[BitVisor-devel-en:73] Re: How about handling MMIO

[Hideki EIRAKU]

Hello,

From: Jin Seongwook <swjin ¡÷ calab.kaist.ac.kr>
Subject: [BitVisor-devel-en:72] How about handling MMIO
Date: Tue, 15 Mar 2016 13:21:42 +0900

> I wonder about handling MMIO in bitvisor.
> I've read the bitvisor paper "BitVisor: A thin hypervisor for enforcing I/O
> Device Security".
> In the paper, "MMIOs can be intercepted by using shadow paging".
> I think that if you try to intercept MMIOs, you have to use shadow paging,
> not hardware assisted paging (e.g. NPT, EPT).
> Is is right?

BitVisor 1.3 or later supports Intel EPT/AMD RVI.

> Actually I thought that bitvisor can handle MMIO with NPT. Because Nested
> Paging Fault(NPF) can intercept MMIO.
> So I read codes from VM exiting handle to accesing MMIO page, like
> svm_exit_code() --> do_npf() --> svm_paging_npf() --> svm_np_pagefault()
> --> mmio_access_page().
> I expect that mmio_access_page() calls a registered MMIO handler but
> mmio_access_page just processes CPU emulation.
> The reason intercepts MMIO access is to process something (e.g. checking,
> logging or monitoring) before CPU emulation.
> Is it right?

No.  MMIO handlers need detail information of I/O like:

- Address
- Width (1, 2, 4 or 8 bytes)
- Direction (read or write)
- Data if write access

However, the nested page fault tells VMM only address and direction.
Therefore the VMM needs to read the machine code instruction at the
current instruction pointer in the VM to get width and data.

The cpu emulation code in core/cpu_interpreter.c uses
{read,write}_linearaddr_{b,w,l,q} functions to access virtual memory
in the VM.  The {read,write}_linearaddr_{b,w,l,q} functions are
implemented in core/cpu_mmu.c and they use
{read,write}_gphys_{b,w,l,q} functions to access physical memory in
the VM.  The {read,write}_gphys_{b,w,l,q} functions are implemented in
core/gmm_access.c and they use the mmio_access_memory() function to
call MMIO handlers if necessary.

-- 
Hideki EIRAKU <hdk ¡÷ igel.co.jp>