Re: KVM hook for code integrity checking

[Suen Chun Hui <chunhui.suen@tum.de>]

Hi,

Thanks for the reply.

On 05/05/2010 11:05 AM, Avi Kivity wrote:
> On 04/30/2010 05:53 PM, Suen Chun Hui wrote:
>> Dear KVM developers,
>>
>> I'm currently working on an open source security patch to use KVM to
>> implement code verification on a guest VM in runtime. Thus, it would be
>> very helpful if someone can point to me the right function or place to
>> look at for adding 2 hooks into the KVM paging code to:
>>
>> 1. Detect a new guest page (which I assume will imply a new pte and
>> imply a new spte).
>> Currently, I'm considering putting a hook in the function
>> mmu_set_spte(), but may there is a better place.
>> This hook will be used as the main entry point into the code
>> verification function
>>    
>
> This is in general not possible.  Hosts with npt or ept will not see
> new guest ptes.
>

Yes, I was only considering the case of using shadow paging. Would this
be possible then, since the walker would have to parse gpte anyway?

> It could be done with physical pages, but you'll have no way of
> knowing if the pages are used in userspace, the kernel, or both.
>
>> 2. Detect a write fault to a read-only spte (eg. for the case of
>> updating the dirty bit back to the guest pte)
>> Unfortunately, I'm unable to find an appropriate place where this
>> actually takes place after reading the code many times.
>> This hook will be used to prevent a secondary "peek" page from modifying
>> an existing verified code page.
>>    
>
> set_spte() or mmu_set_spte() may work.
>