[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH v2 18/19] heki: x86: Protect guest kernel memory using th
|
From: |
Peter Zijlstra |
|
Subject: |
Re: [RFC PATCH v2 18/19] heki: x86: Protect guest kernel memory using the KVM hypervisor |
|
Date: |
Mon, 13 Nov 2023 09:54:03 +0100 |
On Sun, Nov 12, 2023 at 09:23:25PM -0500, Mickaël Salaün wrote:
> From: Madhavan T. Venkataraman <madvenka@linux.microsoft.com>
>
> Implement a hypervisor function, kvm_protect_memory() that calls the
> KVM_HC_PROTECT_MEMORY hypercall to request the KVM hypervisor to
> set specified permissions on a list of guest pages.
>
> Using the protect_memory() function, set proper EPT permissions for all
> guest pages.
>
> Use the MEM_ATTR_IMMUTABLE property to protect the kernel static
> sections and the boot-time read-only sections. This enables to make sure
> a compromised guest will not be able to change its main physical memory
> page permissions. However, this also disable any feature that may change
> the kernel's text section (e.g., ftrace, Kprobes), but they can still be
> used on kernel modules.
>
> Module loading/unloading, and eBPF JIT is allowed without restrictions
> for now, but we'll need a way to authenticate these code changes to
> really improve the guests' security. We plan to use module signatures,
> but there is no solution yet to authenticate eBPF programs.
>
> Being able to use ftrace and Kprobes in a secure way is a challenge not
> solved yet. We're looking for ideas to make this work.
>
> Likewise, the JUMP_LABEL feature cannot work because the kernel's text
> section is read-only.
What is the actual problem? As is the kernel text map is already RO and
never changed.
- [RFC PATCH v2 08/19] KVM: x86: Extend kvm_vm_set_mem_attributes() with a mask, (continued)
- [RFC PATCH v2 08/19] KVM: x86: Extend kvm_vm_set_mem_attributes() with a mask, Mickaël Salaün, 2023/11/12
- [RFC PATCH v2 12/19] x86: Implement the Memory Table feature to store arbitrary per-page data, Mickaël Salaün, 2023/11/12
- [RFC PATCH v2 13/19] heki: Implement a kernel page table walker, Mickaël Salaün, 2023/11/12
- [RFC PATCH v2 14/19] heki: x86: Initialize permissions counters for pages mapped into KVA, Mickaël Salaün, 2023/11/12
- [RFC PATCH v2 15/19] heki: x86: Initialize permissions counters for pages in vmap()/vunmap(), Mickaël Salaün, 2023/11/12
- [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching, Mickaël Salaün, 2023/11/12
- [RFC PATCH v2 18/19] heki: x86: Protect guest kernel memory using the KVM hypervisor, Mickaël Salaün, 2023/11/12
- Re: [RFC PATCH v2 18/19] heki: x86: Protect guest kernel memory using the KVM hypervisor,
Peter Zijlstra <=
[RFC PATCH v2 16/19] heki: x86: Update permissions counters when guest page permissions change, Mickaël Salaün, 2023/11/12
[RFC PATCH v2 19/19] virt: Add Heki KUnit tests, Mickaël Salaün, 2023/11/12