Accessing guest memory from the host

Accessing guest memory from the host

[Gioacchino Mendola]

hello everyone,

I'm trying to access guest memory from the host machine (x86_64).
In particular I would like to be able to find
the "physical" memory addresses the host machine allocates for the guest vm.
Is there any function in KVM that allows me to do that?
Could any of you please help me clarify the subject
or point me to some detailed documentation?

Thanks in advance,

GM

Re: Accessing guest memory from the host

[Avi Kivity]

Gioacchino Mendola wrote:
> hello everyone,
>
> I'm trying to access guest memory from the host machine (x86_64).
> In particular I would like to be able to find
> the "physical" memory addresses the host machine allocates for the guest vm.
> Is there any function in KVM that allows me to do that?
> Could any of you please help me clarify the subject
> or point me to some detailed documentation?
>   

There is no direct mapping between guest physical addresses to host 
physical addresses.  kvm allocates memory on demand (when the guest 
first accesses it), so when a VM is started no memory is allocated to 
it.  Further, kvm can swap guest memory, so the host address can 
disappear or move.

What are you trying to accomplish?

-- 
error compiling committee.c: too many arguments to function

Accessing guest memory from the host

[Gioacchino Mendola]

I would like,
with security in mind (see lkcd.sourceforge.net),
to be able to access guest -kernel- memory content from the host
(x86_64 Intel VT).

As far as I know on x86 you can only r/w access memory if you can map
it with the pagetables
(i.e. no direct physical addressing is possible).

If I am correct, I need some "sort" of pagetable mapping/translation
and I hope to be able to find some (even just partially)
useful function inside kvm/qemu.

Thanks in advance,

GM

Re: Accessing guest memory from the host

[Gioacchino Mendola]

cpu_physical_memory_read(target_phys_addr_t addr, uint8_t *buf, int len)

requires as input parameter the "physical"? memory address...

My goal is to be able to scan the --entire-- guest kernel memory
in search for particular content patterns.

How would you proceed?
Where can I get start and end addresses that are of interest to me?
I doubt a -linear- scan between those addresses would work for my goals?
Am I wrong?

thanks in advance for any hint,

GM

    From: Avi Kivity

    Date: 2009/2/4
    Subject: Re: Accessing guest memory from the host
    To: Gioacchino Mendola <gioacchino.mendola@gmail.com>


    Gioacchino Mendola wrote:

        I would like,
        with security in mind (see lkcd.sourceforge.net),
        to be able to access guest -kernel- memory content from the host
        (x86_64 Intel VT).

        As far as I know on x86 you can only r/w access memory if you can map
        it with the pagetables
        (i.e. no direct physical addressing is possible).

        If I am correct, I need some "sort" of pagetable mapping/translation
        and I hope to be able to find some (even just partially)
        useful function inside kvm/qemu.



    You can read any memory you like from withing qemu with
    cpu_physical_memory_read(), without touching page tables at all.