kvm icon indicating copy to clipboard operation
kvm copied to clipboard
verified publisher icon KVM-VMI

How to achieve page_protect in kvmi

Open qth1991 opened this issue 6 years ago • 1 comments

Hi,I'm interested in introspected VM, I find that you make "kvm_slot_page_track_add_page" to set one slot of write_protect.But I can't find what new processes have you added in "handle_ept_violation" if this slot trigger write_protect. Could you tell me ? By the way I can't find the function implementation code of "trace_kvm_page_faule"、"trace_kvmi_set_gfn_access"...etc. Thank you!

qth1991 avatar Oct 30 '19 08:10 qth1991

From handle_ept_violation()/kvm_mmu_page_fault() the instruction (which caused the vmexit) will be emulated. The write callbacks (e.g. emulator_write_phys()) used by the emulator will call kvm_page_track_prewrite() which calls kvmi_track_prewrite().

You can find the trace functions in arch/x86/kvm/trace.h and include/trace/events/kvmi.h.

You can browse the introspection patches starting with 40d62aea803ab5e7a9c4d6eeda53f468beec2a43 from Aug 8.

adlazar avatar Oct 30 '19 09:10 adlazar