ROE Kernel Hardening Continues To Restrict KVM VMs To Only Its Own Memory

For helping to enhance the security of servers running KVM for virtualization, there's been a ROE protection kernel hardening patch series in the works. This new addition to the kernel allows the host operating system to restrict a guest's access strictly to its own memory. It's unclear though yet if the ROE protection will make the cut in time for the upcoming Linux 4.21 kernel cycle.

For those that haven't been following the ROE kernel hardening patch series for KVM, the seventh revision was posted on Friday. The cover letter does a good job at elegantly explaining the benefits:

ROE is a hypercall that enables host operating system to restrict guest's access to its own memory. This will provide a hardening mechanism that can be used to stop rootkits from manipulating kernel static data structures and code. Once a memory region is protected the guest kernel can't even request undoing the protection.

Memory protected by ROE should be non-swapable because even if the ROE protected page got swapped out, It won't be possible to write anything in its place.

ROE hypercall should be capable of either protecting a whole memory frame or parts of it. With these two, it should be possible for guest kernel to protect its memory and all the page table entries for that memory inside the page table. I am still not sure whether this should be part of ROE job or the guest's job.

The reason why it would be better to implement this from inside kvm: instead of (host) user space is the need to access SPTEs to modify the permissions, while mprotect() from user space can work in theory. It will become a big performance hit to vmexit and switch to user space mode on each fault, on the other hand, having the permission handled by EPT should make some remarkable performance gain.

Our threat model assumes that an attacker got full root access to a running guest and his goal is to manipulate kernel code/data (hook syscalls, overwrite IDT ..etc).

There is future work in progress to also put some sort of protection on the page table register CR3 and other critical registers that can be intercepted by KVM. This way it won't be possible for an attacker to manipulate any part of the
guests page table.

This work is being led by university research out of Virgina Tech. There is good progress being made on the ROE patches, but with it not supporting transparent huge-pages and other work still in progress, it might not be ready in time for the Linux 4.21 kernel that is expected to open around Christmas following the 4.20 release.