Re: [PATCH RFC 00/10] Intel EPT-Based Sub-page Write Protection Support.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2017-10-18 at 11:35:12 +0200, Paolo Bonzini wrote:
> >
> > Currently,  We only block the write access, As far as I know an example,
> > we now using it in a security daemon:
> 
> Understood.  However, I think QEMU is the wrong place to set this up.
> 
> If the kernel wants to protect _itself_, it should use a hypercall.  If
> an introspector appliance wants to protect the guest kernel, it should
> use the socket that connects it to the hypervisor.
> 
> Paolo
> 

Thanks Paolo,

Yes, that correctable, I will think about to switch the interface to a
hypercall,  How about we keep these 2 interface together(hyper call +
ioctl)? think about that if VMM manager have some way could intercept
the guest kernel memory accessing, the page protection would like a
hardware watch point, is it an easy way to let VMM manager debug the
guest kernel?

Except the interface change, could you please help to review the other
patch series? just skip the ioctl patch( patch 7). 
Thank you very much Paolo.



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux