On 31/05/2023 22:24, Sean Christopherson wrote:
On Tue, May 30, 2023, Rick P Edgecombe wrote:
On Fri, 2023-05-26 at 17:22 +0200, Micka�l Sala�n wrote:
Can the guest kernel ask the host VMM's emulated devices to DMA into
the protected data? It should go through the host userspace mappings
On Tue, May 30, 2023, Rick P Edgecombe wrote:
> On Fri, 2023-05-26 at 17:22 +0200, Micka�l Sala�n wrote:
> > > > Can the guest kernel ask the host VMM's emulated devices to DMA into
> > > > the protected data? It should go through the host userspace mappings I
> > > > think, which don't care
On Fri, 2023-05-26 at 17:22 +0200, Mickaël Salaün wrote:
> > > Can the guest kernel ask the host VMM's emulated devices to DMA
> > > into
> > > the protected data? It should go through the host userspace
> > > mappings I
> > > think, which don't care about EPT permissions. Or did I miss
> > >
On 25/05/2023 20:34, Trilok Soni wrote:
On 5/25/2023 6:25 AM, Mickaël Salaün wrote:
On 24/05/2023 23:04, Trilok Soni wrote:
On 5/5/2023 8:20 AM, Mickaël Salaün wrote:
Hi,
This patch series is a proof-of-concept that implements new KVM features
(extended page tracking, MBEC support, CR
On 25/05/2023 17:52, Edgecombe, Rick P wrote:
On Thu, 2023-05-25 at 15:59 +0200, Mickaël Salaün wrote:
[ snip ]
The kernel often creates writable aliases in order to write to
protected data (kernel text, etc). Some of this is done right as
text
is being first written out (alternatives for
On 25/05/2023 15:59, Mickaël Salaün wrote:
On 25/05/2023 00:20, Edgecombe, Rick P wrote:
On Fri, 2023-05-05 at 17:20 +0200, Mickaël Salaün wrote:
# How does it work?
This implementation mainly leverages KVM capabilities to control the
Second
Layer Address Translation (or the Two
[Side topic]
Would folks be interested in a Linux Plumbers Conference MC on this
topic generally, across different hypervisors, VMMs, and architectures?
If so, please let me know who the key folk would be and we can try writing
up an MC proposal.
--
James Morris
On Thu, 2023-05-25 at 09:07 -0700, Sean Christopherson wrote:
> On Thu, May 25, 2023, Rick P Edgecombe wrote:
> > I wonder if it might be a good idea to POC the guest side before
> > settling on the KVM interface. Then you can also look at the whole
> > thing and judge how much usage it would get
On 5/25/2023 6:25 AM, Mickaël Salaün wrote:
On 24/05/2023 23:04, Trilok Soni wrote:
On 5/5/2023 8:20 AM, Mickaël Salaün wrote:
Hi,
This patch series is a proof-of-concept that implements new KVM features
(extended page tracking, MBEC support, CR pinning) and defines a new
API to
protect
On Thu, May 25, 2023, Rick P Edgecombe wrote:
> I wonder if it might be a good idea to POC the guest side before
> settling on the KVM interface. Then you can also look at the whole
> thing and judge how much usage it would get for the different options
> of restrictions.
As I said earlier[*],
On Thu, 2023-05-25 at 15:59 +0200, Mickaël Salaün wrote:
[ snip ]
> > The kernel often creates writable aliases in order to write to
> > protected data (kernel text, etc). Some of this is done right as
> > text
> > is being first written out (alternatives for example), and some
> > happens
> >
On 25/05/2023 00:20, Edgecombe, Rick P wrote:
On Fri, 2023-05-05 at 17:20 +0200, Mickaël Salaün wrote:
# How does it work?
This implementation mainly leverages KVM capabilities to control the
Second
Layer Address Translation (or the Two Dimensional Paging e.g.,
Intel's EPT or
AMD's RVI/NPT)
On 24/05/2023 23:04, Trilok Soni wrote:
On 5/5/2023 8:20 AM, Mickaël Salaün wrote:
Hi,
This patch series is a proof-of-concept that implements new KVM features
(extended page tracking, MBEC support, CR pinning) and defines a new API to
protect guest VMs. No VMM (e.g., Qemu) modification is
On Fri, 2023-05-05 at 17:20 +0200, Mickaël Salaün wrote:
> # How does it work?
>
> This implementation mainly leverages KVM capabilities to control the
> Second
> Layer Address Translation (or the Two Dimensional Paging e.g.,
> Intel's EPT or
> AMD's RVI/NPT) and Mode Based Execution Control
On 5/24/2023 3:20 PM, Edgecombe, Rick P wrote:
On Fri, 2023-05-05 at 17:20 +0200, Mickaël Salaün wrote:
# How does it work?
This implementation mainly leverages KVM capabilities to control the
Second
Layer Address Translation (or the Two Dimensional Paging e.g.,
Intel's EPT or
AMD's RVI/NPT)
On 5/5/2023 8:20 AM, Mickaël Salaün wrote:
Hi,
This patch series is a proof-of-concept that implements new KVM features
(extended page tracking, MBEC support, CR pinning) and defines a new API to
protect guest VMs. No VMM (e.g., Qemu) modification is required.
The main idea being that kernel
Hi,
This patch series is a proof-of-concept that implements new KVM features
(extended page tracking, MBEC support, CR pinning) and defines a new API to
protect guest VMs. No VMM (e.g., Qemu) modification is required.
The main idea being that kernel self-protection mechanisms should be delegated
17 matches
Mail list logo
