On Fri, Feb 10, 2017 at 08:37:01PM -0500, Rik van Riel wrote: > One of the things that Matthew can do is build on > the read-only memory protections in the kernel, and > have the hypervisor enforce that the memory the kernel > marks as read-only is never written from inside the > virtual machine, until the next reboot. > > That seems like it might be a useful place to start, > since it would immediately make the other read-only > protections that people are working on much harder to > get around, at least inside virtual machines. I agree that this is valuable, but it feels like doing so probably involves designing a consistent mechanism for lightweight kernel→hypervisor calls - the existing vfio framework seems heavier than necessary for this kind of thing. Going further probably involves having a good way for syscalls to call into the hypervisor, but again finding a generic solution that doesn't add too much overhead seems like a good plan. My implementation of this was very special cased and didn't attempt to do anything in a generic way, so I'm definitely not a good model! -- Matthew Garrett | mjg59@xxxxxxxxxxxxx
