From: "Mickaël Salaün" <mic@digikod.net>
To: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
"Christopherson,, Sean" <seanjc@google.com>,
"bp@alien8.de" <bp@alien8.de>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"keescook@chromium.org" <keescook@chromium.org>,
"hpa@zytor.com" <hpa@zytor.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"wanpengli@tencent.com" <wanpengli@tencent.com>,
"vkuznets@redhat.com" <vkuznets@redhat.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"yuanyu@google.com" <yuanyu@google.com>,
"jamorris@linux.microsoft.com" <jamorris@linux.microsoft.com>,
"marian.c.rotariu@gmail.com" <marian.c.rotariu@gmail.com>,
"Graf, Alexander" <graf@amazon.com>,
"Andersen, John S" <john.s.andersen@intel.com>,
"madvenka@linux.microsoft.com" <madvenka@linux.microsoft.com>,
"liran.alon@oracle.com" <liran.alon@oracle.com>,
"ssicleru@bitdefender.com" <ssicleru@bitdefender.com>,
"tgopinath@microsoft.com" <tgopinath@microsoft.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"will@kernel.org" <will@kernel.org>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
"dev@lists.cloudhypervisor.org" <dev@lists.cloudhypervisor.org>,
"mdontu@bitdefender.com" <mdontu@bitdefender.com>,
"linux-hardening@vger.kernel.org"
<linux-hardening@vger.kernel.org>,
"linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
"virtualization@lists.linux-foundation.org"
<virtualization@lists.linux-foundation.org>,
"nicu.citu@icloud.com" <nicu.citu@icloud.com>,
"ztarkhani@microsoft.com" <ztarkhani@microsoft.com>,
"x86@kernel.org" <x86@kernel.org>
Subject: Re: [RFC PATCH v1 0/9] Hypervisor-Enforced Kernel Integrity
Date: Fri, 26 May 2023 17:22:03 +0200 [thread overview]
Message-ID: <58a803f6-c3de-3362-673f-767767a43f9c@digikod.net> (raw)
In-Reply-To: <facfd178-3157-80b4-243b-a5c8dabadbfb@digikod.net>
On 25/05/2023 15:59, Mickaël Salaün wrote:
>
> On 25/05/2023 00:20, Edgecombe, Rick P wrote:
>> On Fri, 2023-05-05 at 17:20 +0200, Mickaël Salaün wrote:
>>> # How does it work?
>>>
>>> This implementation mainly leverages KVM capabilities to control the
>>> Second
>>> Layer Address Translation (or the Two Dimensional Paging e.g.,
>>> Intel's EPT or
>>> AMD's RVI/NPT) and Mode Based Execution Control (Intel's MBEC)
>>> introduced with
>>> the Kaby Lake (7th generation) architecture. This allows to set
>>> permissions on
>>> memory pages in a complementary way to the guest kernel's managed
>>> memory
>>> permissions. Once these permissions are set, they are locked and
>>> there is no
>>> way back.
>>>
>>> A first KVM_HC_LOCK_MEM_PAGE_RANGES hypercall enables the guest
>>> kernel to lock
>>> a set of its memory page ranges with either the HEKI_ATTR_MEM_NOWRITE
>>> or the
>>> HEKI_ATTR_MEM_EXEC attribute. The first one denies write access to a
>>> specific
>>> set of pages (allow-list approach), and the second only allows kernel
>>> execution
>>> for a set of pages (deny-list approach).
>>>
>>> The current implementation sets the whole kernel's .rodata (i.e., any
>>> const or
>>> __ro_after_init variables, which includes critical security data such
>>> as LSM
>>> parameters) and .text sections as non-writable, and the .text section
>>> is the
>>> only one where kernel execution is allowed. This is possible thanks
>>> to the new
>>> MBEC support also brough by this series (otherwise the vDSO would
>>> have to be
>>> executable). Thanks to this hardware support (VT-x, EPT and MBEC),
>>> the
>>> performance impact of such guest protection is negligible.
>>>
>>> The second KVM_HC_LOCK_CR_UPDATE hypercall enables guests to pin some
>>> of its
>>> CPU control register flags (e.g., X86_CR0_WP, X86_CR4_SMEP,
>>> X86_CR4_SMAP),
>>> which is another complementary hardening mechanism.
>>>
>>> Heki can be enabled with the heki=1 boot command argument.
>>>
>>>
>>
>> Can the guest kernel ask the host VMM's emulated devices to DMA into
>> the protected data? It should go through the host userspace mappings I
>> think, which don't care about EPT permissions. Or did I miss where you
>> are protecting that another way? There are a lot of easy ways to ask
>> the host to write to guest memory that don't involve the EPT. You
>> probably need to protect the host userspace mappings, and also the
>> places in KVM that kmap a GPA provided by the guest.
>
> Good point, I'll check this confused deputy attack. Extended KVM
> protections should indeed handle all ways to map guests' memory. I'm
> wondering if current VMMs would gracefully handle such new restrictions
> though.
I guess the host could map arbitrary data to the guest, so that need to
be handled, but how could the VMM (not the host kernel) bypass/update
EPT initially used for the guest (and potentially later mapped to the host)?
next prev parent reply other threads:[~2023-05-26 15:22 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-05 15:20 [RFC PATCH v1 0/9] Hypervisor-Enforced Kernel Integrity Mickaël Salaün
2023-05-05 15:20 ` [PATCH v1 1/9] KVM: x86: Add kvm_x86_ops.fault_gva() Mickaël Salaün
2023-05-05 15:20 ` [PATCH v1 2/9] KVM: x86/mmu: Add support for prewrite page tracking Mickaël Salaün
2023-05-05 16:28 ` Sean Christopherson
2023-05-05 16:49 ` Mickaël Salaün
2023-05-05 17:31 ` Sean Christopherson
2023-05-24 20:53 ` Madhavan T. Venkataraman
2023-05-05 15:20 ` [PATCH v1 3/9] virt: Implement Heki common code Mickaël Salaün
2023-05-08 17:29 ` Wei Liu
2023-05-17 12:47 ` Madhavan T. Venkataraman
2023-05-29 16:03 ` Mickaël Salaün
2023-05-05 15:20 ` [PATCH v1 4/9] KVM: x86: Add new hypercall to set EPT permissions Mickaël Salaün
2023-05-05 16:44 ` Sean Christopherson
2023-05-05 17:01 ` Mickaël Salaün
2023-05-05 17:17 ` Sean Christopherson
2023-05-05 15:20 ` [PATCH v1 5/9] KVM: x86: Add new hypercall to lock control registers Mickaël Salaün
2023-05-08 21:11 ` Wei Liu
2023-05-29 16:48 ` Mickaël Salaün
2023-05-30 23:16 ` Kees Cook
2023-05-30 23:16 ` Kees Cook
2023-05-05 15:20 ` [PATCH v1 6/9] KVM: x86: Add Heki hypervisor support Mickaël Salaün
2023-05-08 21:18 ` Wei Liu
2023-05-26 16:49 ` Mickaël Salaün
2023-05-05 15:20 ` [PATCH v1 7/9] KVM: VMX: Add MBEC support Mickaël Salaün
2023-05-05 15:20 ` [PATCH v1 8/9] KVM: x86/mmu: Enable guests to lock themselves thanks to MBEC Mickaël Salaün
2023-05-05 15:20 ` [PATCH v1 9/9] virt: Add Heki KUnit tests Mickaël Salaün
2023-05-24 21:04 ` [RFC PATCH v1 0/9] Hypervisor-Enforced Kernel Integrity Trilok Soni
2023-05-25 13:25 ` Mickaël Salaün
2023-05-25 18:34 ` Trilok Soni
2023-05-30 9:54 ` Mickaël Salaün
2023-05-24 22:20 ` Edgecombe, Rick P
2023-05-25 0:37 ` Trilok Soni
2023-05-25 13:59 ` Mickaël Salaün
2023-05-25 15:52 ` Edgecombe, Rick P
2023-05-25 16:07 ` Sean Christopherson
2023-05-25 19:16 ` Edgecombe, Rick P
2023-05-26 15:35 ` Mickaël Salaün
2023-05-26 15:22 ` Mickaël Salaün [this message]
2023-05-30 16:23 ` Edgecombe, Rick P
[not found] ` <ZHes4a73Zg+6JuFB@google.com>
2023-06-02 15:07 ` Mickaël Salaün
2023-05-26 2:36 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58a803f6-c3de-3362-673f-767767a43f9c@digikod.net \
--to=mic@digikod.net \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=dev@lists.cloudhypervisor.org \
--cc=graf@amazon.com \
--cc=hpa@zytor.com \
--cc=jamorris@linux.microsoft.com \
--cc=john.s.andersen@intel.com \
--cc=keescook@chromium.org \
--cc=kvm@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=liran.alon@oracle.com \
--cc=madvenka@linux.microsoft.com \
--cc=marian.c.rotariu@gmail.com \
--cc=mdontu@bitdefender.com \
--cc=mingo@redhat.com \
--cc=nicu.citu@icloud.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=ssicleru@bitdefender.com \
--cc=tglx@linutronix.de \
--cc=tgopinath@microsoft.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
--cc=yuanyu@google.com \
--cc=ztarkhani@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.