On 10/2/07, Cam Macdonell <[EMAIL PROTECTED]> wrote: > Anthony Liguori wrote: > > Cam Macdonell wrote: > >> Anthony Liguori wrote: > >>> Cameron Macdonell wrote: > >>>> Hi, > >>>> > >>>> I'm trying to understand guest virtualization at the lower levels. > >>>> I have a somewhat basic question: How does KVM virtualize an > >>>> int80 instruction from a guest? A pointer to an answer is just as > >>>> good as an answer itself. > >>>> > >>> > >>> The same thing happens as it does on normal hardware. > >>> > >>> The way VT/SVM works (at a high level), is that certain instructions > >>> and events check a special area called the VMCS/VMCB to determine > >>> whether the event should generate a vmexit which is really just a > >>> special type of trap. > >>> > >> > >> Thanks Anthony. Does an int80 from an application in the guest always > >> cause a vmexit (in kvm's case at least)? > > > > No, an int80 would never generate a trap in KVM. The only way to make > > it generate a trap is for an int80 to trigger some other event that > > would generate a trap. This is what I meant by taking over the guest's > > IDT such that you could change the int80 handler to do a hypercall. > > > > I presume you're looking into doing a guest IDS right? > > > > Actually, I looking into doing a PhD dissertation :) I'm just trying to > get a better working understanding of how kvm (and other VMMs) handle > instructions like int80 that should trap into the OS, but of course in a > VM need to trap into the guest OS (which is running at user-level) and > not the host OS. Do traps by a guest app to the guest OS involve the > VMM at all? > > Pardon my ignorance, what is IDS? >
IDS stands for Intrusion Detection System. Anthony thought that you want to monitor int80 to detect illegal usage of system calls. regards, Jun ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
