From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:47115)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <chenwj@cs.nctu.edu.tw>) id 1Sz1iT-0002Lj-8x
	for qemu-devel@nongnu.org; Wed, 08 Aug 2012 04:34:13 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <chenwj@cs.nctu.edu.tw>) id 1Sz1iM-0006Dt-SR
	for qemu-devel@nongnu.org; Wed, 08 Aug 2012 04:34:09 -0400
Received: from csmailer.cs.nctu.edu.tw ([140.113.235.130]:56932)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <chenwj@cs.nctu.edu.tw>) id 1Sz1iM-0006Dl-C0
	for qemu-devel@nongnu.org; Wed, 08 Aug 2012 04:34:02 -0400
Date: Wed, 8 Aug 2012 16:33:57 +0800
From: =?utf-8?B?6Zmz6Z+L5Lu7IChXZWktUmVuIENoZW4p?= <chenwj@iis.sinica.edu.tw>
Message-ID: <20120808083357.GA89605@cs.nctu.edu.tw>
References: <20120808073856.GA84469@cs.nctu.edu.tw>
	<CAFEAcA-n5M9zkS=mDHLm1HAzurWRayLtm-0TY4ZN_Ax4CEpyGQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAFEAcA-n5M9zkS=mDHLm1HAzurWRayLtm-0TY4ZN_Ax4CEpyGQ@mail.gmail.com>
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] Is it possible to detect guest OS modifying pte
 inside QEMU?
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, =?utf-8?B?6Zmz6Z+L5Lu7IChXZWktUmVuIENoZW4p?= <chenwj@iis.sinica.edu.tw>

On Wed, Aug 08, 2012 at 09:05:18AM +0100, Peter Maydell wrote:
> On 8 August 2012 08:38, =E9=99=B3=E9=9F=8B=E4=BB=BB (Wei-Ren Chen) <che=
nwj@iis.sinica.edu.tw> wrote:
> >   Just for research, we are studying if we can leave the guest page
> > table walk to underlying hardware rather than using software emulatio=
n
> > (like current approach). So, maybe (if *doable*) we can use x86 hardw=
are
> > to help us to walk guest (like ARM) page table. The rough idea is we
> > have to maintain a x86-format shadow page table for the corresponding
> > ARM page table, point host cr3 to the shadow page table, and let x86
> > hardware do its job. The problem is, we have to aware that guest is
> > modifying its guest page table entry so that we can sync its corrspon=
ding
> > shadow page table. But, we still haven't find a good way to know when
> > the guest OS is modifying guest page table entry.
>=20
> Make it read-only for the guest, and then when you get the exception wh=
en
> the guest tries to write it, you can (a) do what you need to do and (b)
> emulate the failing write insn.

  You mean like what KVM does for shadow page table? I think we should
mprotect the QEMU virtual memory which is allocated as a guest page
table by the guest OS, right? If so, how do we know what (QEMU) virtual
memory we should protect? The other way I was thought of is to see if
we can aware some guest code sequence modifying pte, but so far no clue
to it.

Regards,
chenwj

--=20
Wei-Ren Chen (=E9=99=B3=E9=9F=8B=E4=BB=BB)
Computer Systems Lab, Institute of Information Science,
Academia Sinica, Taiwan (R.O.C.)
Tel:886-2-2788-3799 #1667
Homepage: http://people.cs.nctu.edu.tw/~chenwj