> We introduced 2 ioctls to let user application to set/get subpage write protection bitmap per gfn, each gfn corresponds to a bitmap.
> The user application, qemu, or some other security control daemon. will set the protection bitmap via this ioctl.
> the API defined as:
> struct kvm_subpage {
> __u64 base_gfn;
> __u64 npages;
> /* sub-page write-access bitmap array */
> __u32 access_map[SUBPAGE_MAX_BITMAP];
> }sp;
> kvm_vm_ioctl(s, KVM_SUBPAGES_SET_ACCESS, &sp)
> kvm_vm_ioctl(s, KVM_SUBPAGES_GET_ACCESS, &sp)
What is the use case for this feature?
