Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

On 12/6/23 12:51, Peter Zijlstra wrote: > On Wed, Dec 06, 2023 at 10:37:33AM -0600, Madhavan T. Venkataraman wrote: >> >> >> On 11/30/23 05:33, Peter Zijlstra wrote: >>> On Wed, Nov 29, 2023 at 03:07:15PM -0600, Madhavan T. Venkataraman w

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

On 11/30/23 18:45, Edgecombe, Rick P wrote: > On Wed, 2023-11-29 at 15:07 -0600, Madhavan T. Venkataraman wrote: >> Threat Model >> >> >> In the threat model in Heki, the attacker is a user space attacker >> who exploits >> a kernel vulnerab

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

On 11/30/23 05:33, Peter Zijlstra wrote: > On Wed, Nov 29, 2023 at 03:07:15PM -0600, Madhavan T. Venkataraman wrote: > >> Kernel Lockdown >> --- >> >> But, we must provide at least some security in V2. Otherwise, it is useless. >> >> So,

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

On 11/27/23 14:08, Peter Zijlstra wrote: > On Mon, Nov 27, 2023 at 10:48:29AM -0600, Madhavan T. Venkataraman wrote: >> Apologies for the late reply. I was on vacation. Please see my response >> below: >> >> On 11/13/23 02:19, Peter Zijlstra wrote: >>> On S

Re: [RFC PATCH v2 18/19] heki: x86: Protect guest kernel memory using the KVM hypervisor

On 11/27/23 14:03, Peter Zijlstra wrote: > On Mon, Nov 27, 2023 at 11:05:23AM -0600, Madhavan T. Venkataraman wrote: >> Apologies for the late reply. I was on vacation. Please see my response >> below: >> >> On 11/13/23 02:54, Peter Zijlstra wrote: >>> On S

Re: [RFC PATCH v2 18/19] heki: x86: Protect guest kernel memory using the KVM hypervisor

Apologies for the late reply. I was on vacation. Please see my response below: On 11/13/23 02:54, Peter Zijlstra wrote: > On Sun, Nov 12, 2023 at 09:23:25PM -0500, Mickaël Salaün wrote: >> From: Madhavan T. Venkataraman >> >> Implement a hypervisor function, kvm_protect_me

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

Apologies for the late reply. I was on vacation. Please see my response below: On 11/13/23 02:19, Peter Zijlstra wrote: > On Sun, Nov 12, 2023 at 09:23:24PM -0500, Mickaël Salaün wrote: >> From: Madhavan T. Venkataraman >> >> X86 uses a function called __text_poke() to m

Re: [PATCH v1 2/9] KVM: x86/mmu: Add support for prewrite page tracking

On 5/5/23 12:31, Sean Christopherson wrote: > On Fri, May 05, 2023, Micka�l Sala�n wrote: >> >> On 05/05/2023 18:28, Sean Christopherson wrote: >>> I have no doubt that we'll need to solve performance and scaling issues >>> with the >>> memory attributes implementation, e.g. to utilize xarr

Re: [PATCH v1 3/9] virt: Implement Heki common code

Sorry for the delay. See inline... On 5/8/23 12:29, Wei Liu wrote: > On Fri, May 05, 2023 at 05:20:40PM +0200, Mickaël Salaün wrote: >> From: Madhavan T. Venkataraman >> >> Hypervisor Enforced Kernel Integrity (Heki) is a feature that will use >> the hypervisor to en