So from what I understand, HLAT lets the HV override guest VAs with its own translations? It's neat, I guess, but I can't figure out how this actually eliminates any real capability?
Like, attackers aren't going after the kernel for lolz, they're going after it to attack other user space processes. This protects the kernel but once you have arbitrary read and write in the kernel (including the ability to map arbitrary memory to user space!) the entire confidentiality game has been lost, no? Yes, of course, there's value in "defense in depth" but an ISA feature requiring new silicon which can be defeated in a day or two seems like an odd value proposition.
Like, attackers aren't going after the kernel for lolz, they're going after it to attack other user space processes. This protects the kernel but once you have arbitrary read and write in the kernel (including the ability to map arbitrary memory to user space!) the entire confidentiality game has been lost, no? Yes, of course, there's value in "defense in depth" but an ISA feature requiring new silicon which can be defeated in a day or two seems like an odd value proposition.