqqKIMJPqUQr4GBxe36s8aOdmovKRVcrI1aVO
         ai93oQWBMRn2ElAEPz1xOKQkLQezWXl3O3H4VSo1rk+WlOak4a0InzrDGMAYy2LZ6FY0
         pTb4NcghkMw60PQKyir3Xb156ApARyDU9Oma1/SPMxES7Z7yFNfp4iDvZVwkbQxn0MbW
         GyG4zksKjrQtr+S58Nl0sO/++59DRPQ1Q/SPIwr3Y1jUoJPYOsj5B6LRkh6oyw1B5iZq
         nmk8wPYC1Fl40kuSiV1suyCKBoV6eZIPvEEfglQOju99P+BKozCbqRkKzoP4TLAo8YmX
         FrVg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 60si355613pld.720.2017.10.20.01.48.27;
        Fri, 20 Oct 2017 01:48:42 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752602AbdJTIqn (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Fri, 20 Oct 2017 04:46:43 -0400
Received: from mga02.intel.com ([134.134.136.20]:22223 "EHLO mga02.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752237AbdJTIql (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 20 Oct 2017 04:46:41 -0400
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Oct 2017 01:46:39 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.43,405,1503385200"; 
   d="scan'208";a="911851134"
Received: from linux.intel.com ([10.54.29.200])
  by FMSMGA003.fm.intel.com with ESMTP; 20 Oct 2017 01:46:39 -0700
Received: from dazhang1-ssd.sh.intel.com (unknown [10.239.48.55])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by linux.intel.com (Postfix) with ESMTPS id E226B5802F3;
        Fri, 20 Oct 2017 01:46:37 -0700 (PDT)
Date:   Fri, 20 Oct 2017 16:47:15 +0800
From:   Yi Zhang <yi.z.zhang@linux.intel.com>
To:     Mihai =?utf-8?B?RG9uyJt1?= <mdontu@bitdefender.com>
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        Jim Mattson <jmattson@google.com>,
        kvm list <kvm@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Alex Williamson <alex.williamson@redhat.com>
Subject: Re: [PATCH RFC 00/10] Intel EPT-Based Sub-page Write Protection
 Support.
Message-ID: <20171020084715.GG88002@dazhang1-ssd.sh.intel.com>
Mail-Followup-To: Mihai =?utf-8?B?RG9uyJt1?= <mdontu@bitdefender.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Jim Mattson <jmattson@google.com>, kvm list <kvm@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Radim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Alex Williamson <alex.williamson@redhat.com>
References: <cover.1506559196.git.yi.z.zhang@linux.intel.com>
 <CALMp9eRroi5m_t8oVfiJWBLUWchF2pUt8Lenh_JEsAdiR5fWcA@mail.gmail.com>
 <250725286.12444082.1507929205754.JavaMail.zimbra@redhat.com>
 <20171016000841.GB66870@dazhang1-ssd.sh.intel.com>
 <96efaece-306c-cde3-06d6-553505612136@redhat.com>
 <1508335998.3230.118.camel@bitdefender.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1508335998.3230.118.camel@bitdefender.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2017-10-18 at 17:13:18 +0300, Mihai Donțu wrote:
> On Wed, 2017-10-18 at 11:35 +0200, Paolo Bonzini wrote:
> > On 16/10/2017 02:08, Yi Zhang wrote:
> > > > And the introspection facility by Mihai uses a completely
> > > > different API for the introspector, based on sockets rather than ioctls.
> > > > So I'm not sure this is the right API at all.
> > > 
> > > Currently,  We only block the write access, As far as I know an example,
> > > we now using it in a security daemon:
> > 
> > Understood.  However, I think QEMU is the wrong place to set this up.
> > 
> > If the kernel wants to protect _itself_, it should use a hypercall.  If
> > an introspector appliance wants to protect the guest kernel, it should
> > use the socket that connects it to the hypervisor.
> 
> We have been looking at using SPP for VMI for quite some time. If a
> guest kernel will be able to control it (can it do so with EPT?) then
> it would be useful a simple switch that disables this ability, as an
> introspector wouldn't want the guest is trying to protect to interfere
> with it.

Could you mind to provide more information and history about your
investigation?

> 
> Also, if Intel doesn't have a specific use case for it that requires
> separate access to SPP control, then maybe we can fold it into the VMI 
> API we are working on?

That's totally Excellent as we really don't have a specific user case at
this time.
BTW, I have already submit the SPP implementation draft in Xen side.
when you got some time, you can take a look at if that match your
requirement.

> 
> Thanks,
> 
> > > Consider It has a server which launching in the host user-space, and a
> > > client launching in the guest kernel. Yes, they are communicate with
> > > sockets. The guest kernel wanna protect a special area to prevent all
> > > the process including the kernel itself modify this area. the client
> > > could send the guest physical address via the security socket to server
> > > side, and server would update these protection into KVM. Thus, all the
> > > write access in a guest specific area will be blocked.
> > > 
> > > Now the implementation only on the second half(maybe third ^_^) of this
> > > example: 'How kvm set the write-protect into a specific GFN?'
> > > 
> > > Maybe a user space tools which use ioctl let kvm mmu update the
> > > write-protection is a better choice.
> 
> -- 
> Mihai Donțu
> 

From 1581687027491325406@xxx Thu Oct 19 11:58:14 +0000 2017
X-GM-THRID: 1581152810958355510
X-Gmail-Labels: Inbox,Category Forums