All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Mihai Donțu" <mdontu@bitdefender.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org
Subject: #VE support for VMI
Date: Mon, 20 May 2019 18:48:09 +0300	[thread overview]
Message-ID: <571322cc13b98f3805a4843db28f5befbb1bd5a9.camel@bitdefender.com> (raw)

Hi Paolo,

We are looking at adding #VE support to the VMI subsystem we are
working on. Its purpose is to suppress VMEXIT-s caused by the page
table walker when the guest page tables are write-protected. A very
small in-guest agent (protected by the hypervisor) will receive the EPT
violation events, handle PT-walk writes and turn the rest into VMCALL-
s.

A brief presentation of similar work on Xen can be found here:
https://www.slideshare.net/xen_com_mgr/xpdss17-hypervisorbased-security-bringing-virtualized-exceptions-into-the-game-mihai-dontu-bitdefender

There is a bit of an issue with using #VE on KVM, though: because the
EPT is built on-the-fly (as the guest runs), when we enable #VE in
VMCS, all EPT violations become virtualized, because all EPTE-s have
bit 63 zero (0: convert to #VE, 1: generate VMEXIT). At the moment, I
see two solutions:

(a) have the in-guest agent generate a VMCALL that KVM will interpret
as EPT-violation and call the default page fault handler;
(b) populate the EPT completely before entering the guest;

The first one requires adding dedicated code for KVM in the agent used
for handling #VE events, something we are trying to avoid. The second
one has implications we can't fully see, besides migration with which
we don't interact (VMI is designed to be disabled before migration
starts, implicitly #VE too).

I would appreciate any opinion / suggestion you have on a proper
approach to this issue.

Regards,

-- 
Mihai Donțu



             reply	other threads:[~2019-05-20 15:54 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-20 15:48 Mihai Donțu [this message]
2019-05-20 18:10 ` #VE support for VMI Alexander Graf
2019-05-20 18:33   ` Sean Christopherson
2019-05-20 20:49     ` Alexander Graf
2019-05-20 18:22 ` Sean Christopherson
2019-05-20 19:55   ` Mihai Donțu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=571322cc13b98f3805a4843db28f5befbb1bd5a9.camel@bitdefender.com \
    --to=mdontu@bitdefender.com \
    --cc=kvm@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.