On 07/19/2018 02:38 PM, Ahmed Abd El Mawgood wrote:
> Documentation/virtual/kvm/hypercalls.txt | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/Documentation/virtual/kvm/hypercalls.txt
> b/Documentation/virtual/kvm/hypercalls.txt
> index a890529c63ed..a9db68adb7c9 100644
> --- a/Documentation/virtual/kvm/hypercalls.txt
> +++ b/Documentation/virtual/kvm/hypercalls.txt
> @@ -121,3 +121,17 @@ compute the CLOCK_REALTIME for its clock, at the same
> instant.
>
> Returns KVM_EOPNOTSUPP if the host does not use TSC clocksource,
> or if clock type is different than KVM_CLOCK_PAIRING_WALLCLOCK.
> +
> +7. KVM_HC_HMROE
> +----------------
> +Architecture: x86
> +Status: active
> +Purpose: Hypercall used to apply Read-Only Enforcement to guest pages
> +Usage:
> + a0: start address of page that should be protected.
Is this done one page per call? No grouping, no multiple pages?
> +
> +This hypercall lets a guest kernel to have part of its read/write memory
lets a guest kernel have part of
> +converted into read-only. This action is irreversible. KVM_HC_HMROE can
> +not be triggered from guest Ring 3 (user mode). The reason is that user
> +mode malicious software can make use of it enforce read only protection on
make use of it to enforce
> +an arbitrary memory page thus crashing the kernel.
>
--
~Randy
_______________________________________________
Virtualization mailing list
[email protected]
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
