[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH v3 0/5] Hypervisor-Enforced Kernel Integrity - CR pinning
- To: "Mickaël Salaün" <mic@xxxxxxxxxxx>
- From: Sean Christopherson <seanjc@xxxxxxxxxx>
- Date: Fri, 3 May 2024 06:49:47 -0700
- Cc: Borislav Petkov <bp@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, "H . Peter Anvin" <hpa@xxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>, Wanpeng Li <wanpengli@xxxxxxxxxxx>, Rick P Edgecombe <rick.p.edgecombe@xxxxxxxxx>, Alexander Graf <graf@xxxxxxxxxx>, Angelina Vu <angelinavu@xxxxxxxxxxxxxxxxxxx>, Anna Trikalinou <atrikalinou@xxxxxxxxxxxxx>, Chao Peng <chao.p.peng@xxxxxxxxxxxxxxx>, Forrest Yuan Yu <yuanyu@xxxxxxxxxx>, James Gowans <jgowans@xxxxxxxxxx>, James Morris <jamorris@xxxxxxxxxxxxxxxxxxx>, John Andersen <john.s.andersen@xxxxxxxxx>, "Madhavan T . Venkataraman" <madvenka@xxxxxxxxxxxxxxxxxxx>, Marian Rotariu <marian.c.rotariu@xxxxxxxxx>, "Mihai Donțu" <mdontu@xxxxxxxxxxxxxxx>, "Nicușor Cîțu" <nicu.citu@xxxxxxxxxx>, Thara Gopinath <tgopinath@xxxxxxxxxxxxx>, Trilok Soni <quic_tsoni@xxxxxxxxxxx>, Wei Liu <wei.liu@xxxxxxxxxx>, Will Deacon <will@xxxxxxxxxx>, Yu Zhang <yu.c.zhang@xxxxxxxxxxxxxxx>, "Ștefan Șicleru" <ssicleru@xxxxxxxxxxxxxxx>, dev@xxxxxxxxxxxxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, linux-hardening@xxxxxxxxxxxxxxx, linux-hyperv@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux-security-module@xxxxxxxxxxxxxxx, qemu-devel@xxxxxxxxxx, virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx, x86@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Fri, 03 May 2024 13:50:06 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Fri, May 03, 2024, Mickaël Salaün wrote:
> Hi,
>
> This patch series implements control-register (CR) pinning for KVM and
> provides an hypervisor-agnostic API to protect guests. It includes the
> guest interface, the host interface, and the KVM implementation.
>
> It's not ready for mainline yet (see the current limitations), but we
> think the overall design and interfaces are good and we'd like to have
> some feedback on that.
...
> # Current limitations
>
> This patch series doesn't handle VM reboot, kexec, nor hybernate yet.
> We'd like to leverage the realated feature from KVM CR-pinning patch
> series [3]. Help appreciated!
Until you have a story for those scenarios, I don't expect you'll get a lot of
valuable feedback, or much feedback at all. They were the hot topic for KVM CR
pinning, and they'll likely be the hot topic now.
|
