Hello,
Have some of you successfully used the KVM_MEM_READONLY slot flag?
I'm working on a project and I'm trying to protect the guest's IDT by using KVM, modifying kvm-all.c.
I'm able to correctly locate the IDT in the host by reading IDTR with KVM_GET_SREGS,
translating it with KVM_TRANSLATE and, by using the KVMSlot struct, I'm able to find the corresponding
host virtual address. I've double checked the addresses with the Qemu Monitor (gpa2hva and gva2gpa) and they
are correct.
Then, I decided to split the slot where the IDT currently lives into three separate ones, setting the IDT in its own private slot and making it
read-only with KVM_MEM_READONLY:
INITIAL SLOT ===> PRE IDT SLOT | IDT SLOT (KVM_MEM_READONLY) | POST IDT SLOT.
By doing this, the VM continues its execution normally. Also, I'm not moving memory in the host when
reassigning slots, so I'm just changing the sizes and the addresses when doing kvm_set_userspace_memory_region,
there's no need to move data anywhere else in my opinion, and this is confirmed by the fact that VM, after doing so, behaves normally.
However, when I try to register a new interrupt handler (for instance for the edu device, just to try it out), it works perfectly,
meaning that the IDT is not really read-only. Do you have any idea why? Any suggestions on how to solve the problem?
Of course I've also checked KVM_CAP_READONLY_MEM, no problem with that.
Anyway, is this the right place to post?
Thank you,
Lorenzo