On 07/19/2018 02:38 PM, Ahmed Abd El Mawgood wrote: > Documentation/virtual/kvm/hypercalls.txt | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/Documentation/virtual/kvm/hypercalls.txt b/Documentation/virtual/kvm/hypercalls.txt > index a890529c63ed..a9db68adb7c9 100644 > --- a/Documentation/virtual/kvm/hypercalls.txt > +++ b/Documentation/virtual/kvm/hypercalls.txt > @@ -121,3 +121,17 @@ compute the CLOCK_REALTIME for its clock, at the same instant. > > Returns KVM_EOPNOTSUPP if the host does not use TSC clocksource, > or if clock type is different than KVM_CLOCK_PAIRING_WALLCLOCK. > + > +7. KVM_HC_HMROE > +---------------- > +Architecture: x86 > +Status: active > +Purpose: Hypercall used to apply Read-Only Enforcement to guest pages > +Usage: > + a0: start address of page that should be protected. Is this done one page per call? No grouping, no multiple pages? > + > +This hypercall lets a guest kernel to have part of its read/write memory lets a guest kernel have part of > +converted into read-only. This action is irreversible. KVM_HC_HMROE can > +not be triggered from guest Ring 3 (user mode). The reason is that user > +mode malicious software can make use of it enforce read only protection on make use of it to enforce > +an arbitrary memory page thus crashing the kernel. > -- ~Randy -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html