Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp6906971imu; Mon, 21 Jan 2019 19:09:06 -0800 (PST) X-Google-Smtp-Source: ALg8bN6GWZLLCcRc4HDtOUQL18HG1teN5UpD7Y/Vl+X+q9Hp7bUwFOKM2fx0Uzfd+bllpwT5p3ok X-Received: by 2002:a62:37c3:: with SMTP id e186mr32637009pfa.251.1548126546736; Mon, 21 Jan 2019 19:09:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548126546; cv=none; d=google.com; s=arc-20160816; b=bilGKg1oG8woDUmfUHCN3YMK4z5eOIbJr2JylwkR1fHYxt5lV8Gy1dLMz8B7+kuMd/ aL/NMri9nCHZ0BIwP3Edj2MKBqvH+erAngQ/hM53lZDoQRADslZpkzHi/VgATAm3MF2+ CkKzrTvRmlRlNg9d9FvInsi/LhSfrOLJqBL4b36pd2qXsh8flk9d9WXrBx2kLoADBH/a g4vXccJrYabqsWVpJJYJBkKhBC3OOCZGpVVn2jWIjdcI5kb1knrzAzucOGJ5HnxaJ7DJ GRR/trefIvHdYf55NraH2ab9LcW3VVjT77UGeq/4AuB/UmlCZ1cJeMKUGSA/C70RCpPf XpZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=ZW6aQGZk7G4f6udQ+fwsJKuiUodzplAhcowiurgrOdU=; b=KBQmwoX/ud+Qx63MHXdWPnj3qGsRBERwNJIlqoAItNuPbdhJNa0SlBj/beaAsJhfH1 2rZq292Z+2Xwv0NX7BmYih8Y2fDrnhsKPZ+4rlxOiNs7GkYjaDd5krdC7y4gPoX3pD2Z xq916XtslDiT+2PHDCubEUkT55Y1f2f2EZrlJy535RkmPXSFcIVqrETkUkJEsNXOCb8G bL17f7HzjcuYQjaNJseQbAm0ha9d66srAmZXKOqoBQgKpvUbzvnnDT3y935b9SX0msAI IDmLcmv+KQx42iod8FnKvUqsdNsVttNCfgglflT9hWIaBSVoqFE4fcSBS5TtqkBVadxu 2MBg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g11si14833117pgn.32.2019.01.21.19.08.47; Mon, 21 Jan 2019 19:09:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726880AbfAVDGx (ORCPT + 99 others); Mon, 21 Jan 2019 22:06:53 -0500 Received: from mga17.intel.com ([192.55.52.151]:18910 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726823AbfAVDGw (ORCPT ); Mon, 21 Jan 2019 22:06:52 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Jan 2019 19:06:51 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,504,1539673200"; d="scan'208";a="293314382" Received: from gao-cwp.sh.intel.com (HELO gao-cwp) ([10.239.159.25]) by orsmga005.jf.intel.com with ESMTP; 21 Jan 2019 19:06:48 -0800 Date: Tue, 22 Jan 2019 11:10:50 +0800 From: Chao Gao To: Ahmed Abd El Mawgood Cc: Paolo Bonzini , rkrcmar@redhat.com, Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , hpa@zytor.com, x86@kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, ahmedsoliman0x666@gmail.com, ovich00@gmail.com, kernel-hardening@lists.openwall.com, nigel.edwards@hpe.com, Boris Lukashev , Igor Stoppa Subject: Re: [RESEND PATCH V8 05/11] KVM: Create architecture independent ROE skeleton Message-ID: <20190122031049.GA18314@gao-cwp> References: <20190120233940.15282-1-ahmedsoliman@mena.vt.edu> <20190120233940.15282-6-ahmedsoliman@mena.vt.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190120233940.15282-6-ahmedsoliman@mena.vt.edu> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 21, 2019 at 01:39:34AM +0200, Ahmed Abd El Mawgood wrote: >This patch introduces a hypercall that can assist against subset of kernel >rootkits, it works by place readonly protection in shadow PTE. The end >result protection is also kept in a bitmap for each kvm_memory_slot and is >used as reference when updating SPTEs. The whole goal is to protect the >guest kernel static data from modification if attacker is running from >guest ring 0, for this reason there is no hypercall to revert effect of >Memory ROE hypercall. This patch doesn't implement integrity check on guest >TLB so obvious attack on the current implementation will involve guest >virtual address -> guest physical address remapping, but there are plans to >fix that. Hello Ahmed, I don't quite understand the attack. Do you mean that even one guest page is protected by ROE, an attacker can map the virtual address to another unprotected guest page by editing guest page table? Thanks Chao