Re: [RFC] KVM: mm: fd-based approach for supporting KVM guest private memory

From: David Hildenbrand
Date: Wed Sep 15 2021 - 11:35:57 EST

Next message: Peter Zijlstra: "Re: [PATCH 16/20] futex: Implement sys_futex_waitv()"
Previous message: Vignesh Raghavendra: "Re: [PATCH v3 3/5] arm64: dts: ti: iot2050: Add/enabled mailboxes and carve-outs for R5F cores"
In reply to: David Hildenbrand: "Re: [RFC] KVM: mm: fd-based approach for supporting KVM guest private memory"
Next in thread: Kirill A. Shutemov: "Re: [RFC] KVM: mm: fd-based approach for supporting KVM guest private memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

who will actually do some kind of gfn-epfn etc. mapping, how we'll
forbid access to this memory e.g., via /proc/kcore or when dumping memory

It's not aimed to prevent root to shoot into his leg. Root do root.

IMHO being root is not an excuse to read some random file (actually used
in production environments) to result in the machine crashing. Not
acceptable for distributions.

I just realized that reading encrypted memory should be ok and only writing is an issue, right?

--
Thanks,

David / dhildenb

Next message: Peter Zijlstra: "Re: [PATCH 16/20] futex: Implement sys_futex_waitv()"
Previous message: Vignesh Raghavendra: "Re: [PATCH v3 3/5] arm64: dts: ti: iot2050: Add/enabled mailboxes and carve-outs for R5F cores"
In reply to: David Hildenbrand: "Re: [RFC] KVM: mm: fd-based approach for supporting KVM guest private memory"
Next in thread: Kirill A. Shutemov: "Re: [RFC] KVM: mm: fd-based approach for supporting KVM guest private memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]