Hello ,
I want to capture all the writes taking place in a guest os and tried to
write-protect the pages using a hypercall in this way ( host with ept ,
guest & host 64 bit linux) :
case 0x99999996 :
{
struct kvm *kvm=vcpu->kvm;
spin_lock(&kvm->mmu_lock);
struct kvm_memslots *slots = kvm->memslots;
int i = 0;
for (i = 0; i < KVM_MEM_SLOTS_NUM; i++){
kvm_mmu_slot_remove_write_access(kvm,
slots->id_to_index[i]);
}
spin_unlock(&kvm->mmu_lock);
}
break;
guest kernel module ( to test ) :
unsigned long addr = __get_free_page(GFP_KERNEL);
wrmsrl(0x99999996, 0);
strcpy((char *)addr, "K");
strcpy((char *)addr, "V");
strcpy((char *)addr, "M");
How do I mark the ept entries as write-protect again after the first
strcpy from within kvm itself so that I can catch it in
kvm_mmu_page_fault with an error_code = 3 ( write + page present ) ?
Also , is it correct to say that shadow page tables are in fact the ept
tables and shadow page cache , the ept tlb ( where the x86 hardware
searches for the gva<--> hva translations ) ?
Thanks ,
Jaspal
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
