Re: [PATCH RFC 00/10] Intel EPT-Based Sub-page Write Protection Support.

From: Yi Zhang
Date: Wed Oct 18 2017 - 10:02:23 EST

Next message: Jason Baron: "Re: [PATCH] epoll: avoid calling ep_call_nested() from ep_poll_safewake()"
Previous message: yuzhoujian: "[PATCH v4 3/4] Replace printf with fprintf for all print functions"
In reply to: Christoph Hellwig: "Re: [PATCH RFC 00/10] Intel EPT-Based Sub-page Write Protection Support."
Next in thread: Paolo Bonzini: "Re: [PATCH RFC 00/10] Intel EPT-Based Sub-page Write Protection Support."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2017-10-18 at 00:09:36 -0700, Christoph Hellwig wrote:
> > We introduced 2 ioctls to let user application to set/get subpage write protection bitmap per gfn, each gfn corresponds to a bitmap.
> > The user application, qemu, or some other security control daemon. will set the protection bitmap via this ioctl.
> > the API defined as:
> > struct kvm_subpage {
> > __u64 base_gfn;
> > __u64 npages;
> > /* sub-page write-access bitmap array */
> > __u32 access_map[SUBPAGE_MAX_BITMAP];
> > }sp;
> > kvm_vm_ioctl(s, KVM_SUBPAGES_SET_ACCESS, &sp)
> > kvm_vm_ioctl(s, KVM_SUBPAGES_GET_ACCESS, &sp)
>
> What is the use case for this feature?

Thanks for your review Chirs,

I have prepared a draft version of tools which embedded in the qemu
command line, mean that we could set/get the subpage protection via qemu
command.

Attached the qemu patch, it is a pre-design version, I'm considering to
change the interface to hypercall as Paolo's advice.

Next message: Jason Baron: "Re: [PATCH] epoll: avoid calling ep_call_nested() from ep_poll_safewake()"
Previous message: yuzhoujian: "[PATCH v4 3/4] Replace printf with fprintf for all print functions"
In reply to: Christoph Hellwig: "Re: [PATCH RFC 00/10] Intel EPT-Based Sub-page Write Protection Support."
Next in thread: Paolo Bonzini: "Re: [PATCH RFC 00/10] Intel EPT-Based Sub-page Write Protection Support."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]