[Qemu-devel] Nested virtual machine introspection

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Nested virtual machine introspection

From:	Jidong Xiao
Subject:	[Qemu-devel] Nested virtual machine introspection
Date:	Sat, 6 Jul 2019 19:20:31 -0600

Hi,

We are working on a project where we need to explore the virtual
machine introspection technique in a nested environment. More
specifically, we want to know if from L0, we can reconstruct the
process list of L2. And to begin with, we just want to explore a
relatively simple case, i.e., only one virtual machine at L1, and only
one virtual machine at L2.

Several studies have shown that from L0, people can reconstruct the
process list of L1. For example, in the context of Qemu/KVM, the
process linked list of L1 basically is existing in the L1's kernel
space. And in Qemu, the function cpu_memory_rw_debug() allows us to
access the virtual memory of L1. With the help of this function, we
will be able to scan L1's kernel space thus reconstruct the process
linked list.

Now considering there is L2, can we still use cpu_memory_rw_debug() to
scan somewhere and find out L2's process linked list? We have tried,
but it doesn't work. Any hints on this? Like where exactly shall we
search?

We have been stuck in here for quite a while, any suggestions would be
truly appreciated.

Thanks!

-Jidong

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Nested virtual machine introspection, Jidong Xiao <=

Prev by Date: Re: [Qemu-devel] [PATCH v2 2/2] ipmi: Add a UUID device property
Next by Date: Re: [Qemu-devel] [PATCH v3 1/6] block/nvme: don't touch the completion entries
Previous by thread: [Qemu-devel] [PATCH v3 0/4] m68k: Add basic support for the NeXTcube machine
Next by thread: [Qemu-devel] [PATCH v6 00/14] Build ACPI Heterogeneous Memory Attribute Table (HMAT)
Index(es):
- Date
- Thread