Re: KVM: MMU: Tracking guest writes through EPT entries

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I have done similar things posted in
http://article.gmane.org/gmane.comp.emulators.kvm.devel/95342/match=tracking+guest+writes+ept
.

However, I found some very weird situations. Basically, in the guest
vm, I allocate a chunk
of memory (with size of a page) in a user level program. Through a guest kernel
level module and my self defined hypercall, I pass the gva of this memory to
kvm. Then I try different methods in the hypercall handler to write protect this
page of memory. You can see that I want to write protect it through ETP instead
of write protected in the guest page tables.

1. I use kvm_mmu_gva_to_gpa_read to translate the gva into gpa. Based on the
function, kvm_mmu_get_spte_hierarchy(vcpu, gpa, spte[4]), I change the codes to
read sptep (the pointer to spte) instead of spte, so I can modify the spte
corresponding to this gpa. What I observe is that if I modify spte[0] (I think
this is the lowest level page table entry corresponding to EPT table; I can
successfully modify it as the changes are reflected in the result of calling
kvm_mmu_get_spte_hierarchy again), but my user level program in vm can still
write to this page.

In this post, it mentioned (the shadow pages in the highest level
(level = 4 on EPT)), I don't understand this part. Does this mean I have to
modify spte[3] instead of spte[0]? I just try modify spte[1] and spte[3], both
can cause vmexit. So I am totally confused about the meaning of level used in
shadow page table and its relations to shadow page table. Can you help me to
understand this?

2. As suggested by this post, I also use rmap_write_protect() to write protect
this page. With kvm_mmu_get_spte_hierarchy(vcpu, gpa, spte[4]), I still can see
that spte[0] gives me results like xxxxxx005, this means that the function is
called successfully and write protected bit is cleared in pte. But
still I can write to this page.

I even try the function kvm_age_hva() to remove this spte, this gives me 0 of
spte[0], but I still can write to this page. So I am further confused about the
level used in the shadow page?

Really thanks and appreciate your reply.


Hugo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux