Nested support

Question

Nested support

Closed this issue 7 years ago · 7 comments

Is nested support functional? I would like to reproduce this scenario for academic purpose for RDTSC integrity:

L0 KSM -> L1 KSM (Malicious)
L0 controls RDTSC/RDTSCP exit handler, L1 tries to controls them.
Guest software call RDTSC, L0 returns the bare machine value WITHOUT invoking L1

Can I do this?

Answer 1 · 2017-10-11T12:02:45.000Z

Nesting support is minimal, but it's quite trivial to add new code to it.

Yes, you can do it, since L0 gets the real VM exit anyway, or you can just strip their RDTSC/RDTSCP controls in the vmwrite VM exit handler.

Answer 2 · 2017-10-13T09:40:58.000Z

I'm sorry if I'm being annoying, but do you have some literature on how can I do this or can you give me a brief how to?

Answer 3 · 2017-10-13T12:24:28.000Z

nested_can_handle decides whether L0 will exit to L1 to handle the event, you can modify that to your needs or simply modify nested_vmcs_write to mask out the RDTSC exiting bit.

Answer 4 · 2017-10-13T13:01:15.000Z

Thanks! The nested VM should be KSM or any other?

Answer 5 · 2017-10-13T13:17:03.000Z

KSM may not be able to nest itself. Up to you.

Answer 6 · 2017-10-13T14:19:42.000Z

But should I use any other hypervisor?

Answer 7 · 2017-10-13T16:01:07.000Z

Like I said, it's up to you. Some may not work because it doesn't emulate many important features, by they are quite easy to add.

If you decide to go with KSM, then make sure to change device name, etc so it can be loaded a second time.