On Sat, 07 Jul 2018 01:31:45 +0200, Ahmed Soliman said:
> > You missed the point - your protection can be bypassed without manipulating
> > a ROE page.
> Changing the virtual memory pointer table is ok but again these memory
> mappings will never
> make it to the TLB and will be caught during by
> What happens after you've been up for 3 weeks and you're running out of
> usable pages?
That can't happen, it is my mistake missing some details, this is for
only protecting Kernel Pages,
Pages that are hold code or static data that is created once and
assumed to be there for ever, like kernel
On Fri, 06 Jul 2018 23:59:30 +0200, Ahmed Soliman said:
> ROE can be enabled by the guest kernel and once enabled the hypervisor
> will make sure it never gets disabled again, so if even if the kernel
> decided to modify a paged that has ROE, it can't without a reboot.
So in essence, you're
-- Forwarded message --
From: Ahmed Soliman
Date: 6 July 2018 at 23:56
Subject: Re: How to change page permission from inside the kernel?
To: Valdis Kletnieks
>> Implementing some kernel protection against subset of rootkits that
>> manipulates kernel static data (memory pages
