On 20 July 2018 at 03:28, Jann Horn wrote:
> On Fri, Jul 20, 2018 at 2:26 AM Ahmed Soliman
> wrote:
>>
>> On 20 July 2018 at 00:59, Jann Horn wrote:
>> > On Thu, Jul 19, 2018 at 11:40 PM Ahmed Abd El Mawgood
>>
>> > Why are you implementing this in the kernel, instead of doing it in
>> > host us
On 07/19/2018 02:38 PM, Ahmed Abd El Mawgood wrote:
> This patch introduces a hypercall implemented for X86 that can assist
> against subset of kernel rootkits, it works by place readonly protection in
> shadow PTE. The end result protection is also kept in a bitmap for each
> kvm_memory_slot and i
On 20 July 2018 at 00:59, Jann Horn wrote:
> On Thu, Jul 19, 2018 at 11:40 PM Ahmed Abd El Mawgood
> Why are you implementing this in the kernel, instead of doing it in
> host userspace?
I thought about implementing it completely in QEMU but It won't be
possible for few reasons:
- After talking
This patch introduces a hypercall implemented for X86 that can assist
against subset of kernel rootkits, it works by place readonly protection in
shadow PTE. The end result protection is also kept in a bitmap for each
kvm_memory_slot and is used as reference when updating SPTEs. The whole
goal is t