From: Jann Horn <jannh@google.com>
To: ahmedsoliman0x666@gmail.com
Cc: kvm@vger.kernel.org,
"Kernel Hardening" <kernel-hardening@lists.openwall.com>,
virtualization@lists.linux-foundation.org,
linux-doc@vger.kernel.org,
"the arch/x86 maintainers" <x86@kernel.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"H . Peter Anvin" <hpa@zytor.com>,
"Kees Cook" <keescook@chromium.org>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
david@redhat.com, "Boris Lukashev" <blukashev@sempervictus.com>,
david.vrabel@nutanix.com, nigel.edwards@hpe.com,
riel@surriel.com
Subject: Re: [PATCH 3/3] [RFC V3] KVM: X86: Adding skeleton for Memory ROE
Date: Fri, 20 Jul 2018 00:59:43 +0200 [thread overview]
Message-ID: <CAG48ez3EyU=ROBczUdHEuOYBtZghYqOpq3K16Bs4RQLO1OO6oA@mail.gmail.com> (raw)
In-Reply-To: <20180719213802.17161-4-ahmedsoliman0x666@gmail.com>
On Thu, Jul 19, 2018 at 11:40 PM Ahmed Abd El Mawgood
<ahmedsoliman0x666@gmail.com> wrote:
> This patch introduces a hypercall implemented for X86 that can assist
> against subset of kernel rootkits, it works by place readonly protection in
> shadow PTE. The end result protection is also kept in a bitmap for each
> kvm_memory_slot and is used as reference when updating SPTEs. The whole
> goal is to protect the guest kernel static data from modification if
> attacker is running from guest ring 0, for this reason there is no
> hypercall to revert effect of Memory ROE hypercall. This patch doesn't
> implement integrity check on guest TLB so obvious attack on the current
> implementation will involve guest virtual address -> guest physical
> address remapping, but there are plans to fix that.
Why are you implementing this in the kernel, instead of doing it in
host userspace?
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Jann Horn <jannh@google.com>
To: ahmedsoliman0x666@gmail.com
Cc: kvm@vger.kernel.org,
"Kernel Hardening" <kernel-hardening@lists.openwall.com>,
virtualization@lists.linux-foundation.org,
linux-doc@vger.kernel.org,
"the arch/x86 maintainers" <x86@kernel.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"H . Peter Anvin" <hpa@zytor.com>,
"Kees Cook" <keescook@chromium.org>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
david@redhat.com, "Boris Lukashev" <blukashev@sempervictus.com>,
david.vrabel@nutanix.com, nigel.edwards@hpe.com,
riel@surriel.com
Subject: Re: [PATCH 3/3] [RFC V3] KVM: X86: Adding skeleton for Memory ROE
Date: Fri, 20 Jul 2018 00:59:43 +0200 [thread overview]
Message-ID: <CAG48ez3EyU=ROBczUdHEuOYBtZghYqOpq3K16Bs4RQLO1OO6oA@mail.gmail.com> (raw)
In-Reply-To: <20180719213802.17161-4-ahmedsoliman0x666@gmail.com>
On Thu, Jul 19, 2018 at 11:40 PM Ahmed Abd El Mawgood
<ahmedsoliman0x666@gmail.com> wrote:
> This patch introduces a hypercall implemented for X86 that can assist
> against subset of kernel rootkits, it works by place readonly protection in
> shadow PTE. The end result protection is also kept in a bitmap for each
> kvm_memory_slot and is used as reference when updating SPTEs. The whole
> goal is to protect the guest kernel static data from modification if
> attacker is running from guest ring 0, for this reason there is no
> hypercall to revert effect of Memory ROE hypercall. This patch doesn't
> implement integrity check on guest TLB so obvious attack on the current
> implementation will involve guest virtual address -> guest physical
> address remapping, but there are plans to fix that.
Why are you implementing this in the kernel, instead of doing it in
host userspace?
next prev parent reply other threads:[~2018-07-19 23:00 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-19 21:37 Memory Read Only Enforcement: VMM assisted kernel rootkit mitigation for KVM Ahmed Abd El Mawgood
2018-07-19 21:37 ` Ahmed Abd El Mawgood
2018-07-19 21:37 ` Ahmed Abd El Mawgood
2018-07-19 21:38 ` [PATCH 1/3] [RFC V3] KVM: X86: Memory ROE documentation Ahmed Abd El Mawgood
2018-07-19 21:38 ` Ahmed Abd El Mawgood
2018-07-20 1:11 ` Randy Dunlap
2018-07-20 1:11 ` Randy Dunlap
2018-07-20 1:11 ` Randy Dunlap
2018-07-19 21:38 ` Ahmed Abd El Mawgood
2018-07-19 21:38 ` [PATCH 2/3] [RFC V3] KVM: X86: Adding arbitrary data pointer in kvm memslot itterator functions Ahmed Abd El Mawgood
2018-07-19 21:38 ` Ahmed Abd El Mawgood
2018-07-19 21:38 ` Ahmed Abd El Mawgood
2018-07-19 21:38 ` [PATCH 3/3] [RFC V3] KVM: X86: Adding skeleton for Memory ROE Ahmed Abd El Mawgood
2018-07-19 21:38 ` Ahmed Abd El Mawgood
2018-07-19 22:59 ` Jann Horn [this message]
2018-07-19 22:59 ` Jann Horn
2018-07-20 0:26 ` Ahmed Soliman
2018-07-20 0:26 ` Ahmed Soliman
2018-07-20 0:26 ` Ahmed Soliman
2018-07-20 1:28 ` Jann Horn
2018-07-20 1:28 ` Jann Horn
2018-07-20 14:44 ` Ahmed Soliman
2018-07-20 14:44 ` Ahmed Soliman
2018-07-20 14:44 ` Ahmed Soliman
2018-07-20 1:07 ` Randy Dunlap
2018-07-20 1:07 ` Randy Dunlap
2018-07-20 1:07 ` Randy Dunlap
2018-07-19 21:38 ` Ahmed Abd El Mawgood
2018-07-20 2:45 ` Memory Read Only Enforcement: VMM assisted kernel rootkit mitigation for KVM Konrad Rzeszutek Wilk
2018-07-20 2:45 ` Konrad Rzeszutek Wilk
2018-07-20 2:45 ` Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAG48ez3EyU=ROBczUdHEuOYBtZghYqOpq3K16Bs4RQLO1OO6oA@mail.gmail.com' \
--to=jannh@google.com \
--cc=ahmedsoliman0x666@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=blukashev@sempervictus.com \
--cc=corbet@lwn.net \
--cc=david.vrabel@nutanix.com \
--cc=david@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nigel.edwards@hpe.com \
--cc=pbonzini@redhat.com \
--cc=riel@surriel.com \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.