From: David Hildenbrand <david@redhat.com>
To: Ahmed Soliman <ahmedsoliman0x666@gmail.com>,
kvm@vger.kernel.org,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
riel@redhat.com, Kees Cook <keescook@chromium.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Hossam Hassan <7ossam9063@gmail.com>,
Ahmed Lotfy <A7med.lotfey@gmail.com>,
virtualization@lists.linux-foundation.org, qemu-devel@nongnu.org
Subject: Re: Design Decision for KVM based anti rootkit
Date: Mon, 18 Jun 2018 16:34:12 +0200 [thread overview]
Message-ID: <7c7ddb96-e865-53a2-3aa9-b79403c646a9@redhat.com> (raw)
In-Reply-To: <CAAGnT3bjYPu9bordn_Dh8z+MW6p5DDLoSsZC9xg8QxQriVus9A@mail.gmail.com>
On 16.06.2018 13:49, Ahmed Soliman wrote:
> Following up on these threads:
> - https://marc.info/?l=kvm&m=151929803301378&w=2
> - http://www.openwall.com/lists/kernel-hardening/2018/02/22/18
>
> I lost the original emails so I couldn't reply to them, and also sorry
> for being late, it was the end of semester exams.
>
> I was adviced on #qemu and #kernelnewbies IRCs to ask here as it will
> help having better insights.
>
> To wrap things up, the basic design will be a method for communication
> between host and guest is guest can request certain pages to be read
> only, and then host will force them to be read-only by guest until
> next guest reboot, then it will impossible for guest OS to have them
> as RW again. The choice of which pages to be set as read only is the
> guest's. So this way mixed pages can still be mixed with R/W content
> even if holds kernel code.
>
> I was planning to use KVM as my hypervisor, until I found out that KVM
> can't do that on its own so one will need a custom virtio driver to do
> this kind of guest-host communication/coordination, I am still
> sticking to KVM, and have no plans to do this for Xen at least for
> now, this means that in order to get it to work there must be a QEMU
> support our specific driver we are planning to write in order for
> things to work properly.
>
> The question is is this the right approach? or is there a simpler way
> to achieve this goal?
>
Especially if you want to support multiple architectures in the long
term, virtio is the way to go.
Design an architecture independent and extensible (+configurable)
interface and be happy :) This might of course require some thought.
(and don't worry, implementing a virtio driver is a lot simpler than you
might think)
But be aware that the virtio "hypervisor" side will be handled in QEMU,
so you'll need a proper QEMU->KVM interface to get things running.
--
Thanks,
David / dhildenb
WARNING: multiple messages have this Message-ID (diff)
From: David Hildenbrand <david@redhat.com>
To: Ahmed Soliman <ahmedsoliman0x666@gmail.com>,
kvm@vger.kernel.org,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
riel@redhat.com, Kees Cook <keescook@chromium.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Hossam Hassan <7ossam9063@gmail.com>,
Ahmed Lotfy <A7med.lotfey@gmail.com>,
virtualization@lists.linux-foundation.org, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Design Decision for KVM based anti rootkit
Date: Mon, 18 Jun 2018 16:34:12 +0200 [thread overview]
Message-ID: <7c7ddb96-e865-53a2-3aa9-b79403c646a9@redhat.com> (raw)
In-Reply-To: <CAAGnT3bjYPu9bordn_Dh8z+MW6p5DDLoSsZC9xg8QxQriVus9A@mail.gmail.com>
On 16.06.2018 13:49, Ahmed Soliman wrote:
> Following up on these threads:
> - https://marc.info/?l=kvm&m=151929803301378&w=2
> - http://www.openwall.com/lists/kernel-hardening/2018/02/22/18
>
> I lost the original emails so I couldn't reply to them, and also sorry
> for being late, it was the end of semester exams.
>
> I was adviced on #qemu and #kernelnewbies IRCs to ask here as it will
> help having better insights.
>
> To wrap things up, the basic design will be a method for communication
> between host and guest is guest can request certain pages to be read
> only, and then host will force them to be read-only by guest until
> next guest reboot, then it will impossible for guest OS to have them
> as RW again. The choice of which pages to be set as read only is the
> guest's. So this way mixed pages can still be mixed with R/W content
> even if holds kernel code.
>
> I was planning to use KVM as my hypervisor, until I found out that KVM
> can't do that on its own so one will need a custom virtio driver to do
> this kind of guest-host communication/coordination, I am still
> sticking to KVM, and have no plans to do this for Xen at least for
> now, this means that in order to get it to work there must be a QEMU
> support our specific driver we are planning to write in order for
> things to work properly.
>
> The question is is this the right approach? or is there a simpler way
> to achieve this goal?
>
Especially if you want to support multiple architectures in the long
term, virtio is the way to go.
Design an architecture independent and extensible (+configurable)
interface and be happy :) This might of course require some thought.
(and don't worry, implementing a virtio driver is a lot simpler than you
might think)
But be aware that the virtio "hypervisor" side will be handled in QEMU,
so you'll need a proper QEMU->KVM interface to get things running.
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2018-06-18 14:34 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-16 11:49 Design Decision for KVM based anti rootkit Ahmed Soliman
2018-06-16 11:49 ` [Qemu-devel] " Ahmed Soliman
2018-06-18 14:34 ` David Hildenbrand [this message]
2018-06-18 14:34 ` David Hildenbrand
2018-06-18 16:35 ` Ahmed Soliman
2018-06-18 16:35 ` Ahmed Soliman
2018-06-18 16:35 ` [Qemu-devel] " Ahmed Soliman
2018-06-18 19:01 ` David Hildenbrand
2018-06-18 19:01 ` David Hildenbrand
2018-06-18 19:01 ` [Qemu-devel] " David Hildenbrand
2018-06-19 17:37 ` David Vrabel
2018-06-19 17:37 ` [Qemu-devel] " David Vrabel
2018-06-19 18:12 ` Ahmed Soliman
2018-06-19 18:12 ` Ahmed Soliman
2018-06-19 18:12 ` [Qemu-devel] " Ahmed Soliman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7c7ddb96-e865-53a2-3aa9-b79403c646a9@redhat.com \
--to=david@redhat.com \
--cc=7ossam9063@gmail.com \
--cc=A7med.lotfey@gmail.com \
--cc=ahmedsoliman0x666@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kvm@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
--cc=riel@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.