From patchwork Sat Oct 20 22:21:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ahmed Soliman X-Patchwork-Id: 10650653 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AA9AC90 for ; Sat, 20 Oct 2018 22:23:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9703528382 for ; Sat, 20 Oct 2018 22:23:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 874BD28173; Sat, 20 Oct 2018 22:23:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id B6C6428173 for ; Sat, 20 Oct 2018 22:23:21 +0000 (UTC) Received: (qmail 11934 invoked by uid 550); 20 Oct 2018 22:23:15 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 11879 invoked from network); 20 Oct 2018 22:23:15 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=RWiArh2hS1wXwjmyYMZMynOTmVpcrRnX76eAIdAErZY=; b=vF5/2nGRqtg9hFjMHUDP+4xIMhquOx7Wc2ig3FVa9eyWLXeakvyv+cPWGdI0uadhdk 8BQfoDmD+TFkDcK/kSGMFuMT5zhm6eMi1lQOnDQ7T/Gm6O5YIUekInLJPgws6caokH57 1QN4zJE28Zkuu+WTKyodRvvXuHoK+QmpbeazlyjCGYPdrTOqf0icMlUBGeM7PGaXJTdF oU4qNj3xSTpJR3CSmacC5IQHKiXy+NyQjPD9N5MDkxFeEIqOQ9Xlm+OgHA4qpy3tPXC5 lDph7LztAL423jsXzQQChok6xPZF2GUdbP5Z/JVQS5/kL6YpaE8WVn4JW+Rpe+gjyWkt Fzlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=RWiArh2hS1wXwjmyYMZMynOTmVpcrRnX76eAIdAErZY=; b=JLamyTTz/7MsRmnyKu/W3nDJ1FKlKscI4862gooY36zTcugFoDEzMj30fLsX1NhVuo 9U2Rflu29Y5bkyelxFnMhm0Vhl+RwpFKpFwDcDRBQKg/UWmG01qggf7qMgqK29q4Ln65 EVUQE33cjDSHw+u2KikGQRjXpHEtICL5E9FrhX1LkSBeGu+aR/p3hJFFz8KFQBE/x+7V VJbPhn5G5x0KvMfldsGAVFfQjRAeW3ERHV1cf737AzB600pHJOEYQzH9T3xHjGanDFmT tYdyaLkjlZog4XSDNogSOw+fZQuVmQjgRCUaYCOJ1jJf6KsLTdp1P1Dm9wDcK3F9smvX Tohw== X-Gm-Message-State: ABuFfog499T5MwUJ4reWRdLJFizrTu7YtZZsMLZFh0MHZLZSBQYKkGJ0 RaW0/na7MZBT7feyTOzjtLs= X-Google-Smtp-Source: ACcGV62sPgDQQ34lHfcuH5vxjYVwB/noaqbyNO3NCB237JXYctPyZePbBRuDnsTV6cJKmuNeW6tKgw== X-Received: by 2002:adf:a201:: with SMTP id p1-v6mr39365860wra.89.1540074183681; Sat, 20 Oct 2018 15:23:03 -0700 (PDT) From: Ahmed Abd El Mawgood To: Paolo Bonzini , rkrcmar@redhat.com, Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , hpa@zytor.com, x86@kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, ahmedsoliman0x666@gmail.com, Ovich00@gmail.com, kernel-hardening@lists.openwall.com, nigel.edwards@hpe.com, Boris Lukashev , Hossam Hassan <7ossam9063@gmail.com>, Ahmed Lotfy Subject: [PATCH V4 1/5] KVM: X86: Memory ROE documentation Date: Sun, 21 Oct 2018 00:21:23 +0200 Message-Id: <20181020222127.6368-2-ahmedsoliman0x666@gmail.com> X-Mailer: git-send-email 2.18.1 In-Reply-To: <20181020222127.6368-1-ahmedsoliman0x666@gmail.com> References: <20181020222127.6368-1-ahmedsoliman0x666@gmail.com> X-Virus-Scanned: ClamAV using ClamSMTP Following up with my previous threads on KVM assisted Anti rootkit protections. The current version doesn't address the attacks involving pages remapping. It is still design in progress, nevertheless, it will be in my later patch sets. Signed-off-by: Ahmed Abd El Mawgood --- Documentation/virtual/kvm/hypercalls.txt | 31 ++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/Documentation/virtual/kvm/hypercalls.txt b/Documentation/virtual/kvm/hypercalls.txt index da24c138c8d1..8af64d826f03 100644 --- a/Documentation/virtual/kvm/hypercalls.txt +++ b/Documentation/virtual/kvm/hypercalls.txt @@ -141,3 +141,34 @@ a0 corresponds to the APIC ID in the third argument (a2), bit 1 corresponds to the APIC ID a2+1, and so on. Returns the number of CPUs to which the IPIs were delivered successfully. + +7. KVM_HC_ROE +---------------- +Architecture: x86 +Status: active +Purpose: Hypercall used to apply Read-Only Enforcement to guest memory and +registers +Usage 1: + a0: ROE_VERSION + +Returns non-signed number that represents the current version of ROE +implementation current version. + +Usage 2: + + a0: ROE_MPROTECT (requires version >= 1) + a1: Start address aligned to page boundary. + a2: Number of pages to be protected. + +This configuration lets a guest kernel have part of its read/write memory +converted into read-only. This action is irreversible. +Upon successful run, the number of pages protected is returned. + +Error codes: + -KVM_ENOSYS: system call being triggered from ring 3 or it is not + implemented. + -EINVAL: error based on given parameters. + +Notes: KVM_HC_ROE can not be triggered from guest Ring 3 (user mode). The +reason is that user mode malicious software can make use of it to enforce read +only protection on an arbitrary memory page thus crashing the kernel.