Intel® Virtualization Technology - Redirect Protection (Intel® VT-rp)

KunalMehta · ‎04-01-2025

Introduction

Modern multi-tasking Operating Systems (OSes) use a hardware memory management facility called Paging. Paging provides the OS a mechanism for implementing a conventional demand-paged, virtual-memory system where sections of a program's execution environment (i.e. code and data) are mapped into system physical memory as needed. During paging operation, the processor translates the virtual-memory address to a physical memory address and determines, for each translation, what type of access to the virtual-memory address are allowed (i.e. the address access rights), which provides a mechanism to establish memory isolation between different tasks (or processes). The processor paging operation uses hierarchical paging structures (or page tables) for address translations. These paging structures are maintained by OS for each running application (and for OS itself) and need to be protected, as they control virtual-memory address to physical memory address mapping and virtual-memory address access rights.

All sensitive OS kernel data structures and memory protection assurances rely on the integrity of the paging structures managed by the kernel. However, some types of kernel security vulnerabilities can be used to form memory ‘write-what-where’ attacks that may be used to maliciously modify these high value assets - kernel paging structures themselves (as OS maps these paging structures pages also with read-write accesses, so that OS can update the mapping when needed). One way to protect against such attacks is with a security hypervisor that adds a layer of control and memory translation below the OS’ paging structures. Such a hypervisor cannot enforce a strict notion of read/write/execute protection of OS kernel memory without also enforcing the integrity of the OS paging structures.

Intel Virtualization Technology Extensions (Intel ® VT-x) Extended Page Table (EPT)¹ mechanisms can be used by a security hypervisor to control access to the kernel’s paging structures but are limited for this use case. The EPT asserts read/write/execute permissions for physical pages, but it does not enforce the address translations within the OS. To address this gap, EPTs can be used to write-protect all kernel paging structures; however, this approach negatively affects performance since paging structures are updated frequently for various kernel operations as well as by the CPU to update their status bits. Also, a hypervisor using this brute-force approach will also need to monitor loads to CPU registers that reference the write-protected page tables. In practice, this approach does not scale.

Intel® Virtualization Technology – Redirect Protection (Intel® VT-rp)¹ is a new technology that allows software to address these security issues in a performant manner. It is available on Intel processors starting with 12th Gen Intel® Core™ processors for clients and on server platforms starting with 4th Gen Intel® Xeon® Scalable processors.

Intel® VT-rp Technical Overview

Intel® VT-rp has been designed to satisfy three main goals:

1. Security

An adversary should not be able to point to arbitrary paging structures; in other words, there must be a trusted and protected root for the paging structures walk.
Paging structures should be protected against arbitrary writes.
There should be protection against alias attacks, i.e., an attacker shouldn’t be able to build virtual address aliases to bypass protection.

2. Performance

The security protections should have very minimal performance overhead and the CPU-originated writes to paging structures during address translation (i.e. paging-writes to update access/dirty (A/D) bits) should not have any impact.

3. Interop/compatibility

There should be minimal code changes required by the OS and security VMM and use of these mechanisms should not cause any legacy incompatibility.

The typical paging structures override attacks are forward mapping (or page remapping) and alias mapping attacks. A forward mapping attack is where the mapping is modified to cause the original virtual address to map to a different (second) physical address. An alias mapping attack is where a different (second) virtual address, with different mapping permissions, is used to reference an existing (original) physical page (which was referenced from the first virtual address with different permissions). (See Fig.1).

Figure 1. Forward mapping/page remapping and alias attacks

The Intel® VT-rp architecture defines three new virtual-machine extensions (VMX) features, which allows security hypervisor and OS to mitigate the paging structures attacks with the above-mentioned goals.

Intel® VT-rp defines an alternative form of paging called hypervisor-managed linear-address translation (HLAT). The normal form of paging is called ordinary paging and uses the CR3 register to locate the first paging structure during address translation. HLAT paging, (enabled via “enable HLAT” VM-execution control in VMCS), locates the first paging structure using a VM-execution control field in the VMCS called the HLAT pointer (HLATP). HLAT paging structures are exactly like ordinary paging structures but with a new bit called restart-bit, which when set indicates that a translation of a linear address must be restarted. When this occurs, the address translation restarts, and the linear address is then translated using ordinary paging. Whether HLAT paging is used to translate a specific linear address depends on the address and on the value of a VM-execution control field in the VMCS called the HLAT prefix size. Within the address range covered by the HLAT prefix, the OS or VMM may selectively (i.e. for data that is not security critical) allow certain address regions to be translated using the ordinary paging, by using the restart bit in HLAT paging structures. (See Fig.2).

Figure 2. Intel® VT-rp enforced HLAT paging operation

Intel® VT-rp defines a new per-page EPT control called paging-write access or PW (enabled via “EPT paging-write control” VM-execution control in VMCS), when used with EPT write permission cleared (to map a paging structure page), doesn’t stop processor-generated paging writes i.e. access and dirty bits updates to guest paging structures during paging operation. This allows OS and VMM to mark Intel® VT-rp paging structures (and even the ordinary paging structures) to be read-only for software accesses while allowing CPU to safely make updates to access/dirty bits during paging operations and hence protects paging structures against arbitrary writes.

Another new per-page EPT control that Intel® VT-rp defines is called verify guest paging or VGP (enabled via “Guest-paging verification” VM-execution control in VMCS), when used together with PW, allows a final address translation to be enforced to have traversed through paging structure pages that had the PW control asserted. VGP addresses alias attacks and page-remapping attacks. (See Fig.3). This ensures that any aliases or page remapping established in the ordinary paging structures will just not work, as the VGP marked page must be translated via Intel® VT-rp PW-marked pages only.

Figure 3. Intel® VT-rp EPT control bits (PW and VGP)

To summarize all of the above, Intel® VT-rp provides the OS/VMM a trusted root of page walk (HLATP), a method to mark paging structures read-only (PW control in EPT), a method to prevent alias and page remapping attacks (VGP control in EPT) and also a way to maintain legacy compatibility for non-security critical regions that fall within a HLAT prefix range, i.e. restart-bit in HLAT paging structures. Refer to Intel® 64 and IA-32 Architecture Developer Manuals1 for more detailed ISA specifications of Intel® VT-rp.

Intel® VT-rp Use Cases

These three features can be used all together, or just the PW and VGP can be used, for two primary software scenarios:

Security VMMs can enable Intel® VT-rp to enforce guest page table assertions with efficiency as shown in Fig.4. In this scenario, the HLAT paging structure hold enforced kernel mappings for guest kernel; non-security critical mappings for the guest are fetched from ordinary paging structures whereas the security critical mappings are maintained in HLAT paging structures. The VMM will map HLAT paging structures to the guest kernel as read-only but with PW marked in EPT for those, with final page mapped via EPT VGP (as explained in Figure 3 above). The VMM takes care of updating and managing the HLAT paging structures for address translation mappings.

Figure 4. HLAT, PW and VGP used in security hypervisor

Security VMMs that use ordinary paging structure monitoring capability can reduce the performance overheads substantially using the Intel® VT-rp EPT controls (PW and VGP), as the PW control will allow paging-writes generated by CPU during address translation for read-only paging structures as shown in Figs. 3 and 5. The Intel® VT-rp architecture allows these EPT controls to be activated independently of the HLAT paging control shown in Figure 4. Intel® VT-rp enables a subset of paging structures to be monitored due to its enforcement properties and avoids A/D bit update emulation exits.

Figure 5. Security hypervisor with page table monitoring using EPT PW and VGP controls

Conclusion

With the introduction of technologies like Intel® Control-Flow Enforcement Technology (Intel® CET)² and software-based code integrity mechanisms like Microsoft’s HVCI (Hypervisor enforced Code Integrity)³ and CFG (Control-flow-guard)⁴, attackers are shifting their techniques towards data corruption via paging structures manipulation⁵. Intel® VT-rp helps mitigate the entire class of advanced kernel-mode attack vectors which modify paging structures to corrupt the kernel or bypass hardware security features like supervisor-mode execution prevention (SMEP)¹, and then execute further attack chains. Intel® VT-rp is designed such that it complements the security provided by security hypervisors⁸ and virtualization-based security features like (VBS^6,7,8,9).

Acknowledgments

Joseph Cihula
Venkat R Gokulrangan
Nivedita Aggarwal