From: Randy Dunlap <rdunlap@infradead.org>
To: Ahmed Abd El Mawgood <ahmedsoliman0x666@gmail.com>,
kvm@vger.kernel.org,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
virtualization@lists.linux-foundation.org,
linux-doc@vger.kernel.org, x86@kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
rkrcmar@redhat.com, nathan Corbet <corbet@lwn.net>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
hpa@zytor.com, Kees Cook <keescook@chromium.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
David Hildenbrand <david@redhat.com>,
Boris Lukashev <blukashev@sempervictus.com>,
David Vrabel <david.vrabel@nutanix.com>,
nigel.edwards@hpe.com, Rik van Riel <riel@surriel.com>
Subject: Re: [PATCH 3/3] [RFC V3] KVM: X86: Adding skeleton for Memory ROE
Date: Thu, 19 Jul 2018 18:07:59 -0700 [thread overview]
Message-ID: <26f2e29b-c016-7140-4fea-853fbbd01459@infradead.org> (raw)
In-Reply-To: <20180719213802.17161-4-ahmedsoliman0x666@gmail.com>
On 07/19/2018 02:38 PM, Ahmed Abd El Mawgood wrote:
> This patch introduces a hypercall implemented for X86 that can assist
> against subset of kernel rootkits, it works by place readonly protection in
> shadow PTE. The end result protection is also kept in a bitmap for each
> kvm_memory_slot and is used as reference when updating SPTEs. The whole
> goal is to protect the guest kernel static data from modification if
> attacker is running from guest ring 0, for this reason there is no
> hypercall to revert effect of Memory ROE hypercall. This patch doesn't
> implement integrity check on guest TLB so obvious attack on the current
> implementation will involve guest virtual address -> guest physical
> address remapping, but there are plans to fix that.
>
> Signed-off-by: Ahmed Abd El Mawgood <ahmedsoliman0x666@gmail.com>
> ---
> diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
> index 92fd433c50b9..8ae822a8dc7a 100644
> --- a/arch/x86/kvm/Kconfig
> +++ b/arch/x86/kvm/Kconfig
> @@ -96,6 +96,13 @@ config KVM_MMU_AUDIT
> This option adds a R/W kVM module parameter 'mmu_audit', which allows
> auditing of KVM MMU events at runtime.
>
> +config KVM_MROE
> + bool "Hypercall Memory Read-Only Enforcement"
> + depends on KVM && X86
> + help
> + This option add KVM_HC_HMROE hypercall to kvm which as hardening
adds to kvm as a hardening (???)
> + mechanism to protect memory pages from being edited.
> +
> # OK, it's a little counter-intuitive to do this, but it puts it neatly under
> # the virtualization menu.
> source drivers/vhost/Kconfig
--
~Randy
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-07-20 1:08 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-19 21:37 Memory Read Only Enforcement: VMM assisted kernel rootkit mitigation for KVM Ahmed Abd El Mawgood
2018-07-19 21:38 ` [PATCH 1/3] [RFC V3] KVM: X86: Memory ROE documentation Ahmed Abd El Mawgood
2018-07-20 1:11 ` Randy Dunlap
2018-07-19 21:38 ` [PATCH 2/3] [RFC V3] KVM: X86: Adding arbitrary data pointer in kvm memslot itterator functions Ahmed Abd El Mawgood
2018-07-19 21:38 ` [PATCH 3/3] [RFC V3] KVM: X86: Adding skeleton for Memory ROE Ahmed Abd El Mawgood
2018-07-19 22:59 ` Jann Horn
2018-07-20 0:26 ` Ahmed Soliman
2018-07-20 1:28 ` Jann Horn
2018-07-20 14:44 ` Ahmed Soliman
2018-07-20 1:07 ` Randy Dunlap [this message]
2018-07-20 2:45 ` Memory Read Only Enforcement: VMM assisted kernel rootkit mitigation for KVM Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=26f2e29b-c016-7140-4fea-853fbbd01459@infradead.org \
--to=rdunlap@infradead.org \
--cc=ahmedsoliman0x666@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=blukashev@sempervictus.com \
--cc=corbet@lwn.net \
--cc=david.vrabel@nutanix.com \
--cc=david@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nigel.edwards@hpe.com \
--cc=pbonzini@redhat.com \
--cc=riel@surriel.com \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=virtualization@lists.linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).