[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Blocking CR and MSR writes via mem_access?

On 10/02/14 14:51, Andrew Cooper wrote:
> On 02/10/14 12:46, Razvan Cojocaru wrote:
>> On 10/02/14 14:39, Jan Beulich wrote:
>>>>>> On 02.10.14 at 12:49, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>>>> Currently hvm_memory_event_cr3() and the other hvm_memory_event_*()
>>>> functions in hvm.c can pause the VCPU and send a mem_event with the new
>>>> value of the respective register, but especially in the case of CR
>>>> events (as opposed to MSR events), this is done _after_ the value is set
>>>> (please see hvm_set_cr3() in hvm.c).
>>>> It would be interesting from a memory introspection application's point
>>>> of view to be able to receive a mem_event _before_ the value is set, and
>>>> important to be able to veto the change.
>>> So what do you expect the effect of denying the write to be?
>>> Wouldn't crashing the guest explicitly have about the same effect?
>> Thanks for the quick reply!
>> Denying a normal, legitimate write, would indeed be a problem along the
>> lines of what you are describing, but the point would be to block
>> malicious writes that would modify the SYSCALL entry point, disable SMAP
>> / SMEP, and so on.
> So your use case is to protect a running VM which is under active attack
> without crashing the domain wholesale?
> I presume you then want to degrade the illegitimate writes to nops?

Yes, pretty much.

Razvan Cojocaru

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.