Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp3705383imd;
        Mon, 29 Oct 2018 11:02:56 -0700 (PDT)
X-Google-Smtp-Source: AJdET5dr26WOTCyoc1/9DP797xi/qOm0w9TMm5oApVF4iLvW/5jf3d3L/QF42+dkI3VmD/8MVhpi
X-Received: by 2002:a63:ed09:: with SMTP id d9-v6mr14539803pgi.305.1540836176712;
        Mon, 29 Oct 2018 11:02:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540836176; cv=none;
        d=google.com; s=arc-20160816;
        b=AFQ3YjMNkSRc/AEWcm3sjQaviKUiX+xe4hkEeT9EpNWxdAqaGmZESwf2yGUOc+RZ7r
         KDDC2Qhc2vr12lqpjT91fKqADCd98ZT4p6SPVXn4Diep9+T4eBz8jCPS+WubqHJUJbWJ
         fAnDM9GsYvUZtUGq2UrROoZIphoN64A/CFrDI9WF2tjh8oAmA7Gi4WCF7XmI1kLQws58
         MBMhl13YBeZ9vszwZ5uJ8cmetvMG/vwJKHNkM9RfMGYHi5vP+l0G6NUzXrvh9GWDKm+s
         uq95/kEaoNUQh8sXynFfzERTa7MtfSqOVbUPKttD1pvBaL+HWDdVFlaxv05QaHXspVtv
         SXsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:to:subject:dkim-signature;
        bh=7kgQoUjTh24AyO/p9oeeYLOwg1VLACPfdZMGUe9bi24=;
        b=JqqzaNHiyqgIWcGKqrwGq2MKCWOQ51l2T/9zMUsFa76JkoA4q0y/idY2GQvQUWrcyJ
         MH3dHbNIpB4ZsxakuB0iZXi7cYi0KT6gijuqSE++cryMCxDCoj8yKfZ8n55Q3EmMKYIF
         Wd2oQI8VU/Mlb9ExfChHdkoL+1cVx4FHae4/DibmDTS2qZj9I0mRiL1DojapUhaOP7+N
         9cQ3k/NoPpeQ6XWwsooaFn9NAsM6KpcECIZu3gT6g7W3WJdFrK2p1qWqopMliiUnBKt2
         VKhFmU1oxI8/TkAYNJZZee75d8+EP9JJkrxUrdpAvvpd1R+MaDEPakfe6nfxXDQZVe0z
         ariw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=ewJWvKQW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b9-v6si21176213pgi.91.2018.10.29.11.02.40;
        Mon, 29 Oct 2018 11:02:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=ewJWvKQW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728313AbeJ3Cv3 (ORCPT <rfc822;xc.haze2010@gmail.com>
        + 99 others); Mon, 29 Oct 2018 22:51:29 -0400
Received: from mail-lf1-f66.google.com ([209.85.167.66]:37016 "EHLO
        mail-lf1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727772AbeJ3Cv3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Oct 2018 22:51:29 -0400
Received: by mail-lf1-f66.google.com with SMTP id p17so319806lfh.4;
        Mon, 29 Oct 2018 11:01:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-language:content-transfer-encoding;
        bh=7kgQoUjTh24AyO/p9oeeYLOwg1VLACPfdZMGUe9bi24=;
        b=ewJWvKQWE+ZIdEn9+5FvVem8ynSjjOZtQ8ASAQwGo9iqJBUQkujpHsYY5hvGEc3GrL
         mENgeb3vTrUwZN3irUT3epuvMUHXFRzI8xrVsOVCuKbGq++1wtqaDeO1JOFRs6yMbh13
         4EmaE7C2iCp1awkJ1/wlMMXhvXIZgAg7CmXqA/gzhVnDmE+DQG20zxvWVbQmfSnQZJTu
         +DPBATd36Cy3WxLb6zmJbYJueHncElUxafG4+Nlbyy8nSXCHNFmayuiM1g6e6DUnUoiC
         AJmODwTdcCZRrABqDIFNHDofAe8aOsVQgkBL25Mn3cQFdZg05fZxPHrCrN6t5VBKbr6t
         BB6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=7kgQoUjTh24AyO/p9oeeYLOwg1VLACPfdZMGUe9bi24=;
        b=SVSaenpszEnB+OzleBRExGqO6SnZ7cmtg8xXwBxznKxzP+eFIQNFoMBcOiAlCm6FpT
         nB7Sp+H2zkBat9Vkov9wEeEME35LX2aHO7HUCv/T7WtuixOSL/8bsAxK/a0518FigUPi
         LKzWAIQxksWmQ/m9Eiv4mGjqf4zLfl5F+Wv47/iTFMoI5uCMUjXAVeYwIFI3iv/8x4eJ
         LP5gdDygmB7ZtHZ+caMao+AldFOouP1+RTuLrwvP4PCbGWSZ0Qm0Kctrzo9OGPKbg0+k
         U7IsDFVVdCPrGdlWOyT4mxHFi1LMoxyJBcU512fTzvZLYwR/STNuAtqf+gMb4wSIhr9c
         fh1A==
X-Gm-Message-State: AGRZ1gIl66hsQCjJK6/x0rEpaIRZXaFwj4IV5AZM1CWYUwUb4CClKAUv
        TDiy4KTkWFjLfzdNvDP5w58=
X-Received: by 2002:a19:cc46:: with SMTP id c67mr8710395lfg.145.1540836105613;
        Mon, 29 Oct 2018 11:01:45 -0700 (PDT)
Received: from ?IPv6:2001:14bb:52:7be:f0bf:dd2d:f008:5213? (dmkd798g-7z2-yccwcp-4.rev.dnainternet.fi. [2001:14bb:52:7be:f0bf:dd2d:f008:5213])
        by smtp.gmail.com with ESMTPSA id j12-v6sm517117lja.8.2018.10.29.11.01.43
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 29 Oct 2018 11:01:44 -0700 (PDT)
Subject: Re: [PATCH V5 0/5] KVM: X86: Introducing ROE Protection Kernel
 Hardening
To:     Ahmed Abd El Mawgood <ahmedsoliman0x666@gmail.com>,
        Paolo Bonzini <pbonzini@redhat.com>, rkrcmar@redhat.com,
        Jonathan Corbet <corbet@lwn.net>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        hpa@zytor.com, x86@kernel.org, kvm@vger.kernel.org,
        linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
        ovich00@gmail.com, kernel-hardening@lists.openwall.com,
        nigel.edwards@hpe.com, Boris Lukashev <blukashev@sempervictus.com>,
        Hossam Hassan <7ossam9063@gmail.com>,
        Ahmed Lotfy <A7med.lotfey@gmail.com>
References: <20181026151223.16810-1-ahmedsoliman0x666@gmail.com>
From:   Igor Stoppa <igor.stoppa@gmail.com>
Message-ID: <1b3eb10e-c492-dc77-cbe6-3a3e692326d7@gmail.com>
Date:   Mon, 29 Oct 2018 20:01:42 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <20181026151223.16810-1-ahmedsoliman0x666@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

On 26/10/2018 16:12, Ahmed Abd El Mawgood wrote:

> This is the 5th version which is 4th version with minor fixes. ROE is a
> hypercall that enables host operating system to restrict guest's access to its
> own memory. This will provide a hardening mechanism that can be used to stop
> rootkits from manipulating kernel static data structures and code. Once a memory
> region is protected the guest kernel can't even request undoing the protection.

This is very interesting, because it seems a very good match to the work 
I'm doing, for supporting the creation of more targets for protection:

https://www.openwall.com/lists/kernel-hardening/2018/10/23/3

In my case the protection would extend also to write-rate type of data.
There is an open problem of identifying legitimate write-rare 
operations, however it should be possible to provide at least a certain 
degree of confidence.

--

igor