From: Razvan Cojocaru <rcojocaru@bitdefender.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: Blocking CR and MSR writes via mem_access?
Date: Thu, 02 Oct 2014 14:46:19 +0300 [thread overview]
Message-ID: <542D3B0B.9070808@bitdefender.com> (raw)
In-Reply-To: <542D55AE020000780003BEFB@mail.emea.novell.com>
On 10/02/14 14:39, Jan Beulich wrote:
>>>> On 02.10.14 at 12:49, <rcojocaru@bitdefender.com> wrote:
>> Currently hvm_memory_event_cr3() and the other hvm_memory_event_*()
>> functions in hvm.c can pause the VCPU and send a mem_event with the new
>> value of the respective register, but especially in the case of CR
>> events (as opposed to MSR events), this is done _after_ the value is set
>> (please see hvm_set_cr3() in hvm.c).
>>
>> It would be interesting from a memory introspection application's point
>> of view to be able to receive a mem_event _before_ the value is set, and
>> important to be able to veto the change.
>
> So what do you expect the effect of denying the write to be?
> Wouldn't crashing the guest explicitly have about the same effect?
Thanks for the quick reply!
Denying a normal, legitimate write, would indeed be a problem along the
lines of what you are describing, but the point would be to block
malicious writes that would modify the SYSCALL entry point, disable SMAP
/ SMEP, and so on.
>> 1. Would it be acceptable to move the CR3 event sending code so that a
>> mem_access client would receive the event _before_ the write takes
>> place? Is this likely to break other mem_event clients that might rely
>> on the event being received _after_ the value has been set?
>
> I don't think you should break existing behavior. If you need an
> event before the setting gets carried out, just add another one.
Understood.
Thanks,
Razvan Cojocaru
next prev parent reply other threads:[~2014-10-02 11:46 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-02 10:49 Blocking CR and MSR writes via mem_access? Razvan Cojocaru
2014-10-02 11:39 ` Jan Beulich
2014-10-02 11:46 ` Razvan Cojocaru [this message]
2014-10-02 11:51 ` Andrew Cooper
2014-10-02 11:54 ` Razvan Cojocaru
2014-10-02 11:51 ` Jan Beulich
2014-10-02 12:04 ` Razvan Cojocaru
2014-10-03 12:32 ` Tamas K Lengyel
2014-10-03 12:37 ` Andrew Cooper
2014-10-03 13:00 ` Razvan Cojocaru
2014-10-03 16:22 ` Tamas K Lengyel
2014-10-03 18:13 ` Razvan Cojocaru
2014-10-06 14:25 ` Razvan Cojocaru
2014-10-07 8:59 ` Tamas K Lengyel
2014-10-07 10:21 ` Razvan Cojocaru
2014-10-07 10:48 ` Razvan Cojocaru
2014-10-07 12:30 ` Tamas K Lengyel
2014-10-07 12:40 ` Jan Beulich
2014-10-07 12:46 ` Tamas K Lengyel
2014-10-07 12:49 ` Andrew Cooper
2014-10-07 12:55 ` Razvan Cojocaru
2014-10-07 12:58 ` Tamas K Lengyel
2014-10-07 13:06 ` Razvan Cojocaru
2014-10-07 12:48 ` Razvan Cojocaru
2014-10-27 16:10 ` Razvan Cojocaru
2014-10-03 12:42 ` Razvan Cojocaru
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=542D3B0B.9070808@bitdefender.com \
--to=rcojocaru@bitdefender.com \
--cc=JBeulich@suse.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.