Hi,
I'm working on a patch to let me monitor reads and writes to a
particular guest page. The overall strategy is:
1. Mark the guest page as non-present.
2. In the PF handler, if the access is to the monitored page, log,
and emulate the instruction.
When I asked about this in #kvm, some kind folks pointed out that
this is how MMIO is handled. So after looking through the MMIO code,
the new plan is:
1. Create a new MMIO handler (a kvm_io_device) that will shadow a
guest page.
2. Copy the page to be monitored from the guest and store it in the
private region of the new IO device. (using kvm_read_guest).
Basically, create a shadow copy of the page.
3. Mark the page as non-present.
4. Register the IO device, have its in_range check whether the
address is in the page being watched.
5. In the IO device's read/write handler, service reads and writes
from the shadow copy, and log.
So I have two questions:
1. Does this all seem reasonably correct?
2. What's the best way to accomplish step 3? I can't seem to find a
function in mmu.c that will do this, but it seems overly complicated
to use kvm_guest_write to modify the PTE by hand.
Thanks in advance,
Brendan Dolan-Gavitt
PhD Student, GTISC (Georgia Tech)
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
