- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
As far as I know, for the code execution, x86 EPT uses XU and X to mark
the execution permission for user- and supervisor-mode linear
addresses, respectively. However, the user- and supervisor-mode
linear addresses are marked by the U/S bit of KPGT(kernel-level page table).
From a security perspective, if an attacker is able to modify KPGT, the page walk in EPT should be able to guarantee permission checks. But the attacker could change the U/Sbit easily if there are some exploits in the kernel.
Is there any other mechanism that allows EPT to distinguish between user-mode and supervisor-mode instead of relying on the unreliable KPGT's U/S bit?
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Zhuzhuzaizai
Thank you for posting on the Intel️® communities. To help with your request, we need more information from your system.
Please share with us the model of the Intel product used and the Intel® System Support Utility (Intel® SSU) results
- Download the Intel SSU https://downloadcenter.intel.com/download/26735/Intel-System-Support-Utility-for-the-Linux-Operating-System
- Open the application and select "Everything" click on "Scan" to see the system and device information. By default, Intel® SSU will take you to the "Summary View".
- Click on the menu where it says "Summary" to change to "Detailed View".
- To save your scan, click on "Next", then "Save".
Regards,
David G
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think it's an architecture-related question, and all CPUs that support VT-d should face this problem.
As far as I think, permission checking for EPT depends on the kernel's page tables, would that causes some security problems?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To answer your questions in the best possible way we need more information, please provide at least which operating system you are asking for.
Regards,
David G
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We use Intel Xeon Silver 4210 with 10 cores, 40 threads, and 256GB RAM. The operating system on topis Ubuntu 20.04 with Linux kernel v5.4.61.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello? May I get another reply for details?
Thanks a lot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Zhuzhuzaizai we are still looking into this inquiry, we will provide an update by next Wed 10/6 end of day U.S. time.
Regards,
David G
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your patience. Upon further investigation you need to use your operating system's API where it can distinguish which operating system code is running. This is how you can distinguish user mode from super mode. For more details, you need to check with the operating system vendor/developer.
Please keep in mind that this thread will no longer be monitored by Intel. Thank you for your understanding.
Best regards,
David G
Intel Customer Support Technician
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page