from:"Mickaël Salaün"

[RFC PATCH v3 4/5] heki: Lock guest control registers at the end of guest kernel init

2024-05-03 Thread Mickaël Salaün

Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Co-developed-by: Madhavan T. Venkataraman Signed-off-by: Madhavan T. Venkataraman Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20240503131910.307630-5-...@digikod.net --- Changes since v2

[RFC PATCH v3 0/5] Hypervisor-Enforced Kernel Integrity - CR pinning

2024-05-03 Thread Mickaël Salaün

ikod.net v1: https://lore.kernel.org/r/20230505152046.6575-1-...@digikod.net Regards, Madhavan T. Venkataraman (1): virt: Introduce Hypervisor Enforced Kernel Integrity (Heki) Mickaël Salaün (4): KVM: x86: Add new hypercall to lock control registers KVM: x86: Add notifications for Heki poli

[RFC PATCH v3 1/5] virt: Introduce Hypervisor Enforced Kernel Integrity (Heki)

2024-05-03 Thread Mickaël Salaün

Kees Cook Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Co-developed-by: Mickaël Salaün Signed-off-by: Mickaël Salaün Signed-off-by: Madhavan T. Venkataraman Link: https://lore.kernel.org/r/20240503131910.307630-2-...@digikod.net --- Chan

[RFC PATCH v3 2/5] KVM: x86: Add new hypercall to lock control registers

2024-05-03 Thread Mickaël Salaün

related features. Cc: Borislav Petkov Cc: Dave Hansen Cc: H. Peter Anvin Cc: Ingo Molnar Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r

[RFC PATCH v3 3/5] KVM: x86: Add notifications for Heki policy configuration and violation

2024-05-03 Thread Mickaël Salaün

van T. Venkataraman Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20240503131910.307630-4-...@digikod.net --- Changes since v1: * New patch. Making user space aware of Heki propertie

[RFC PATCH v3 5/5] virt: Add Heki KUnit tests

2024-05-03 Thread Mickaël Salaün

ule: heki_test 1..1 ok 1 test_cr_disable_smep ok 1 heki_x86 Link: https://lore.kernel.org/r/20240229170409.365386-2-...@digikod.net [1] Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20240503131910.307630-6-...@digikod.net --- Changes since v2: * Make tests standalo

Re: [RFC PATCH v3 3/5] KVM: x86: Add notifications for Heki policy configuration and violation

2024-05-06 Thread Mickaël Salaün

On Fri, May 03, 2024 at 07:03:21AM GMT, Sean Christopherson wrote: > On Fri, May 03, 2024, Mickaël Salaün wrote: > > Add an interface for user space to be notified about guests' Heki policy > > and related violations. > > > > Extend the KVM_ENABLE_CAP IOCTL

Re: [RFC PATCH v3 3/5] KVM: x86: Add notifications for Heki policy configuration and violation

2024-05-07 Thread Mickaël Salaün

On Mon, May 06, 2024 at 06:34:53PM GMT, Sean Christopherson wrote: > On Mon, May 06, 2024, Mickaël Salaün wrote: > > On Fri, May 03, 2024 at 07:03:21AM GMT, Sean Christopherson wrote: > > > > --- > > > > > > > > Changes since v1: > > > > *

[PATCH v1 9/9] virt: Add Heki KUnit tests

2023-05-05 Thread Mickaël Salaün

Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20230505152046.6575-10-...@digikod.net --- virt/heki/Kconfig | 12 +++ virt/heki/heki.c | 194

[PATCH v1 8/9] KVM: x86/mmu: Enable guests to lock themselves thanks to MBEC

2023-05-05 Thread Mickaël Salaün

araman Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20230505152046.6575-9-...@digikod.net --- Documentation/virt/kvm/x86/hypercalls.rst | 4 +- arch/x86/kvm/mmu/mmu.c

[PATCH v1 7/9] KVM: VMX: Add MBEC support

2023-05-05 Thread Mickaël Salaün

bit is ignored. Cc: Borislav Petkov Cc: Dave Hansen Cc: H. Peter Anvin Cc: Ingo Molnar Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Mickaël Salaün Link: https://lore.kernel.or

[RFC PATCH v1 0/9] Hypervisor-Enforced Kernel Integrity

2023-05-05 Thread Mickaël Salaün

o...@intel.com/ [10] https://lpc.events/event/4/contributions/283/ [11] https://sched.co/eE24 Please reach out to us by replying to this thread, we're looking for people to join and collaborate on this project! Regards, Madhavan T. Venkataraman (2): virt: Implement Heki common code KVM:

[PATCH v1 1/9] KVM: x86: Add kvm_x86_ops.fault_gva()

2023-05-05 Thread Mickaël Salaün

Cîțu Signed-off-by: Nicușor Cîțu Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20230505152046.6575-2-...@digikod.net --- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h| 2 ++ arch/x86/kvm/svm/svm.c | 9 + arch/x86/kvm/vmx

[PATCH v1 5/9] KVM: x86: Add new hypercall to lock control registers

2023-05-05 Thread Mickaël Salaün

Molnar Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20230505152046.6575-6-...@digikod.net --- Documentation/virt/kvm/x86

[PATCH v1 3/9] virt: Implement Heki common code

2023-05-05 Thread Mickaël Salaün

Madhavan T. Venkataraman Cc: Mickaël Salaün Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Madhavan T. Venkataraman Link: https://lore.kernel.org/r/20230505152046.6575-4-...@digikod.net --- Kconfig |

[PATCH v1 6/9] KVM: x86: Add Heki hypervisor support

2023-05-05 Thread Mickaël Salaün

ave Hansen Cc: H. Peter Anvin Cc: Ingo Molnar Cc: Kees Cook Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Co-developed-by: Mickaël Salaün Signed-off-by: Mickaël Salaün Signed-off-by: Madhavan T. Venkataraman Link: https://lore.kern

[PATCH v1 2/9] KVM: x86/mmu: Add support for prewrite page tracking

2023-05-05 Thread Mickaël Salaün

italy Kuznetsov Cc: Wanpeng Li Cc: Ștefan Șicleru Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20230505152046.6575-3-...@digikod.net --- arch/x86/include/asm/kvm_page_track.h | 12 + arch/x86/kvm/mmu/mmu.c| 64 ++- arch/x86/kv

[PATCH v1 4/9] KVM: x86: Add new hypercall to set EPT permissions

2023-05-05 Thread Mickaël Salaün

van T. Venkataraman Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Mickaël Salaün Link: https://lore.kernel.org/r/20230505152046.6575-5-...@digikod.net --- Documentation/virt/kvm/x86/hypercalls.rst | 17 +++ arch/x86/kvm/x86.

Re: [PATCH v1 2/9] KVM: x86/mmu: Add support for prewrite page tracking

2023-05-05 Thread Mickaël Salaün

On 05/05/2023 18:28, Sean Christopherson wrote: On Fri, May 05, 2023, Mickaï¿½l Salaï¿½n wrote: diff --git a/arch/x86/include/asm/kvm_page_track.h b/arch/x86/include/asm/kvm_page_track.h index eb186bc57f6a..a7fb4ff888e6 100644 --- a/arch/x86/include/asm/kvm_page_track.h +++ b/arch/x86/include

Re: [PATCH v1 4/9] KVM: x86: Add new hypercall to set EPT permissions

2023-05-05 Thread Mickaël Salaün

On 05/05/2023 18:44, Sean Christopherson wrote: On Fri, May 05, 2023, Mickaï¿½l Salaï¿½n wrote: Add a new KVM_HC_LOCK_MEM_PAGE_RANGES hypercall that enables a guest to set EPT permissions on a set of page ranges. IMO, manipulation of protections, both for memory (this patch) and CPU state (c

Re: [RFC PATCH v1 0/9] Hypervisor-Enforced Kernel Integrity

2023-05-25 Thread Mickaël Salaün

On 24/05/2023 23:04, Trilok Soni wrote: On 5/5/2023 8:20 AM, Mickaël Salaün wrote: Hi, This patch series is a proof-of-concept that implements new KVM features (extended page tracking, MBEC support, CR pinning) and defines a new API to protect guest VMs. No VMM (e.g., Qemu) modification is

Re: [RFC PATCH v1 0/9] Hypervisor-Enforced Kernel Integrity

2023-05-25 Thread Mickaël Salaün

On 25/05/2023 00:20, Edgecombe, Rick P wrote: On Fri, 2023-05-05 at 17:20 +0200, Mickaël Salaün wrote: # How does it work? This implementation mainly leverages KVM capabilities to control the Second Layer Address Translation (or the Two Dimensional Paging e.g., Intel's EPT or AMD'

Re: [RFC PATCH v1 0/9] Hypervisor-Enforced Kernel Integrity

2023-05-26 Thread Mickaël Salaün

On 25/05/2023 15:59, Mickaël Salaün wrote: On 25/05/2023 00:20, Edgecombe, Rick P wrote: On Fri, 2023-05-05 at 17:20 +0200, Mickaël Salaün wrote: # How does it work? This implementation mainly leverages KVM capabilities to control the Second Layer Address Translation (or the Two

Re: [RFC PATCH v1 0/9] Hypervisor-Enforced Kernel Integrity

2023-05-26 Thread Mickaël Salaün

On 25/05/2023 17:52, Edgecombe, Rick P wrote: On Thu, 2023-05-25 at 15:59 +0200, Mickaël Salaün wrote: [ snip ] The kernel often creates writable aliases in order to write to protected data (kernel text, etc). Some of this is done right as text is being first written out (alternatives for

Re: [ANNOUNCE] KVM Microconference at LPC 2023

2023-05-26 Thread Mickaël Salaün

See James Morris's proposal here: https://lore.kernel.org/all/17f62cb1-a5de-2020-2041-359b8e96b...@linux.microsoft.com/ On 26/05/2023 04:36, James Morris wrote: > [Side topic] > > Would folks be interested in a Linux Plumbers Conference MC on this > topic generally, across different hypervisors,

Re: [PATCH v1 6/9] KVM: x86: Add Heki hypervisor support

2023-05-26 Thread Mickaël Salaün

On 08/05/2023 23:18, Wei Liu wrote: On Fri, May 05, 2023 at 05:20:43PM +0200, Mickaël Salaün wrote: From: Madhavan T. Venkataraman Each supported hypervisor in x86 implements a struct x86_hyper_init to define the init functions for the hypervisor. Define a new init_heki() entry point in

Re: [PATCH v1 3/9] virt: Implement Heki common code

2023-05-29 Thread Mickaël Salaün

On 17/05/2023 14:47, Madhavan T. Venkataraman wrote: Sorry for the delay. See inline... On 5/8/23 12:29, Wei Liu wrote: On Fri, May 05, 2023 at 05:20:40PM +0200, Mickaël Salaün wrote: From: Madhavan T. Venkataraman Hypervisor Enforced Kernel Integrity (Heki) is a feature that will use the

Re: [PATCH v1 5/9] KVM: x86: Add new hypercall to lock control registers

2023-05-29 Thread Mickaël Salaün

On 08/05/2023 23:11, Wei Liu wrote: On Fri, May 05, 2023 at 05:20:42PM +0200, Mickaël Salaün wrote: This enables guests to lock their CR0 and CR4 registers with a subset of X86_CR0_WP, X86_CR4_SMEP, X86_CR4_SMAP, X86_CR4_UMIP, X86_CR4_FSGSBASE and X86_CR4_CET flags. The new

Re: [RFC PATCH v1 0/9] Hypervisor-Enforced Kernel Integrity

2023-05-30 Thread Mickaël Salaün

On 25/05/2023 20:34, Trilok Soni wrote: On 5/25/2023 6:25 AM, Mickaël Salaün wrote: On 24/05/2023 23:04, Trilok Soni wrote: On 5/5/2023 8:20 AM, Mickaël Salaün wrote: Hi, This patch series is a proof-of-concept that implements new KVM features (extended page tracking, MBEC support, CR

Re: [RFC PATCH v3 3/5] KVM: x86: Add notifications for Heki policy configuration and violation

2024-06-03 Thread Mickaël Salaün

On Wed, May 15, 2024 at 01:32:24PM -0700, Sean Christopherson wrote: > On Tue, May 14, 2024, Mickaël Salaün wrote: > > On Fri, May 10, 2024 at 10:07:00AM +, Nicolas Saenz Julienne wrote: > > > Development happens > > > https://github.com/vianpl/{linux,qemu,kvm-u

Re: [RFC PATCH v3 3/5] KVM: x86: Add notifications for Heki policy configuration and violation

2024-05-14 Thread Mickaël Salaün

On Tue, May 07, 2024 at 09:16:06AM -0700, Sean Christopherson wrote: > On Tue, May 07, 2024, Mickaël Salaün wrote: > > > Actually, potential bad/crazy idea. Why does the _host_ need to define > > > policy? > > > Linux already knows what assets it wants to

Re: [RFC PATCH v3 3/5] KVM: x86: Add notifications for Heki policy configuration and violation

2024-05-14 Thread Mickaël Salaün

On Fri, May 10, 2024 at 10:07:00AM +, Nicolas Saenz Julienne wrote: > On Tue May 7, 2024 at 4:16 PM UTC, Sean Christopherson wrote: > > > If yes, that would indeed require a *lot* of work for something we're not > > > sure will be accepted later on. > > > > Yes and no. The AWS folks are pursui

Re: [ANNOUNCE] KVM Microconference at LPC 2023

2023-06-01 Thread Mickaël Salaün

Hi, What is the status of this microconference proposal? We'd be happy to talk about Heki [1] and potentially other hypervisor supports. Regards, Mickaël [1] https://lore.kernel.org/all/20230505152046.6575-1-...@digikod.net/ On 26/05/2023 18:09, Mickaël Salaün wrote: See James Mor

Re: [RFC PATCH v1 0/9] Hypervisor-Enforced Kernel Integrity

2023-06-02 Thread Mickaël Salaün

On 31/05/2023 22:24, Sean Christopherson wrote: On Tue, May 30, 2023, Rick P Edgecombe wrote: On Fri, 2023-05-26 at 17:22 +0200, Mickaï¿½l Salaï¿½n wrote: Can the guest kernel ask the host VMM's emulated devices to DMA into the protected data? It should go through the host userspace mappings

[RFC PATCH v2 02/19] KVM: x86: Add new hypercall to lock control registers

2023-11-12 Thread Mickaël Salaün

related features. Cc: Borislav Petkov Cc: Dave Hansen Cc: H. Peter Anvin Cc: Ingo Molnar Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Mickaël Salaün --- Changes since v1: * Guard

[RFC PATCH v2 07/19] KVM: x86: Make memory attribute helpers more generic

2023-11-12 Thread Mickaël Salaün

butes() KVM_MEMORY_ATTRIBUTE_PRIVATE optimizations. Cc: Chao Peng Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Sean Christopherson Cc: Yu Zhang Signed-off-by: Mickaël Salaün --- Changes since v1: * New patch --- arch/x86/kvm/mmu/mmu.c | 23 --- include/linux/kvm_host.h | 2 ++ vir

[RFC PATCH v2 14/19] heki: x86: Initialize permissions counters for pages mapped into KVA

2023-11-12 Thread Mickaël Salaün

from tampering by the guest kernel itself. We should note that walking through all mappings might be slow if KASAN is enabled. Cc: Borislav Petkov Cc: Dave Hansen Cc: H. Peter Anvin Cc: Ingo Molnar Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Mickaël Salaün Cc: Paolo Bonzini Cc: Sean

[RFC PATCH v2 06/19] KVM: x86: Add kvm_x86_ops.fault_gva()

2023-11-12 Thread Mickaël Salaün

Cîțu Signed-off-by: Nicușor Cîțu Signed-off-by: Mickaël Salaün --- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h| 2 ++ arch/x86/kvm/svm/svm.c | 9 + arch/x86/kvm/vmx/vmx.c | 10 ++ 4 files changed, 22 insertions

[RFC PATCH v2 16/19] heki: x86: Update permissions counters when guest page permissions change

2023-11-12 Thread Mickaël Salaün

From: Madhavan T. Venkataraman When permissions are changed on an existing mapping, update the permissions counters. Cc: Borislav Petkov Cc: Dave Hansen Cc: H. Peter Anvin Cc: Ingo Molnar Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Mickaël Salaün Cc: Paolo Bonzini Cc: Sean

[RFC PATCH v2 05/19] KVM: VMX: Add MBEC support

2023-11-12 Thread Mickaël Salaün

topherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Mickaël Salaün --- Changes since v1: * Import the MMU tracepoint changes from the v1's "Enable guests to lock themselves thanks to MBEC" patch. --- arch/x86/include/asm/vmx.h | 11 +-- arc

[RFC PATCH v2 03/19] KVM: x86: Add notifications for Heki policy configuration and violation

2023-11-12 Thread Mickaël Salaün

van T. Venkataraman Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Mickaël Salaün --- Changes since v1: * New patch. Making user space aware of Heki properties was requested by Sean Christopherson. --- arch/x86/kvm/vmx/vmx.c

[RFC PATCH v2 10/19] KVM: x86: Implement per-guest-page permissions

2023-11-12 Thread Mickaël Salaün

: H. Peter Anvin Cc: Ingo Molnar Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Mickaël Salaün Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Co-developed-by: Madhavan T. Venkataraman Signed-off-by: Madhavan T. Venkataraman Signed-off-by

[RFC PATCH v2 11/19] KVM: x86: Add new hypercall to set EPT permissions

2023-11-12 Thread Mickaël Salaün

Anvin Cc: Ingo Molnar Cc: Kees Cook Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Co-developed-by: Mickaël Salaün Signed-off-by: Mickaël Salaün Signed-off-by: Madhavan T. Venkataraman --- Changes since v1: The original hypercall cont

[RFC PATCH v2 04/19] heki: Lock guest control registers at the end of guest kernel init

2023-11-12 Thread Mickaël Salaün

Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Co-developed-by: Madhavan T. Venkataraman Signed-off-by: Madhavan T. Venkataraman Signed-off-by: Mickaël Salaün --- Changes since v1: * Shrinked the patch to only manage the CR pinning. --- arch/x86

[RFC PATCH v2 19/19] virt: Add Heki KUnit tests

2023-11-12 Thread Mickaël Salaün

er to understand what is going on. Cc: Borislav Petkov Cc: Dave Hansen Cc: H. Peter Anvin Cc: Ingo Molnar Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Mickaël Salaün --- Ch

[RFC PATCH v2 15/19] heki: x86: Initialize permissions counters for pages in vmap()/vunmap()

2023-11-12 Thread Mickaël Salaün

Cook Cc: Mickaël Salaün Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by: Madhavan T. Venkataraman --- Changes since v1: * New patch --- include/linux/heki.h | 11 ++- mm/vmalloc.c | 7 +++ virt/heki

[RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

2023-11-12 Thread Mickaël Salaün

modify the instructions in that page. Cc: Borislav Petkov Cc: Dave Hansen Cc: H. Peter Anvin Cc: Ingo Molnar Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Mickaël Salaün Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Signed-off-by

[RFC PATCH v2 01/19] virt: Introduce Hypervisor Enforced Kernel Integrity (Heki)

2023-11-12 Thread Mickaël Salaün

Kees Cook Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Co-developed-by: Mickaël Salaün Signed-off-by: Mickaël Salaün Signed-off-by: Madhavan T. Venkataraman --- Changes since v1: * Shrinked this patch to only contain the minimal c

[RFC PATCH v2 18/19] heki: x86: Protect guest kernel memory using the KVM hypervisor

2023-11-12 Thread Mickaël Salaün

read-only. Cc: Borislav Petkov Cc: Dave Hansen Cc: H. Peter Anvin Cc: Ingo Molnar Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Co-developed-by: Mickaël Salaün Signed-off-by: Mickaël Salaün

[RFC PATCH v2 09/19] KVM: x86: Extend kvm_range_has_memory_attributes() with match_all

2023-11-12 Thread Mickaël Salaün

This enables to check if an attribute is tied to any memory page in a range. This will be useful in a folling commit to check for KVM_MEMORY_ATTRIBUTE_HEKI_IMMUTABLE. Cc: Chao Peng Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Sean Christopherson Cc: Yu Zhang Signed-off-by: Mickaël Salaün

[RFC PATCH v2 08/19] KVM: x86: Extend kvm_vm_set_mem_attributes() with a mask

2023-11-12 Thread Mickaël Salaün

Enable to only update a subset of attributes. This is needed to be able to use the XArray for different use cases and make sure they don't interfere (see a following commit). Cc: Chao Peng Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Sean Christopherson Cc: Yu Zhang Signed-off-by: Mi

[RFC PATCH v2 12/19] x86: Implement the Memory Table feature to store arbitrary per-page data

2023-11-12 Thread Mickaël Salaün

rsion thanks to extra mem_table_ops's merge() and split() operations. Cc: Borislav Petkov Cc: Dave Hansen Cc: H. Peter Anvin Cc: Ingo Molnar Cc: Kees Cook Cc: Madhavan T. Venkataraman Cc: Mickaël Salaün Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuz

[RFC PATCH v2 13/19] heki: Implement a kernel page table walker

2023-11-12 Thread Mickaël Salaün

: Kees Cook Cc: Madhavan T. Venkataraman Cc: Paolo Bonzini Cc: Sean Christopherson Cc: Thomas Gleixner Cc: Vitaly Kuznetsov Cc: Wanpeng Li Co-developed-by: Mickaël Salaün Signed-off-by: Mickaël Salaün Signed-off-by: Madhavan T. Venkataraman --- Change since v1: * New patch and new file: virt

[RFC PATCH v2 00/19] Hypervisor-Enforced Kernel Integrity

2023-11-12 Thread Mickaël Salaün

s for pages in vmap()/vunmap() heki: x86: Update permissions counters when guest page permissions change heki: x86: Update permissions counters during text patching heki: x86: Protect guest kernel memory using the KVM hypervisor Mickaël Salaün (10): KVM: x86: Add new hypercall to lo

54 matches

Mail list logo