Re: [RFC PATCH v3 0/5] Hypervisor-Enforced Kernel Integrity - CR pinning

From: Sean Christopherson
Date: Fri May 03 2024 - 09:50:00 EST


On Fri, May 03, 2024, Mickaël Salaün wrote:
> Hi,
>
> This patch series implements control-register (CR) pinning for KVM and
> provides an hypervisor-agnostic API to protect guests. It includes the
> guest interface, the host interface, and the KVM implementation.
>
> It's not ready for mainline yet (see the current limitations), but we
> think the overall design and interfaces are good and we'd like to have
> some feedback on that.

..

> # Current limitations
>
> This patch series doesn't handle VM reboot, kexec, nor hybernate yet.
> We'd like to leverage the realated feature from KVM CR-pinning patch
> series [3]. Help appreciated!

Until you have a story for those scenarios, I don't expect you'll get a lot of
valuable feedback, or much feedback at all. They were the hot topic for KVM CR
pinning, and they'll likely be the hot topic now.