Re: [RFC PATCH v3 0/5] Hypervisor-Enforced Kernel Integrity - CR pinning

From: Sean Christopherson
Date: Fri May 03 2024 - 09:50:00 EST

Next message: Georgi Djakov: "Re: [PATCH v9 6/6] arm64: dts: qcom: ipq9574: Add icc provider ability to gcc"
Previous message: Dmitry Safonov: "Re: [PATCH] selftest/timerns: fix clang build failures for abs() calls"
In reply to: Mickaël Salaün: "[RFC PATCH v3 2/5] KVM: x86: Add new hypercall to lock control registers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 03, 2024, Mickaël Salaün wrote:
> Hi,
>
> This patch series implements control-register (CR) pinning for KVM and
> provides an hypervisor-agnostic API to protect guests. It includes the
> guest interface, the host interface, and the KVM implementation.
>
> It's not ready for mainline yet (see the current limitations), but we
> think the overall design and interfaces are good and we'd like to have
> some feedback on that.

..

> # Current limitations
>
> This patch series doesn't handle VM reboot, kexec, nor hybernate yet.
> We'd like to leverage the realated feature from KVM CR-pinning patch
> series [3]. Help appreciated!

Until you have a story for those scenarios, I don't expect you'll get a lot of
valuable feedback, or much feedback at all. They were the hot topic for KVM CR
pinning, and they'll likely be the hot topic now.

Next message: Georgi Djakov: "Re: [PATCH v9 6/6] arm64: dts: qcom: ipq9574: Add icc provider ability to gcc"
Previous message: Dmitry Safonov: "Re: [PATCH] selftest/timerns: fix clang build failures for abs() calls"
In reply to: Mickaël Salaün: "[RFC PATCH v3 2/5] KVM: x86: Add new hypercall to lock control registers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]