Received: by 10.223.164.221 with SMTP id h29csp2804675wrb;
        Wed, 18 Oct 2017 07:14:32 -0700 (PDT)
X-Google-Smtp-Source: AOwi7QCGE5LnzGdsiaRokr4AUCbIR9JyalPPp9J4uDnz+yYgQvsAzyHqlUO+Tt5R3rrRJpgiUcLh
X-Received: by 10.98.215.66 with SMTP id v2mr14989968pfl.24.1508336072659;
        Wed, 18 Oct 2017 07:14:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1508336072; cv=none;
        d=google.com; s=arc-20160816;
        b=ZLaf7vOmg5uFUnsOi4ECTItEZhcaFCYRAaWTutSAOReYnOGXGoAVWaVvIAN8py3tFQ
         rhZXMvU7XNcRbNMl+Ptw8Xld/zUTKOiL8NxWmZUG2xCSd4UkiAnY2wuA0aBhy2yK7WKC
         yS2B9L+O1RCED/+8hyoO+vb9NHQe740as7ex55R1NsKGRbn6e03pcn6Tanuq4p5J+E30
         Ze2QxIt4Zn4SDuUHffGw1/pPeKgFMm21cvQO0m97A+LRLyihd2cxYsrHxLfE2pgNmU1Q
         h24NUCe9b++EVM2an2JVGc3HYj2zq14aD5WFf6/Ty0BNv3izxPJB6NOErdrSyBnOPpE8
         iomQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :organization:references:in-reply-to:date:to:from:subject:message-id
         :arc-authentication-results;
        bh=Hd+PcXIF9l0JtLQ2UZQPQPGOJAJC/0AykNl7hY4jPKY=;
        b=benYlvQei1JrR3Es8inzEE0gyc8eoQEtAEyHCRgc0wRmRJ0cvqga/6536aQYlO0r3i
         bO+NR5wGFsHWr7JBIEVBpLNDyosA/SWOodou0w0cfSsiRTJe1kUgyuO2HjREMqvhCJ4t
         INVzvKxxSVmo+eZEH9tsE8jyBs+YwE/sPCsdH3tqrL8xcWnHtKoW8ikKL4wy+wzhjzFv
         a4hAisKVKoqb+8CLxvTG578mQbocDaQxzsJ6It81nEC5+ZXkYdATq751eiWGnkShdw/n
         VXTr/z2/+Q662lXm7yS1FiHGU0VwYVI/QvoBONy+m/KGO4TLOOi8r6PmDb9vfuE/mOpW
         8aMw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h19si7055110pgn.674.2017.10.18.07.14.18;
        Wed, 18 Oct 2017 07:14:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751966AbdJRONY (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Wed, 18 Oct 2017 10:13:24 -0400
Received: from mx01.bbu.dsd.mx.bitdefender.com ([91.199.104.161]:37156 "EHLO
        mx01.bbu.dsd.mx.bitdefender.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1751184AbdJRONV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 18 Oct 2017 10:13:21 -0400
Received: (qmail 12827 invoked from network); 18 Oct 2017 17:13:19 +0300
Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103)
  by mx01.bbu.dsd.mx.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 18 Oct 2017 17:13:19 +0300
Received: from smtp03.buh.bitdefender.org (smtp.bitdefender.biz [10.17.80.77])
        by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id 436267FC3E
        for <linux-kernel@vger.kernel.org>; Wed, 18 Oct 2017 17:13:19 +0300 (EEST)
Received: (qmail 1585 invoked from network); 18 Oct 2017 17:13:19 +0300
Received: from reverse-unset.bbu.hq.bitdefender.net (HELO ?10.10.14.115?) (mdontu@bitdefender.com@91.199.104.6)
  by smtp03.buh.bitdefender.org with SMTP; 18 Oct 2017 17:13:18 +0300
Message-ID: <1508335998.3230.118.camel@bitdefender.com>
Subject: Re: [PATCH RFC 00/10] Intel EPT-Based Sub-page Write Protection
 Support.
From:   Mihai =?UTF-8?Q?Don=C8=9Bu?= <mdontu@bitdefender.com>
To:     Paolo Bonzini <pbonzini@redhat.com>,
        Jim Mattson <jmattson@google.com>,
        kvm list <kvm@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Radim =?UTF-8?Q?Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
        Alex Williamson <alex.williamson@redhat.com>
Date:   Wed, 18 Oct 2017 17:13:18 +0300
In-Reply-To: <96efaece-306c-cde3-06d6-553505612136@redhat.com>
References: <cover.1506559196.git.yi.z.zhang@linux.intel.com>
         <CALMp9eRroi5m_t8oVfiJWBLUWchF2pUt8Lenh_JEsAdiR5fWcA@mail.gmail.com>
         <250725286.12444082.1507929205754.JavaMail.zimbra@redhat.com>
         <20171016000841.GB66870@dazhang1-ssd.sh.intel.com>
         <96efaece-306c-cde3-06d6-553505612136@redhat.com>
Organization: Bitdefender
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.24.5 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.6 on
 smtp03.buh.bitdefender.org, sigver: 7.73500
X-BitDefender-Spam: No (0)
X-BitDefender-SpamStamp: Build: [Engines: 2.15.8.1074, Dats: 464156,
 Stamp: 3], Multi: [Enabled, t: (0.000010,0.012741)], BW: [Enabled, t:
 (0.000011)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t:
 (0.004645), Flags: 85D2ED72; NN_LEGIT_VALID_REPLY;
 NN_LEGIT_SUMM_400_WORDS; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER;
 NN_LEGIT_S_SQARE_BRACKETS], SGN: [Enabled, t: (0.014822,0.000145)],
 URL: [Enabled, t: (0.000005)], RTDA: [Enabled, t: (0.291312), Hit: No,
 Details: v2.6.13; Id: 15.5f480u.1bsklslan.1bc3b], total: 0(775)
X-BitDefender-CF-Stamp: none
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2017-10-18 at 11:35 +0200, Paolo Bonzini wrote:
> On 16/10/2017 02:08, Yi Zhang wrote:
> > > And the introspection facility by Mihai uses a completely
> > > different API for the introspector, based on sockets rather than ioctls.
> > > So I'm not sure this is the right API at all.
> > 
> > Currently,  We only block the write access, As far as I know an example,
> > we now using it in a security daemon:
> 
> Understood.  However, I think QEMU is the wrong place to set this up.
> 
> If the kernel wants to protect _itself_, it should use a hypercall.  If
> an introspector appliance wants to protect the guest kernel, it should
> use the socket that connects it to the hypervisor.

We have been looking at using SPP for VMI for quite some time. If a
guest kernel will be able to control it (can it do so with EPT?) then
it would be useful a simple switch that disables this ability, as an
introspector wouldn't want the guest is trying to protect to interfere
with it.

Also, if Intel doesn't have a specific use case for it that requires
separate access to SPP control, then maybe we can fold it into the VMI 
API we are working on?

Thanks,

> > Consider It has a server which launching in the host user-space, and a
> > client launching in the guest kernel. Yes, they are communicate with
> > sockets. The guest kernel wanna protect a special area to prevent all
> > the process including the kernel itself modify this area. the client
> > could send the guest physical address via the security socket to server
> > side, and server would update these protection into KVM. Thus, all the
> > write access in a guest specific area will be blocked.
> > 
> > Now the implementation only on the second half(maybe third ^_^) of this
> > example: 'How kvm set the write-protect into a specific GFN?'
> > 
> > Maybe a user space tools which use ioctl let kvm mmu update the
> > write-protection is a better choice.

-- 
Mihai Donțu


From 1581604553136225461@xxx Wed Oct 18 14:07:21 +0000 2017
X-GM-THRID: 1581152810958355510
X-Gmail-Labels: Inbox,Category Forums