On Thu, Oct 1, 2015 at 3:33 PM, Dave Hansen <dave@xxxxxxxx> wrote: > On 10/01/2015 01:39 PM, Kees Cook wrote: >> On Thu, Oct 1, 2015 at 4:17 AM, Ingo Molnar <mingo@xxxxxxxxxx> wrote: >>> So could we try to add an (opt-in) kernel option that enables this transparently >>> and automatically for all PROT_EXEC && !PROT_WRITE mappings, without any >>> user-space changes and syscalls necessary? >> >> I would like this very much. :) > > Here it is in a quite fugly form (well, it's not opt-in). Init crashes > if I boot with this, though. Somebody really ought to rework things so that a crash in init prints out a normal indication of the unhandled signal and optionally leaves everything else running. Also... EPT seems to have separate R, W, and X flags. I wonder if it would make sense to add a KVM paravirt feature that maps the entire guest physical space an extra time at a monstrous offset with R cleared in the EPT and passes through a #PF or other notification (KVM-specific thing? #VE?) on a read fault. This wouldn't even need a whole duplicate paging hierarchy -- it would just duplicate the EPT PML4 entries, so it would add exactly zero runtime memory usage. The guest would use it by treating the high bit of the physical address as a "may read" bit. This reminds me -- we should probably wire up X86_TRAP_VE with a stub that OOPSes until someone figures out some more useful thing to do. We're probably not doing anyone any favors by unconditionally promoting them to double-faults. --Andy -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
