Re: [PATCH V7 0/10] KVM: X86: Introducing ROE Protection Kernel Hardening

From: Stecklina, Julian
Date: Thu Dec 13 2018 - 08:36:37 EST

Next message: Greg KH: "Linux 3.18.129"
Previous message: John Garry: "Re: [PATCH v4 4/5] scsi: hisi_sas: Add support for DIF feature for v3 hw"
Next in thread: Ahmed Soliman: "Re: [PATCH V7 0/10] KVM: X86: Introducing ROE Protection Kernel Hardening"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ahmed,

On Fri, 2018-12-07 at 14:47 +0200, Ahmed Abd El Mawgood wrote:
> The reason why it would be better to implement this from inside kvm: instead
> of
> (host) user space is the need to access SPTEs to modify the permissions, while
> mprotect() from user space can work in theory. It will become a big
> performance
> hit to vmexit and switch to user space mode on each fault, on the other hand,
> having the permission handled by EPT should make some remarkable performance
> gain.

Given that writes to these areas should be exceptional occurrences, I don't
understand why this path needs to be optimized. To me it seems, a straight-
forward userspace implementation with no additional code in the kernel achieves
the same feature. Can you elaborate?

Julian

Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrer: Christian Schlaeger, Ralf Herbrich
Ust-ID: DE 289 237 879
Eingetragen am Amtsgericht Charlottenburg HRB 149173 B

Next message: Greg KH: "Linux 3.18.129"
Previous message: John Garry: "Re: [PATCH v4 4/5] scsi: hisi_sas: Add support for DIF feature for v3 hw"
Next in thread: Ahmed Soliman: "Re: [PATCH V7 0/10] KVM: X86: Introducing ROE Protection Kernel Hardening"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]