[Ksummit-discuss] late self-nomination
Paolo Bonzini
pbonzini at redhat.com
Tue Aug 2 19:00:13 UTC 2016
> > On x86 with VMX, the EPT page tables have separate R, W, and X bits.
> > If a hypervisor were to limit the guest physical address space to the
> > lower half (high bit always clear) and then alias all of it with the
> > high guest physical address bit set and R clear, then the guest could
> > use the high physical address bit as an effective R bit. That would
> > allow PROT_WRITE, PROT_EXEC, and PROT_WRITE|PROT_EXEC mappings to work
> > without granting read access.
> >
> > Doing this would provide some protection against attacks that use a
> > wild read to scan for code or data structures at otherwise
> > unpredictable addresses or to blindly search for ROP gadgets.
>
> Thanks - I expect we'll discuss this topic with other kvm folks quite a
> bit on the kvm forum end of August, as well.
I won't be able to attend kernel summit (I haven't nominated me for this
reason) so I support Michael's presence!
Paolo
More information about the Ksummit-discuss
mailing list