lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251110162900.354698-1-lrh2000@pku.edu.cn>
Date: Tue, 11 Nov 2025 00:29:00 +0800
From: Ruihan Li <lrh2000@....edu.cn>
To: lei4.wang@...el.com,
	seanjc@...gle.com
Cc: chenyi.qiang@...el.com,
	jmattson@...gle.com,
	joro@...tes.org,
	kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	pbonzini@...hat.com,
	vkuznets@...hat.com,
	wanpengli@...cent.com,
	lrh2000@....edu.cn
Subject: The current status of PKS virtualization

Hi,

I'm sorry to bother you by replying to the email from years ago. I would like
to learn about the current status of PKS virtualization.

In short, I tried to rebase this patch series on the latest kernel. The result
was a working kernel that supports PKS virtualization, which would be useful
for my purposes. Would PKS virtualization be accepted even if the kernel itself
does not use PKS?

Here's a longer explanation: I noticed that this patch series is built on top
of basic PKS support. Meanwhile, it appears that the basic PKS support "was
dropped after the main use case was rejected (pmem stray write protection)"
[1]. I suppose that's why this patch series won't be merged into the kernel?

 [1]: https://lore.kernel.org/lkml/3b3c941f1fb69d67706457a30cecc96bfde57353.camel@intel.com/

For my purposes, I don't need the Linux kernel to use PKS. I do want the kernel
to support PKS virtualization so that I can run another OS that requires PKS
support with the help of KVM. Fundamentally, I don't think this patch series
has to be built on top of basic PKS support. But I am unsure whether there is a
policy or convention that states virtualization support can only be added after
basic support.

One problem is that if the Linux kernel does not use PKS, we will be unable to
test PKS virtualization with a guest Linux kernel. However, given that we have
KVM unit test infrastructure, I believe we can find a way to properly test PKS
virtualization for its correctness?

I'd like to hear from you to know whether I understand things correctly. Thank
you in advance for any feedback.

Thanks,
Ruihan Li

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ