On Fri, May 05, 2023, Micka�l Sala�n wrote: > Add a new KVM_HC_LOCK_MEM_PAGE_RANGES hypercall that enables a guest to > set EPT permissions on a set of page ranges.
IMO, manipulation of protections, both for memory (this patch) and CPU state (control registers in the next patch) should come from userspace. I have no objection to KVM providing plumbing if necessary, but I think userspace needs to to have full control over the actual state. One of the things that caused Intel's control register pinning series to stall out was how to handle edge cases like kexec() and reboot. Deferring to userspace means the kernel doesn't need to define policy, e.g. when to unprotect memory, and avoids questions like "should userspace be able to overwrite pinned control registers". And like the confidential VM use case, keeping userspace in the loop is a big beneifit, e.g. the guest can't circumvent protections by coercing userspace into writing to protected memory .
