A data processing system may use virtual machines (VMs) to provide distinct execution environments for distinct software stacks. In particular, a VM provides an execution environment that allows a software stack to execute within that environment as if the software stack were executing within an independent data processing system. The software for managing VMs within a data processing system may be referred to as a hypervisor or a virtual machine monitor (VMM). A data processing system that executes a VMM may be referred to as a host. By contrast, the contents of a VM may be referred to as a guest.
A machine that provides VMs may receive the software stacks for those VMs from other machines at different locations. For instance, a server device that provides VMs may receive a software stack from a remote client device, and the server device may then run that software stack within a VM, on behalf of the client device. An entity that operates such server devices may be referred to as a cloud-service provider (CSP) or VM-service provider (VMSP). Likewise, an entity that operates such client devices may be referred to as a cloud-service consumer (CSC) or VM-service consumer (VMSC). Also, a server device that provides VMs to execute software stacks from client devices may be referred to as a cloud server or a VM server, and the corresponding client devices may be referred to as cloud clients or VM clients. In addition, the software stack from a VM client may be referred to as guest software, and the VM within which the guest software executes may be referred to as a guest VM.
In a VM server with a VMM managing a VM, the VMM has access to the processor state of the VM. For instance, the VMM may use a virtual machine control structure (VMCS) to store data such as guest operating system (OS) state, host OS state, and various types of control and VM exit information. The VMM can also control the execution path of the guest software in the VM. The VMM may read from and write to the VMCS in conjunction with entering or exiting that VM. The VMM may also control the interrupts that the VM receives.
However, if the VMM has been compromised or hacked, the VMM may modify the VMCS in a way that causes the VM to operate improperly. For instance, by modifying data in the VMCS pertaining to guest OS state, the VMM may alter the course of execution of the VM without the permission of the VM. As an example, the VMM can read the processor state of the VM, modify that state, and force the VM to go in single-stepping debug mode.