<aside>
đź’ˇ Due: 10/5/23 at 11:59PM
</aside>
<aside> đź’ˇ Due: 10/12/23 at 11:59PM
</aside>
In SeKVM, the VM memory is protected from accessing by the untrusted host. However, there may be occasions when a VM wants to share some information securely to another VM. Encrypted network channel is one solution, but may not always be available to a VM, for example, a VM may disable the network due to security policy. Therefore, you are going to implement a secure communication channel using shared memory.
Passthrough a memory region to KCore
Hypercall(HVC), an analogous of system call, is the interface used by the kernel and VM to communicate with the hypervisor. Implement the following hypercall to passthrough a range of memory to KCore.
#define SHMEM (EL2_MAX_VMID + 2)
alloc_pages
.Reserve the shared memory in the guest
Guest kernel shared memory driver
The kernel needs to manage the shared memory and provides interfaces for user to access the shared memory in the user space. One way is using a system call, but a system call normally will not allocate user space memory. Instead, you can implement a driver with mmap
operations and map the driver’s memory in the kernel to the user space.
Implement the following device driver:
/dev/sekvm_shmem
.open
, release
, mmap
file operations.mmap
remaps the shared memory to the user space of the caller. You can assume only PROT_READ
and PROT_WRITE
will be used as the protection flag and only MAP_SHARED
will be used as the mapping flag. You may find remap_pfn_range
helpful.open
the device and the remapped memory is unmapped on release
.mmap
will only map disjoint pages to the user space, i.e. no remapping for the same kernel memory.