Hi, Thanks for the reply. On 05/05/2010 11:05 AM, Avi Kivity wrote: > On 04/30/2010 05:53 PM, Suen Chun Hui wrote: >> Dear KVM developers, >> >> I'm currently working on an open source security patch to use KVM to >> implement code verification on a guest VM in runtime. Thus, it would be >> very helpful if someone can point to me the right function or place to >> look at for adding 2 hooks into the KVM paging code to: >> >> 1. Detect a new guest page (which I assume will imply a new pte and >> imply a new spte). >> Currently, I'm considering putting a hook in the function >> mmu_set_spte(), but may there is a better place. >> This hook will be used as the main entry point into the code >> verification function >> > > This is in general not possible. Hosts with npt or ept will not see > new guest ptes. > Yes, I was only considering the case of using shadow paging. Would this be possible then, since the walker would have to parse gpte anyway? > It could be done with physical pages, but you'll have no way of > knowing if the pages are used in userspace, the kernel, or both. > >> 2. Detect a write fault to a read-only spte (eg. for the case of >> updating the dirty bit back to the guest pte) >> Unfortunately, I'm unable to find an appropriate place where this >> actually takes place after reading the code many times. >> This hook will be used to prevent a secondary "peek" page from modifying >> an existing verified code page. >> > > set_spte() or mmu_set_spte() may work. > -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
