Hello,
> > I don't understand why this path needs to be optimized. To me it seems, a
> > straight-
> > forward userspace implementation with no additional code in the kernel
> > achieves
> > the same feature. Can you elaborate?
I was doing some benchmarking to figure out the overhead introduce
Hello,
> Given that writes to these areas should be exceptional occurrences,
No not in the case of partially protected page.
> I don't understand why this path needs to be optimized. To me it seems, a
> straight-
> forward userspace implementation with no additional code in the kernel
> achie
Ahmed,
On Fri, 2018-12-07 at 14:47 +0200, Ahmed Abd El Mawgood wrote:
> The reason why it would be better to implement this from inside kvm: instead
> of
> (host) user space is the need to access SPTEs to modify the permissions, while
> mprotect() from user space can work in theory. It will become
-- Summary --
ROE is a hypercall that enables host operating system to restrict guest's access
to its own memory. This will provide a hardening mechanism that can be used to
stop rootkits from manipulating kernel static data structures and code. Once a
memory region is protected the guest kernel c
4 matches
Mail list logo