Received: by 10.223.164.221 with SMTP id h29csp2804675wrb; Wed, 18 Oct 2017 07:14:32 -0700 (PDT) X-Google-Smtp-Source: AOwi7QCGE5LnzGdsiaRokr4AUCbIR9JyalPPp9J4uDnz+yYgQvsAzyHqlUO+Tt5R3rrRJpgiUcLh X-Received: by 10.98.215.66 with SMTP id v2mr14989968pfl.24.1508336072659; Wed, 18 Oct 2017 07:14:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508336072; cv=none; d=google.com; s=arc-20160816; b=ZLaf7vOmg5uFUnsOi4ECTItEZhcaFCYRAaWTutSAOReYnOGXGoAVWaVvIAN8py3tFQ rhZXMvU7XNcRbNMl+Ptw8Xld/zUTKOiL8NxWmZUG2xCSd4UkiAnY2wuA0aBhy2yK7WKC yS2B9L+O1RCED/+8hyoO+vb9NHQe740as7ex55R1NsKGRbn6e03pcn6Tanuq4p5J+E30 Ze2QxIt4Zn4SDuUHffGw1/pPeKgFMm21cvQO0m97A+LRLyihd2cxYsrHxLfE2pgNmU1Q h24NUCe9b++EVM2an2JVGc3HYj2zq14aD5WFf6/Ty0BNv3izxPJB6NOErdrSyBnOPpE8 iomQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:date:to:from:subject:message-id :arc-authentication-results; bh=Hd+PcXIF9l0JtLQ2UZQPQPGOJAJC/0AykNl7hY4jPKY=; b=benYlvQei1JrR3Es8inzEE0gyc8eoQEtAEyHCRgc0wRmRJ0cvqga/6536aQYlO0r3i bO+NR5wGFsHWr7JBIEVBpLNDyosA/SWOodou0w0cfSsiRTJe1kUgyuO2HjREMqvhCJ4t INVzvKxxSVmo+eZEH9tsE8jyBs+YwE/sPCsdH3tqrL8xcWnHtKoW8ikKL4wy+wzhjzFv a4hAisKVKoqb+8CLxvTG578mQbocDaQxzsJ6It81nEC5+ZXkYdATq751eiWGnkShdw/n VXTr/z2/+Q662lXm7yS1FiHGU0VwYVI/QvoBONy+m/KGO4TLOOi8r6PmDb9vfuE/mOpW 8aMw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h19si7055110pgn.674.2017.10.18.07.14.18; Wed, 18 Oct 2017 07:14:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751966AbdJRONY (ORCPT + 99 others); Wed, 18 Oct 2017 10:13:24 -0400 Received: from mx01.bbu.dsd.mx.bitdefender.com ([91.199.104.161]:37156 "EHLO mx01.bbu.dsd.mx.bitdefender.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751184AbdJRONV (ORCPT ); Wed, 18 Oct 2017 10:13:21 -0400 Received: (qmail 12827 invoked from network); 18 Oct 2017 17:13:19 +0300 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.bbu.dsd.mx.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 18 Oct 2017 17:13:19 +0300 Received: from smtp03.buh.bitdefender.org (smtp.bitdefender.biz [10.17.80.77]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id 436267FC3E for ; Wed, 18 Oct 2017 17:13:19 +0300 (EEST) Received: (qmail 1585 invoked from network); 18 Oct 2017 17:13:19 +0300 Received: from reverse-unset.bbu.hq.bitdefender.net (HELO ?10.10.14.115?) (mdontu@bitdefender.com@91.199.104.6) by smtp03.buh.bitdefender.org with SMTP; 18 Oct 2017 17:13:18 +0300 Message-ID: <1508335998.3230.118.camel@bitdefender.com> Subject: Re: [PATCH RFC 00/10] Intel EPT-Based Sub-page Write Protection Support. From: Mihai =?UTF-8?Q?Don=C8=9Bu?= To: Paolo Bonzini , Jim Mattson , kvm list , LKML , Radim =?UTF-8?Q?Kr=C4=8Dm=C3=A1=C5=99?= , Alex Williamson Date: Wed, 18 Oct 2017 17:13:18 +0300 In-Reply-To: <96efaece-306c-cde3-06d6-553505612136@redhat.com> References: <250725286.12444082.1507929205754.JavaMail.zimbra@redhat.com> <20171016000841.GB66870@dazhang1-ssd.sh.intel.com> <96efaece-306c-cde3-06d6-553505612136@redhat.com> Organization: Bitdefender Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.5 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.6 on smtp03.buh.bitdefender.org, sigver: 7.73500 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.8.1074, Dats: 464156, Stamp: 3], Multi: [Enabled, t: (0.000010,0.012741)], BW: [Enabled, t: (0.000011)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.004645), Flags: 85D2ED72; NN_LEGIT_VALID_REPLY; NN_LEGIT_SUMM_400_WORDS; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS], SGN: [Enabled, t: (0.014822,0.000145)], URL: [Enabled, t: (0.000005)], RTDA: [Enabled, t: (0.291312), Hit: No, Details: v2.6.13; Id: 15.5f480u.1bsklslan.1bc3b], total: 0(775) X-BitDefender-CF-Stamp: none Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2017-10-18 at 11:35 +0200, Paolo Bonzini wrote: > On 16/10/2017 02:08, Yi Zhang wrote: > > > And the introspection facility by Mihai uses a completely > > > different API for the introspector, based on sockets rather than ioctls. > > > So I'm not sure this is the right API at all. > > > > Currently, We only block the write access, As far as I know an example, > > we now using it in a security daemon: > > Understood. However, I think QEMU is the wrong place to set this up. > > If the kernel wants to protect _itself_, it should use a hypercall. If > an introspector appliance wants to protect the guest kernel, it should > use the socket that connects it to the hypervisor. We have been looking at using SPP for VMI for quite some time. If a guest kernel will be able to control it (can it do so with EPT?) then it would be useful a simple switch that disables this ability, as an introspector wouldn't want the guest is trying to protect to interfere with it. Also, if Intel doesn't have a specific use case for it that requires separate access to SPP control, then maybe we can fold it into the VMI API we are working on? Thanks, > > Consider It has a server which launching in the host user-space, and a > > client launching in the guest kernel. Yes, they are communicate with > > sockets. The guest kernel wanna protect a special area to prevent all > > the process including the kernel itself modify this area. the client > > could send the guest physical address via the security socket to server > > side, and server would update these protection into KVM. Thus, all the > > write access in a guest specific area will be blocked. > > > > Now the implementation only on the second half(maybe third ^_^) of this > > example: 'How kvm set the write-protect into a specific GFN?' > > > > Maybe a user space tools which use ioctl let kvm mmu update the > > write-protection is a better choice. -- Mihai Donțu From 1581604553136225461@xxx Wed Oct 18 14:07:21 +0000 2017 X-GM-THRID: 1581152810958355510 X-Gmail-Labels: Inbox,Category Forums