Introduction
Overview of Intel VT-rp (Intel Virtualization Technology) Redirect Protection. The hardware memory management feature known as paging is used by contemporary multi-tasking operating systems (OSes). With the use of paging, the operating system can create a traditional demand-paged virtual memory system in which data and code from a program’s execution environment are mapped into system physical memory as needed.
A mechanism to create memory isolation between various tasks (or processes) is provided by the paging operation, in which the processor converts the virtual-memory address to a physical memory address and decides for each translation what kind of access to the virtual-memory address are permitted (i.e., the address access rights).
Hierarchical paging structures, also known as page tables, are used by the CPU paging function to translate addresses. These paging structures, which are maintained by the operating system for every application that is currently executing (as well as for the OS itself), must be secured because they govern the mapping of virtual memory addresses to physical memory addresses and the rights of access to virtual memory addresses.
The integrity of the paging structures that the kernel controls is essential for all sensitive OS kernel data structures and memory protection guarantees. Kernel paging structures themselves are high-value assets that can be maliciously altered by certain types of kernel security flaws that can be used to create memory “write-what-where” attacks (because OS maps these paging structure pages with read-write accesses, allowing OS to update the mapping when necessary).
Using a security hypervisor, which places a layer of control and memory translation beneath the OS’s paging structures, is one method of defending against such assaults. The integrity of the OS paging structures must be upheld in order for such a hypervisor to strictly enforce read/write/execute protection of the OS kernel memory.
Although they are limited for this use case, security hypervisors can leverage Intel Virtualization Technology Extensions (Intel VT-x) Extended Page Table (EPT) techniques to manage access to the kernel’s paging structures. The EPT does not enforce address translations within the OS, but it does assert read/write/execute permissions for physical pages.
EPTs can be used to write-protect all kernel paging structures in order to close this gap, but this has a detrimental effect on performance because the CPU updates the paging structures regularly for different kernel tasks. With this brute-force method, a hypervisor must additionally keep an eye on loads to CPU registers that make use of the write-protected page tables. This strategy doesn’t scale in real life.
A new solution called Intel Virtualization solution Redirect Protection (Intel VT-rp) enables software to effectively handle these security concerns. It is available on server platforms beginning with 4th Gen Intel Xeon Scalable processors and on Intel processors beginning with 12th Gen Intel Core processors for clients.
Intel VT-rp Technical Overview
Intel VT-rp was created with three primary objectives in mind:
Security
- There should be a trusted and secure root for the paging structures walk; otherwise, an adversary should not be able to point to random paging structures.
- It is important to guard against arbitrary writes to paging structures.
- Alias attacks should be prevented; that is, an attacker should not be able to create virtual address aliases in order to get around security measures.
Performance
There should be very little performance overhead from the security measures, and there should be no effect from CPU-originated writes to paging structures during address translation (i.e., paging-writes to update access/dirty (A/D) bits).
Interop/compatibility
The OS and security VMM should only require minor code modifications, and using these mechanisms shouldn’t result in any legacy incompatibilities.
Forward mapping (also known as page remapping) and alias mapping exploits are common override attacks for paging structures. When the mapping is altered so that the first virtual address maps to a different (second) physical address, this is known as a forward mapping attack. An alias mapping attack occurs when an existing (original) physical page (which was accessed from the first virtual address with different permissions) is referenced using a different (second) virtual address with different mapping permissions.
Three new virtual-machine extensions (VMX) are defined by the Intel VT-rp architecture, which enables the OS and security hypervisor to counteract paging structure assaults with the aforementioned objectives.
An alternate paging method known as hypervisor-managed linear-address translation (HLAT) is defined by Intel VT-rp. Ordinary paging, the standard type of paging, finds the first paging structure during address translation by using the CR3 register. The HLAT pointer (HLATP), a VM-execution control field in the VMCS, is used to find the first paging structure in HLAT paging, which is enabled by the “enable HLAT” VM-execution control in VMCS. The restart-bit, a new bit that, when set, signals that a translation of a linear address needs to be restarted, distinguishes HLAT paging structures from regular paging structures.
This causes the address translation to resume, after which regular paging is used to translate the linear address. The address and the value of a VM-execution control field in the VMCS known as the HLAT prefix size determine whether HLAT paging is used to convert a particular linear address. By employing the restart bit in HLAT paging structures, the OS or VMM may selectively (i.e., for data that is not security sensitive) permit specific address regions to be translated using the regular paging inside the address range covered by the HLAT prefix.
When used with EPT write permission cleared (to map a paging structure page), Intel VT-rp defines a new per-page EPT control called paging-write access, or PW (enabled via “EPT paging-write control” VM-execution control in VMCS). However, this does not prevent processor-generated paging writes, such as access and dirty bits updates to guest paging structures during paging operations. This safeguards paging structures from arbitrary writes by enabling OS and VMM to mark Intel VT-rp paging structures (and even regular paging structures) as read-only for software accesses while enabling CPU to safely update access/dirty bits during paging operations.
Verify guest paging, also known as VGP (enabled via the “Guest-paging verification” VM-execution control in VMCS), is another new per-page EPT control defined by Intel VT-rp. When combined with PW, it enables a final address translation to have passed through paging structure pages where the PW control was asserted. Page-remapping and alias attacks are handled by VGP. Refer to Fig. 3. Because the VGP marked page must only be translated via Intel VT-rp PW-marked pages, this guarantees that any aliases or page remapping created in the standard paging structures will simply not operate.
In summary, Intel VT-rp gives the OS/VMM a trusted root of page walk (HLATP), a way to mark paging structures as read-only (PW control in EPT), a way to stop alias and page remapping attacks (VGP control in EPT), and a way to keep legacy compatibility for non-security critical regions that are within a range of HLAT prefixes, such as restart-bit in HLAT paging structures. For more thorough information on the ISA specifications of the Intel VT-rp, consult the Intel 64 and IA-32 Architecture Developer Manuals.
Intel VT-rp Applications
For two main software scenarios, these three characteristics can be used in combination or only the PW and VGP.
As illustrated in Fig. 4, security VMMs can allow Intel VT-rp to efficiently enforce guest page table claims. In this case, the guest kernel’s enforced kernel mappings are stored in the HLAT paging structure; the guest’s non-security critical mappings are retrieved from regular paging structures, while the security critical mappings are kept in the HLAT paging structures. As seen in Figure 3 above, the VMM will map HLAT paging structures to the guest kernel as read-only, but with PW indicated in EPT for those, and the final page will be mapped via EPT VGP. The HLAT paging structures for address translation mappings are updated and maintained by the VMM.
The Intel VT-rp EPT controls (PW and VGP) can significantly lower performance overheads for security VMMs that use ordinary paging structure monitoring capabilities. This is because the PW control permits paging-writes produced by the CPU during address translation for read-only paging structures, as illustrated in Figs. 3 and 5. These EPT controls can be turned on separately from the HLAT paging control depicted in Figure 4 to the Intel VT-rp architecture. Because of its enforcement properties, Intel VT-rp prevents A/D bit update emulation exits and allows monitoring of a subset of paging structures.
In conclusion
Attackers are turning to data corruption through paging structure manipulation as a result of the advent of software-based code integrity mechanisms like Microsoft’s HVCI (Hypervisor enforced Code Integrity) and CFG (Control-flow-guard) and technologies like Intel Control-Flow Enforcement Technology (Intel CET). The entire family of sophisticated kernel-mode attack vectors, which alter paging structures to corrupt the kernel or get beyond hardware security measures like supervisor-mode execution prevention (SMEP), and subsequently carry out other attack chains, is lessened by Intel VT-rp. The purpose of Intel VT-rp is to enhance the security offered by virtualization-based security features such as VBS and security hypervisors.
