Brendan Dolan-Gavitt wrote:
Hi,
I'm working on a patch to let me monitor reads and writes to a
particular guest page. The overall strategy is:
1. Mark the guest page as non-present.
2. In the PF handler, if the access is to the monitored page, log, and
emulate the instruction.
When I asked about this in #kvm, some kind folks pointed out that this
is how MMIO is handled. So after looking through the MMIO code, the
new plan is:
1. Create a new MMIO handler (a kvm_io_device) that will shadow a
guest page.
2. Copy the page to be monitored from the guest and store it in the
private region of the new IO device. (using kvm_read_guest).
Basically, create a shadow copy of the page.
3. Mark the page as non-present.
4. Register the IO device, have its in_range check whether the address
is in the page being watched.
5. In the IO device's read/write handler, service reads and writes
from the shadow copy, and log.
So I have two questions:
1. Does this all seem reasonably correct?
2. What's the best way to accomplish step 3? I can't seem to find a
function in mmu.c that will do this, but it seems overly complicated
to use kvm_guest_write to modify the PTE by hand.
It's the other way round. All pages are not-present unless made present
by the mmu.
All you have to do is _not_ register a memory slot that contains your
page. When the guest accesses this memory, the mmu will _not_
instantiate a present pte, and will forward all accesses to your mmio
handler.
It's going to be slow, though.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
