From: Razvan Cojocaru <rcojocaru@bitdefender.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>,
Jan Beulich <JBeulich@suse.com>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: Blocking CR and MSR writes via mem_access?
Date: Thu, 02 Oct 2014 14:54:45 +0300 [thread overview]
Message-ID: <542D3D05.8020806@bitdefender.com> (raw)
In-Reply-To: <542D3C4C.7080307@citrix.com>
On 10/02/14 14:51, Andrew Cooper wrote:
> On 02/10/14 12:46, Razvan Cojocaru wrote:
>> On 10/02/14 14:39, Jan Beulich wrote:
>>>>>> On 02.10.14 at 12:49, <rcojocaru@bitdefender.com> wrote:
>>>> Currently hvm_memory_event_cr3() and the other hvm_memory_event_*()
>>>> functions in hvm.c can pause the VCPU and send a mem_event with the new
>>>> value of the respective register, but especially in the case of CR
>>>> events (as opposed to MSR events), this is done _after_ the value is set
>>>> (please see hvm_set_cr3() in hvm.c).
>>>>
>>>> It would be interesting from a memory introspection application's point
>>>> of view to be able to receive a mem_event _before_ the value is set, and
>>>> important to be able to veto the change.
>>> So what do you expect the effect of denying the write to be?
>>> Wouldn't crashing the guest explicitly have about the same effect?
>> Thanks for the quick reply!
>>
>> Denying a normal, legitimate write, would indeed be a problem along the
>> lines of what you are describing, but the point would be to block
>> malicious writes that would modify the SYSCALL entry point, disable SMAP
>> / SMEP, and so on.
>
> So your use case is to protect a running VM which is under active attack
> without crashing the domain wholesale?
>
> I presume you then want to degrade the illegitimate writes to nops?
Yes, pretty much.
Thanks,
Razvan Cojocaru
next prev parent reply other threads:[~2014-10-02 11:54 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-02 10:49 Blocking CR and MSR writes via mem_access? Razvan Cojocaru
2014-10-02 11:39 ` Jan Beulich
2014-10-02 11:46 ` Razvan Cojocaru
2014-10-02 11:51 ` Andrew Cooper
2014-10-02 11:54 ` Razvan Cojocaru [this message]
2014-10-02 11:51 ` Jan Beulich
2014-10-02 12:04 ` Razvan Cojocaru
2014-10-03 12:32 ` Tamas K Lengyel
2014-10-03 12:37 ` Andrew Cooper
2014-10-03 13:00 ` Razvan Cojocaru
2014-10-03 16:22 ` Tamas K Lengyel
2014-10-03 18:13 ` Razvan Cojocaru
2014-10-06 14:25 ` Razvan Cojocaru
2014-10-07 8:59 ` Tamas K Lengyel
2014-10-07 10:21 ` Razvan Cojocaru
2014-10-07 10:48 ` Razvan Cojocaru
2014-10-07 12:30 ` Tamas K Lengyel
2014-10-07 12:40 ` Jan Beulich
2014-10-07 12:46 ` Tamas K Lengyel
2014-10-07 12:49 ` Andrew Cooper
2014-10-07 12:55 ` Razvan Cojocaru
2014-10-07 12:58 ` Tamas K Lengyel
2014-10-07 13:06 ` Razvan Cojocaru
2014-10-07 12:48 ` Razvan Cojocaru
2014-10-27 16:10 ` Razvan Cojocaru
2014-10-03 12:42 ` Razvan Cojocaru
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=542D3D05.8020806@bitdefender.com \
--to=rcojocaru@bitdefender.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.