Intel Explores Write Protecting Page Tables Using Upcoming PKS Feature
As an additional security measure for the Linux kernel, Intel engineers are exploring making kernel page tables read-only and to then only allow writing on a per-CPU basis when they need to be modified. This would be handled using the PKS functionality found with future Intel processors.
For many months now Intel has been working on the infrastructure for Protection Keys for Supervisor support in the Linux kernel. Protection Keys for Supervisor (PKS) is coming with future Intel processors. PKS as the supervisor/kernel equivalent to the existing PKU functionality was initially prototyped as a way to prevent stray writes to persistent memory and safeguarding trusted keys within the Linux kernel. A new proof-of-concept posted on Tuesday would be using PKS for safeguarding page tables.
The set of nine patches posted would allow write-protecting page tables using PKS to map them read-only except when needing to be modified. Granted, depending upon the attack, the attacker might have the ability to simply disable PKS or trigger the functions to be used for legitimate page table writes.
The patches do note that PKS would still bear some performance cost for write protecting the page tables. Unfortunately, no performance data has yet to be provided publicly by Intel on those costs.
So for now this potential latest use-case for Protection Keys for Supervisor is published as proof of concept patches while awaiting upstream Linux kernel developer review and comment on the idea. I don't believe Intel has publicly confirmed yet whether PKS will debut with Sapphire Rapids or is being put out for Granite Rapids, so for now we're holding steady while these PKS kernel patches at large continue to bake.
For many months now Intel has been working on the infrastructure for Protection Keys for Supervisor support in the Linux kernel. Protection Keys for Supervisor (PKS) is coming with future Intel processors. PKS as the supervisor/kernel equivalent to the existing PKU functionality was initially prototyped as a way to prevent stray writes to persistent memory and safeguarding trusted keys within the Linux kernel. A new proof-of-concept posted on Tuesday would be using PKS for safeguarding page tables.
PKS is an upcoming CPU feature that allows supervisor virtual memory permissions to be changed without flushing the TLB, like PKU does for user memory. Protecting page tables would normally be really expensive because you would have to do it with paging itself. PKS helps by providing a way to toggle the writability of the page tables with just a per-cpu MSR.
The set of nine patches posted would allow write-protecting page tables using PKS to map them read-only except when needing to be modified. Granted, depending upon the attack, the attacker might have the ability to simply disable PKS or trigger the functions to be used for legitimate page table writes.
The patches do note that PKS would still bear some performance cost for write protecting the page tables. Unfortunately, no performance data has yet to be provided publicly by Intel on those costs.
So for now this potential latest use-case for Protection Keys for Supervisor is published as proof of concept patches while awaiting upstream Linux kernel developer review and comment on the idea. I don't believe Intel has publicly confirmed yet whether PKS will debut with Sapphire Rapids or is being put out for Granite Rapids, so for now we're holding steady while these PKS kernel patches at large continue to bake.
Add A Comment