From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Ahmed Abd El Mawgood <ahmedsoliman0x666@gmail.com>,
xen-devel@lists.xensource.com
Cc: kvm@vger.kernel.org,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
virtualization@lists.linux-foundation.org,
linux-doc@vger.kernel.org, x86@kernel.org,
Paolo Bonzini <pbonzini@redhat.com>,
rkrcmar@redhat.com, nathan Corbet <corbet@lwn.net>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
hpa@zytor.com, Kees Cook <keescook@chromium.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
David Hildenbrand <david@redhat.com>,
Boris Lukashev <blukashev@sempervictus.com>,
David Vrabel <david.vrabel@nutanix.com>,
nigel.edwards@hpe.com, Rik van Riel <riel@surriel.com>
Subject: Re: Memory Read Only Enforcement: VMM assisted kernel rootkit mitigation for KVM
Date: Thu, 19 Jul 2018 22:45:33 -0400 [thread overview]
Message-ID: <20180720024533.GA27437@char.US.ORACLE.com> (raw)
In-Reply-To: <20180719213802.17161-1-ahmedsoliman0x666@gmail.com>
On Thu, Jul 19, 2018 at 11:37:59PM +0200, Ahmed Abd El Mawgood wrote:
> Hi,
>
> This is my first set of patches that works as I would expect, and the
> third revision I sent to mailing lists.
>
> Following up with my previous discussions about kernel rootkit mitigation
> via placing R/O protection on critical data structure, static data,
> privileged registers with static content. These patches present the
> first part where it is only possible to place these protections on
> memory pages. Feature-wise, this set of patches is incomplete in the sense of:
> - They still don't protect privileged registers
> - They don't protect guest TLB from malicious gva -> gpa page mappings.
> But they provide sketches for a basic working design. Note that I am totally
> noob and it took lots of time and effort to get to this point. So sorry in
> advance if I overlooked something.
This reminds me of Xen PV page model. That is the hypervisor is the one
auditing the page tables and the guest's pages are read-only.
Ditto for IDT, GDT, etc. Gosh, did you by chance look at how
Xen PV mechanism is done? It may provide the protection you are looking for?
CC-ing xen-devel.
>
> [PATCH 1/3] [RFC V3] KVM: X86: Memory ROE documentation
> [PATCH 2/3] [RFC V3] KVM: X86: Adding arbitrary data pointer in kvm memslot itterator functions
> [PATCH 3/3] [RFC V3] KVM: X86: Adding skeleton for Memory ROE
>
> Summery:
>
> Documentation/virtual/kvm/hypercalls.txt | 14 ++++
> arch/x86/include/asm/kvm_host.h | 11 ++-
> arch/x86/kvm/Kconfig | 7 ++
> arch/x86/kvm/mmu.c | 127 ++++++++++++++++++++++---------
> arch/x86/kvm/x86.c | 82 +++++++++++++++++++-
> include/linux/kvm_host.h | 3 +
> include/uapi/linux/kvm_para.h | 1 +
> virt/kvm/kvm_main.c | 29 ++++++-
> 8 files changed, 232 insertions(+), 42 deletions(-)
>
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2018-07-20 2:46 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-19 21:37 Memory Read Only Enforcement: VMM assisted kernel rootkit mitigation for KVM Ahmed Abd El Mawgood
2018-07-19 21:38 ` [PATCH 1/3] [RFC V3] KVM: X86: Memory ROE documentation Ahmed Abd El Mawgood
2018-07-20 1:11 ` Randy Dunlap
2018-07-19 21:38 ` [PATCH 2/3] [RFC V3] KVM: X86: Adding arbitrary data pointer in kvm memslot itterator functions Ahmed Abd El Mawgood
2018-07-19 21:38 ` [PATCH 3/3] [RFC V3] KVM: X86: Adding skeleton for Memory ROE Ahmed Abd El Mawgood
2018-07-19 22:59 ` Jann Horn
2018-07-20 0:26 ` Ahmed Soliman
2018-07-20 1:28 ` Jann Horn
2018-07-20 14:44 ` Ahmed Soliman
2018-07-20 1:07 ` Randy Dunlap
2018-07-20 2:45 ` Konrad Rzeszutek Wilk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180720024533.GA27437@char.US.ORACLE.com \
--to=konrad.wilk@oracle.com \
--cc=ahmedsoliman0x666@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=blukashev@sempervictus.com \
--cc=corbet@lwn.net \
--cc=david.vrabel@nutanix.com \
--cc=david@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nigel.edwards@hpe.com \
--cc=pbonzini@redhat.com \
--cc=riel@surriel.com \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).