From mboxrd@z Thu Jan 1 00:00:00 1970 From: R <19890121wr@gmail.com> Subject: [Question] Intercept read access in KVM Date: Thu, 15 Nov 2012 19:43:54 +0800 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 To: kvm@vger.kernel.org Return-path: Received: from mail-vb0-f46.google.com ([209.85.212.46]:48576 "EHLO mail-vb0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2993197Ab2KOLnz (ORCPT ); Thu, 15 Nov 2012 06:43:55 -0500 Received: by mail-vb0-f46.google.com with SMTP id ff1so1538375vbb.19 for ; Thu, 15 Nov 2012 03:43:55 -0800 (PST) Sender: kvm-owner@vger.kernel.org List-ID: Hi, everyone I am studying KVM code. And I try to intercept a guest's read access to a page using VMX and EPT support. According to Intel Manual, the lowest bit of the EPT page table entry is used to control read access to a page. I modified the rmap_write_protect function to remove the VMX_EPT_READABLE_MASK of a spte. This is accomplish by changing the new_spte parameter of mmu_spte_update function. But in KVM, it seems like it is used to indicate whether a page is present or not. So this would trigger the WARN_ON(!is_rmap_spte(new_spte)) and cause the Host to panic. Why can not rmap_write_protect be applied to set the spte to non-present. Does drop_spte function is the only way to intercept a read access of a in guest page. I use kvm-kmod-3.1 and linux kernel 3.1. Can anyone help if I do anything wrong or there is another more elegant way to do it. Thank U for answering. -- Thanks Rui Wu