subject:"\[RFC PATCH v2 17\/19\] heki\: x86\: Update permissions counters during text patching"

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

2023-12-08 Thread Madhavan T. Venkataraman

On 12/6/23 12:51, Peter Zijlstra wrote: > On Wed, Dec 06, 2023 at 10:37:33AM -0600, Madhavan T. Venkataraman wrote: >> >> >> On 11/30/23 05:33, Peter Zijlstra wrote: >>> On Wed, Nov 29, 2023 at 03:07:15PM -0600, Madhavan T. Venkataraman wrote: >>> Kernel Lockdown --- >

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

2023-12-06 Thread Peter Zijlstra

On Wed, Dec 06, 2023 at 10:37:33AM -0600, Madhavan T. Venkataraman wrote: > > > On 11/30/23 05:33, Peter Zijlstra wrote: > > On Wed, Nov 29, 2023 at 03:07:15PM -0600, Madhavan T. Venkataraman wrote: > > > >> Kernel Lockdown > >> --- > >> > >> But, we must provide at least some securi

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

2023-12-06 Thread Madhavan T. Venkataraman

On 11/30/23 18:45, Edgecombe, Rick P wrote: > On Wed, 2023-11-29 at 15:07 -0600, Madhavan T. Venkataraman wrote: >> Threat Model >> >> >> In the threat model in Heki, the attacker is a user space attacker >> who exploits >> a kernel vulnerability to gain more privileges or bypass th

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

2023-12-06 Thread Madhavan T. Venkataraman

On 11/30/23 05:33, Peter Zijlstra wrote: > On Wed, Nov 29, 2023 at 03:07:15PM -0600, Madhavan T. Venkataraman wrote: > >> Kernel Lockdown >> --- >> >> But, we must provide at least some security in V2. Otherwise, it is useless. >> >> So, we have implemented what we call a kernel loc

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

2023-11-30 Thread Edgecombe, Rick P

On Wed, 2023-11-29 at 15:07 -0600, Madhavan T. Venkataraman wrote: > Threat Model > > > In the threat model in Heki, the attacker is a user space attacker > who exploits > a kernel vulnerability to gain more privileges or bypass the kernel's > access > control and self-protection mech

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

2023-11-30 Thread Peter Zijlstra

On Wed, Nov 29, 2023 at 03:07:15PM -0600, Madhavan T. Venkataraman wrote: > Kernel Lockdown > --- > > But, we must provide at least some security in V2. Otherwise, it is useless. > > So, we have implemented what we call a kernel lockdown. At the end of kernel > boot, Heki establishes

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

2023-11-29 Thread Madhavan T. Venkataraman

On 11/27/23 14:08, Peter Zijlstra wrote: > On Mon, Nov 27, 2023 at 10:48:29AM -0600, Madhavan T. Venkataraman wrote: >> Apologies for the late reply. I was on vacation. Please see my response >> below: >> >> On 11/13/23 02:19, Peter Zijlstra wrote: >>> On Sun, Nov 12, 2023 at 09:23:24PM -0500,

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

2023-11-27 Thread Peter Zijlstra

On Mon, Nov 27, 2023 at 10:48:29AM -0600, Madhavan T. Venkataraman wrote: > Apologies for the late reply. I was on vacation. Please see my response below: > > On 11/13/23 02:19, Peter Zijlstra wrote: > > On Sun, Nov 12, 2023 at 09:23:24PM -0500, Mickaël Salaün wrote: > >> From: Madhavan T. Venkata

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

2023-11-27 Thread Madhavan T. Venkataraman

Apologies for the late reply. I was on vacation. Please see my response below: On 11/13/23 02:19, Peter Zijlstra wrote: > On Sun, Nov 12, 2023 at 09:23:24PM -0500, Mickaël Salaün wrote: >> From: Madhavan T. Venkataraman >> >> X86 uses a function called __text_poke() to modify executable code. Thi

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

2023-11-13 Thread Peter Zijlstra

On Sun, Nov 12, 2023 at 09:23:24PM -0500, Mickaël Salaün wrote: > From: Madhavan T. Venkataraman > > X86 uses a function called __text_poke() to modify executable code. This > patching function is used by many features such as KProbes and FTrace. > > Update the permissions counters for the text

[RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

2023-11-12 Thread Mickaël Salaün

From: Madhavan T. Venkataraman X86 uses a function called __text_poke() to modify executable code. This patching function is used by many features such as KProbes and FTrace. Update the permissions counters for the text page so that write permissions can be temporarily established in the EPT to

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

Re: [RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

[RFC PATCH v2 17/19] heki: x86: Update permissions counters during text patching

11 matches

Site Navigation

Mail list logo

Footer information