Purpose
Unlike other hypervisors (e.g. KVM, XEN, etc.), KSM's purpose is not to run other Operating Systems, instead, KSM can be used as an extra layer of protection to the existing running OS. This type of virtualization is usually seen in Anti-viruses, or sandboxers or even Viruses. KSM also supports nesting, that means it can emulate other hardware-assisted virtualization tools (VT-x).

Features:
IDT Shadowing
EPT violation #VE (enabled only when support is present)
EPTP switching VMFUNC (if not available natively, it will be emulated using a VMCALL)
Builtin Userspace physical memory sandboxer (Optional)
Builtin Introspection engine (Optional)
APIC virtualization (Experimental, do not use)
VMX Nesting (Experimental, do not use)

Supported Kernels:
Windows NT kernel (7/8/8.1/10)
Linux kernel (tested under 3.16, 4.8.13 and mainline)

Requirements
An Intel processor (with VT-x and EPT support)
A working C compiler (GCC or Microsoft compiler aka CL are supported)
这份代码的作者参考了KVM和XEN 很多地方写的比较专业,代码方面用了一些比较新的特性 所以对一些老的CPU支持不是很好,最低支持到4代U xeon系列 不清楚.
我准备开坑写几章来分析这一份代码。
GitHub地址:Ksm
2017/5/25写序.

本站文章基于国际协议BY-NA-SA 4.0协议共享;
如未特殊说明,本站文章皆为原创文章,请规范转载。

0

博客管理员