Re: [Question] Intercept CR3 access in EPT

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

From: Marcelo Tosatti <mtosatti@redhat.com>
To: R <19890121wr@gmail.com>
Cc: kvm@vger.kernel.org
Subject: Re: [Question] Intercept CR3 access in EPT
Date: Mon, 8 Oct 2012 16:37:29 -0300	[thread overview]
Message-ID: <20121008193729.GE18648@amt.cnet> (raw)
In-Reply-To: <CAF2sySMXp6kaGRMpXSWpRRjEMOBbDh4Uk8+1Pjoc_Kb4YLd_mw@mail.gmail.com>

On Mon, Oct 08, 2012 at 04:15:57PM +0800, R wrote:
> Hi,
> 
> I am a student. And my teacher told me to monitor every process in guest.
> So, I try to intercept every Cr3 access. However, if kvm is loaded
> with EPT enable, Acesses to  Cr3  would not cause VM-exit.

Disable EPT by loading kvm-intel.ko module with enable_ept=0 parameter.
Then, CR3 accesses will trap.

> I modified the code to change vmcs configuration.
> To be specific, these functions are rewirted.
> static void ept_update_paging_mode_cr0(unsigned long *hw_cr0,
> 					unsigned long cr0,
> 					struct kvm_vcpu *vcpu)
> {
>             ....
>                 } else if (!is_paging(vcpu)) {
> 		/* From nonpaging to paging */
> 		vmcs_write32(CPU_BASED_VM_EXEC_CONTROL,
> 			     vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) &
> -			     ~(CPU_BASED_CR3_LOAD_EXITING |
> +                           ~(    //   CPU_BASED_CR3_LOAD_EXITING|
> 			       CPU_BASED_CR3_STORE_EXITING));
>           ....
> }
> 
> static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
> {
>          ...
>                 if (_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) {
> 		/* CR3 accesses and invlpg don't need to cause VM Exits when EPT
> 		   enabled */
> -		_cpu_based_exec_control &= ~(CPU_BASED_CR3_LOAD_EXITING |
> +              _cpu_based_exec_control &= ~(     //
> CPU_BASED_CR3_LOAD_EXITING |
> 					     CPU_BASED_CR3_STORE_EXITING |
> 					     CPU_BASED_INVLPG_EXITING);
>         ....
> }
> 
> I though it can force every Cr3 access to be trapped with EPT enable.
> However, VM seems to fail to boot when it changes from nonpaging to
> paging.
> Do U guys have any idea? Or Can someone tell me how can I intercept
> Cr3 access and why can not it work?
> 
> Thank U for answering.

> 
> -- 
> Thanks
> Rui Wu
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2012-10-08 19:37 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-10-08  8:15 [Question] Intercept CR3 access in EPT R
2012-10-08 19:37 ` Marcelo Tosatti [this message]
2012-10-09  1:21   ` R

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20121008193729.GE18648@amt.cnet \
    --to=mtosatti@redhat.com \
    --cc=19890121wr@gmail.com \
    --cc=kvm@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox