From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jaspal Subject: Using kvm_mmu_remove_write_access to write-protect pages Date: Mon, 10 Sep 2012 10:44:48 +0530 Message-ID: <504D7748.1090007@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit To: kvm@vger.kernel.org Return-path: Received: from mail-pz0-f46.google.com ([209.85.210.46]:49690 "EHLO mail-pz0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751294Ab2IJFOx (ORCPT ); Mon, 10 Sep 2012 01:14:53 -0400 Received: by dady13 with SMTP id y13so1143014dad.19 for ; Sun, 09 Sep 2012 22:14:52 -0700 (PDT) Sender: kvm-owner@vger.kernel.org List-ID: Hello , I want to capture all the writes taking place in a guest os and tried to write-protect the pages using a hypercall in this way ( host with ept , guest & host 64 bit linux) : case 0x99999996 : { struct kvm *kvm=vcpu->kvm; spin_lock(&kvm->mmu_lock); struct kvm_memslots *slots = kvm->memslots; int i = 0; for (i = 0; i < KVM_MEM_SLOTS_NUM; i++){ kvm_mmu_slot_remove_write_access(kvm, slots->id_to_index[i]); } spin_unlock(&kvm->mmu_lock); } break; guest kernel module ( to test ) : unsigned long addr = __get_free_page(GFP_KERNEL); wrmsrl(0x99999996, 0); strcpy((char *)addr, "K"); strcpy((char *)addr, "V"); strcpy((char *)addr, "M"); How do I mark the ept entries as write-protect again after the first strcpy from within kvm itself so that I can catch it in kvm_mmu_page_fault with an error_code = 3 ( write + page present ) ? Also , is it correct to say that shadow page tables are in fact the ept tables and shadow page cache , the ept tlb ( where the x86 hardware searches for the gva<--> hva translations ) ? Thanks , Jaspal