lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20171018140247.GA28204@dazhang1-ssd.sh.intel.com>
Date:   Wed, 18 Oct 2017 22:02:48 +0800
From:   Yi Zhang <yi.z.zhang@...ux.intel.com>
To:     Christoph Hellwig <hch@...radead.org>
Cc:     kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        pbonzini@...hat.com, rkrcmar@...hat.com
Subject: Re: [PATCH RFC 00/10] Intel EPT-Based Sub-page Write Protection
 Support.

On 2017-10-18 at 00:09:36 -0700, Christoph Hellwig wrote:
> > We introduced 2 ioctls to let user application to set/get subpage write protection bitmap per gfn, each gfn corresponds to a bitmap.
> > The user application, qemu, or some other security control daemon. will set the protection bitmap via this ioctl.
> > the API defined as:
> > 	struct kvm_subpage {
> > 		__u64 base_gfn;
> > 		__u64 npages;
> > 		/* sub-page write-access bitmap array */
> > 		__u32 access_map[SUBPAGE_MAX_BITMAP];
> > 		}sp;
> > 	kvm_vm_ioctl(s, KVM_SUBPAGES_SET_ACCESS, &sp)
> > 	kvm_vm_ioctl(s, KVM_SUBPAGES_GET_ACCESS, &sp)
> 
> What is the use case for this feature?

Thanks for your review Chirs,

I have prepared a draft version of tools which embedded in the qemu
command line, mean that we could set/get the subpage protection via qemu
command.

Attached the qemu patch, it is a pre-design version, I'm considering to
change the interface to hypercall as Paolo's advice.


View attachment "0001-x86-Intel-Sub-Page-Protection-support.patch" of type "text/x-diff" (10315 bytes)

Powered by blists - more mailing lists