On Fri, 2018-07-06 at 21:29 +0200, Ahmed Soliman wrote:
> > 2) And why from inside the kernel?
>
> Because this needs to be done from inside KVM.
>
> Note: I am aware that this won't be effective against rootkits that
> live in userspace, rootkits that target kernel dynamic data, files on
>
On Sat, 07 Jul 2018 01:31:45 +0200, Ahmed Soliman said:
> > You missed the point - your protection can be bypassed without manipulating
> > a ROE page.
> Changing the virtual memory pointer table is ok but again these memory
> mappings will never
> make it to the TLB and will be caught during by
> What happens after you've been up for 3 weeks and you're running out of
> usable pages?
That can't happen, it is my mistake missing some details, this is for
only protecting Kernel Pages,
Pages that are hold code or static data that is created once and
assumed to be there for ever, like kernel
On Fri, 06 Jul 2018 23:59:30 +0200, Ahmed Soliman said:
> ROE can be enabled by the guest kernel and once enabled the hypervisor
> will make sure it never gets disabled again, so if even if the kernel
> decided to modify a paged that has ROE, it can't without a reboot.
So in essence, you're
-- Forwarded message --
From: Ahmed Soliman
Date: 6 July 2018 at 23:56
Subject: Re: How to change page permission from inside the kernel?
To: Valdis Kletnieks
>> Implementing some kernel protection against subset of rootkits that
>> manipulates kernel static data (memory pages
On Fri, 06 Jul 2018 21:29:40 +0200, you said:
> Implementing some kernel protection against subset of rootkits that
> manipulates kernel static data (memory pages as well as their
> mappings) by having them enforced by hypervisor which is KVM in our
Can you give an actual example of a case where
> So there's two questions here:
>
from inside KVM lkm (/virt/kvm and arch/x86/kvm )
> 1) Why does the page's protection need to be changed?
Implementing some kernel protection against subset of rootkits that
manipulates kernel static data (memory pages as well as their
mappings) by having them
On Fri, 06 Jul 2018 20:06:29 +0200, Ahmed Soliman said:
> I have a memory page allocated with mmap() from user space, This
> address is passed to some kernel module (kvm_intel to be specific) and
> i want to know how can I change the page permission from inside there
> My goal is to achieve
I have a memory page allocated with mmap() from user space, This
address is passed to some kernel module (kvm_intel to be specific) and
i want to know how can I change the page permission from inside there
My goal is to achieve something like this
mprotect(mem, PAGE_SIZE, PROT_READ)
It does. The idea is creating the VM disks over a tmpfs filesystem o the
hypervisor. It will even persist over guest reboots, but not host reboots,
but no problem, I just need a blank machine for testing ansible runs.
The hypervisor rarely reboots. :)
Em sex, 6 de jul de 2018 11:38, escreveu:
On Fri, 06 Jul 2018 08:26:52 -0300, "Daniel." said:
> I'll try using a disk on memory (residing on a tmpfs mount) for improving
> this. Good idea!
Of course, actually getting the data *onto* the tmpfs will involve a lot of
I/O, and
it doesn't really fix the problem (just moves it around) unless
Valdis, what a valuable answer. It opened my eyes. I didn't take the most
important thing in account, caches only help in cache hit!
I'll try using a disk on memory (residing on a tmpfs mount) for improving
this. Good idea!
Thank you so much for sharing this with me!!!
Regards
Em 05/07/2018
12 matches
Mail list logo