[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZG+HpFjIuSWvyo+B@google.com>
Date: Thu, 25 May 2023 09:07:00 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Rick P Edgecombe <rick.p.edgecombe@...el.com>
Cc: "mic@...ikod.net" <mic@...ikod.net>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
"bp@...en8.de" <bp@...en8.de>,
"keescook@...omium.org" <keescook@...omium.org>,
"hpa@...or.com" <hpa@...or.com>,
"mingo@...hat.com" <mingo@...hat.com>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"pbonzini@...hat.com" <pbonzini@...hat.com>,
"wanpengli@...cent.com" <wanpengli@...cent.com>,
"vkuznets@...hat.com" <vkuznets@...hat.com>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"qemu-devel@...gnu.org" <qemu-devel@...gnu.org>,
"liran.alon@...cle.com" <liran.alon@...cle.com>,
"marian.c.rotariu@...il.com" <marian.c.rotariu@...il.com>,
Alexander Graf <graf@...zon.com>,
John S Andersen <john.s.andersen@...el.com>,
"madvenka@...ux.microsoft.com" <madvenka@...ux.microsoft.com>,
"ssicleru@...defender.com" <ssicleru@...defender.com>,
"yuanyu@...gle.com" <yuanyu@...gle.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"tgopinath@...rosoft.com" <tgopinath@...rosoft.com>,
"jamorris@...ux.microsoft.com" <jamorris@...ux.microsoft.com>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>,
"xen-devel@...ts.xenproject.org" <xen-devel@...ts.xenproject.org>,
"will@...nel.org" <will@...nel.org>,
"dev@...ts.cloudhypervisor.org" <dev@...ts.cloudhypervisor.org>,
"mdontu@...defender.com" <mdontu@...defender.com>,
"linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org>,
"linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>,
"virtualization@...ts.linux-foundation.org"
<virtualization@...ts.linux-foundation.org>,
"nicu.citu@...oud.com" <nicu.citu@...oud.com>,
"ztarkhani@...rosoft.com" <ztarkhani@...rosoft.com>,
"x86@...nel.org" <x86@...nel.org>
Subject: Re: [RFC PATCH v1 0/9] Hypervisor-Enforced Kernel Integrity
On Thu, May 25, 2023, Rick P Edgecombe wrote:
> I wonder if it might be a good idea to POC the guest side before
> settling on the KVM interface. Then you can also look at the whole
> thing and judge how much usage it would get for the different options
> of restrictions.
As I said earlier[*], IMO the control plane logic needs to live in host userspace.
I think any attempt to have KVM providen anything but the low level plumbing will
suffer the same fate as CR4 pinning and XO memory. Iterating on an imperfect
solution to incremently improve security is far, far easier to do in userspace,
and far more likely to get merged.
[*] https://lore.kernel.org/all/ZFUyhPuhtMbYdJ76@google.com
Powered by blists - more mailing lists