The KVM introspection subsystem provides a facility for applications
running on the host or in a separate VM, to control the execution of
other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs,
MSRs etc.), alter the page access bits in the shadow page tables (only
for the hardware backed ones, eg. Intel's EPT) and receive notifications
when events of interest have taken place (shadow page table level faults,
key MSR writes, hypercalls etc.). Some notifications can be responded
to with an action (like preventing an MSR from being written), others
are mere informative (like breakpoint events which can be used for
execution tracing). With few exceptions, all events are optional. An
application using this subsystem will explicitly register for them.
The use case that gave way for the creation of this subsystem is to
monitor the guest OS and as such the ABI/API is highly influenced by how
the guest software (kernel, applications) sees the world. For example,
some events provide information specific for the host CPU architecture
(eg. MSR_IA32_SYSENTER_EIP) merely because its leveraged by guest software
to implement a critical feature (fast system calls).
At the moment, the target audience for KVMI are security software authors
that wish to perform forensics on newly discovered threats (exploits)
or to implement another layer of security like preventing a large set
of kernel rootkits simply by "locking" the kernel image in the shadow
page tables (ie. enforce .text r-x, .rodata rw- etc.). It's the latter
case that made KVMI a separate subsystem, even though many of these
features are available in the device manager. The ability to build a
security application that does not interfere (in terms of performance)
with the guest software asks for a specialized interface that is designed
for minimum overhead.
This patch series is based on kvm/master,
commit 2f13437b8917 ("Merge tag 'trace-v5.5-2' of
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace").
The previous RFC (v6) can be read here:
https://lore.kernel.org/kvm/20190809160047.8319-1-alazar at bitdefender.com/
Patches 1-35: make preparatory changes
Patches 36-76: add basic introspection capabilities
Patch 77: support introspection tools that write-protect guest page tables
Patch 78: notify the introspection tool even on emulation failures
(when the read/write callbacks used by the emulator,
kvm_page_preread/kvm_page_prewrite, are not invoked)
Changes since v6:
- this is a subset of the previous version, as Sean and Paolo suggested,
keeping "only" the basic introspection capabilities
- add a x86_64 test in tools/testing/selftests/kvm [Paolo]
- simplify the requests/replies handling [Paolo]
- add a new ioctl (PREHOOK) to notify the introspection tool to unhook
[Paolo, Sean]
- add two new commands KVMI_VCPU_CONTROL_SINGLESTEP
and KVMI_VCPU_TRANSLATE_GVA [Mathieu]
- restore the status of MSRs, CR3, descriptors access interception
and prevent conflicts with userspace [Sean]
- other fixes for allmost all the issues pointed in the previous
code review [Sean, Paolo]
Adalbert Laz?r (19):
sched/swait: add swait_event_killable_exclusive()
KVM: add new error codes for VM introspection
KVM: add kvm_vcpu_kick_and_wait()
KVM: doc: fix the hypercall numbering
KVM: x86: add .control_cr3_intercept() to struct kvm_x86_ops
KVM: x86: add .control_desc_intercept()
KVM: x86: intercept the write access on sidt and other emulated
instructions
KVM: introspection: add hook/unhook ioctls
KVM: introspection: add permission access ioctls
KVM: introspection: add the read/dispatch message function
KVM: introspection: add KVMI_GET_VERSION
KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT
KVM: introspection: add KVMI_EVENT_UNHOOK
KVM: introspection: add KVMI_VM_CONTROL_EVENTS
KVM: introspection: add a jobs list to every introspected vCPU
KVM: introspection: add KVMI_VCPU_PAUSE
KVM: introspection: add KVMI_EVENT_PAUSE_VCPU
KVM: introspection: extend KVMI_GET_VERSION with struct kvmi_features
KVM: introspection: add KVMI_VCPU_TRANSLATE_GVA
Marian Rotariu (1):
KVM: introspection: add KVMI_VCPU_GET_CPUID
Mathieu Tarral (1):
export kill_pid_info()
Mihai Don?u (34):
KVM: x86: add kvm_arch_vcpu_get_regs() and kvm_arch_vcpu_get_sregs()
KVM: x86: avoid injecting #PF when emulate the VMCALL instruction
KVM: x86: add .control_msr_intercept()
KVM: x86: vmx: use a symbolic constant when checking the exit
qualifications
KVM: x86: save the error code during EPT/NPF exits handling
KVM: x86: add .fault_gla()
KVM: x86: add .spt_fault()
KVM: x86: add .gpt_translation_fault()
KVM: x86: extend kvm_mmu_gva_to_gpa_system() with the 'access'
parameter
KVM: x86: page track: provide all page tracking hooks with the guest
virtual address
KVM: x86: page track: add track_create_slot() callback
KVM: x86: page_track: add support for preread, prewrite and preexec
KVM: x86: wire in the preread/prewrite/preexec page trackers
KVM: introduce VM introspection
KVM: introspection: add KVMI_VM_GET_INFO
KVM: introspection: add KVMI_VM_READ_PHYSICAL/KVMI_VM_WRITE_PHYSICAL
KVM: introspection: handle vCPU introspection requests
KVM: introspection: handle vCPU commands
KVM: introspection: add KVMI_VCPU_GET_INFO
KVM: introspection: add KVMI_VCPU_CONTROL_EVENTS
KVM: introspection: add KVMI_VCPU_GET_REGISTERS
KVM: introspection: add KVMI_VCPU_SET_REGISTERS
KVM: introspection: add KVMI_EVENT_HYPERCALL
KVM: introspection: add KVMI_EVENT_BREAKPOINT
KVM: introspection: add KVMI_VCPU_CONTROL_CR and KVMI_EVENT_CR
KVM: introspection: add KVMI_VCPU_INJECT_EXCEPTION + KVMI_EVENT_TRAP
KVM: introspection: add KVMI_EVENT_XSETBV
KVM: introspection: add KVMI_VCPU_GET_XSAVE
KVM: introspection: add KVMI_VCPU_GET_MTRR_TYPE
KVM: introspection: add KVMI_VCPU_CONTROL_MSR and KVMI_EVENT_MSR
KVM: introspection: add KVMI_VM_SET_PAGE_ACCESS
KVM: introspection: add KVMI_EVENT_PF
KVM: introspection: emulate a guest page table walk on SPT violations
due to A/D bit updates
KVM: x86: call the page tracking code on emulation failure
Mircea C?rjaliu (2):
KVM: x86: disable gpa_available optimization for fetch and page-walk
NPF/EPT violations
KVM: introspection: add vCPU related data
Nicu?or C??u (19):
KVM: x86: add kvm_arch_vcpu_set_regs()
KVM: x86: add .bp_intercepted() to struct kvm_x86_ops
KVM: x86: add .cr3_write_intercepted()
KVM: x86: add .desc_intercepted()
KVM: x86: export .msr_write_intercepted()
KVM: x86: use MSR_TYPE_R, MSR_TYPE_W and MSR_TYPE_RW with AMD code too
KVM: svm: pass struct kvm_vcpu to set_msr_interception()
KVM: vmx: pass struct kvm_vcpu to the intercept msr related functions
KVM: x86: add .control_singlestep()
KVM: x86: export kvm_arch_vcpu_set_guest_debug()
KVM: x86: export kvm_inject_pending_exception()
KVM: x86: export kvm_vcpu_ioctl_x86_get_xsave()
KVM: introspection: restore the state of #BP interception on unhook
KVM: introspection: restore the state of CR3 interception on unhook
KVM: introspection: add KVMI_EVENT_DESCRIPTOR
KVM: introspection: restore the state of descriptor interception on
unhook
KVM: introspection: restore the state of MSR interception on unhook
KVM: introspection: add KVMI_VCPU_CONTROL_SINGLESTEP
KVM: introspection: add KVMI_EVENT_SINGLESTEP
?tefan ?icleru (2):
KVM: add kvm_get_max_gfn()
KVM: introspection: add KVMI_VM_GET_MAX_GFN
Documentation/virt/kvm/api.txt | 115 +
Documentation/virt/kvm/hypercalls.txt | 36 +-
Documentation/virt/kvm/kvmi.rst | 1413 +++++++++++++
arch/x86/include/asm/kvm_emulate.h | 1 +
arch/x86/include/asm/kvm_host.h | 36 +-
arch/x86/include/asm/kvm_page_track.h | 71 +-
arch/x86/include/asm/kvmi_host.h | 91 +
arch/x86/include/asm/vmx.h | 2 +
arch/x86/include/uapi/asm/kvmi.h | 147 ++
arch/x86/kvm/Kconfig | 9 +
arch/x86/kvm/Makefile | 2 +
arch/x86/kvm/emulate.c | 4 +
arch/x86/kvm/kvmi.c | 1168 +++++++++++
arch/x86/kvm/mmu.h | 4 +
arch/x86/kvm/mmu/mmu.c | 160 +-
arch/x86/kvm/mmu/page_track.c | 142 +-
arch/x86/kvm/svm.c | 272 ++-
arch/x86/kvm/vmx/vmx.c | 265 ++-
arch/x86/kvm/vmx/vmx.h | 4 -
arch/x86/kvm/x86.c | 296 ++-
drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +-
include/linux/kvm_host.h | 18 +
include/linux/kvmi_host.h | 126 ++
include/linux/swait.h | 11 +
include/uapi/linux/kvm.h | 20 +
include/uapi/linux/kvm_para.h | 5 +
include/uapi/linux/kvmi.h | 217 ++
kernel/signal.c | 1 +
tools/testing/selftests/kvm/Makefile | 1 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 1864 +++++++++++++++++
virt/kvm/introspection/kvmi.c | 1408 +++++++++++++
virt/kvm/introspection/kvmi_int.h | 178 ++
virt/kvm/introspection/kvmi_msg.c | 1149 ++++++++++
virt/kvm/kvm_main.c | 69 +
34 files changed, 9132 insertions(+), 175 deletions(-)
create mode 100644 Documentation/virt/kvm/kvmi.rst
create mode 100644 arch/x86/include/asm/kvmi_host.h
create mode 100644 arch/x86/include/uapi/asm/kvmi.h
create mode 100644 arch/x86/kvm/kvmi.c
create mode 100644 include/linux/kvmi_host.h
create mode 100644 include/uapi/linux/kvmi.h
create mode 100644 tools/testing/selftests/kvm/x86_64/kvmi_test.c
create mode 100644 virt/kvm/introspection/kvmi.c
create mode 100644 virt/kvm/introspection/kvmi_int.h
create mode 100644 virt/kvm/introspection/kvmi_msg.c
base-commit: 2f13437b8917627119d163d62f73e7a78a92303a
CC: Jan Kiszka <jan.kiszka at siemens.com>
CC: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
CC: Mathieu Tarral <mathieu.tarral at protonmail.com>
CC: Patrick Colp <patrick.colp at oracle.com>
CC: Samuel Laur?n <samuel.lauren at iki.fi>
CC: Stefan Hajnoczi <stefanha at redhat.com>
CC: Tamas K Lengyel <tamas at tklengyel.com>
CC: Weijiang Yang <weijiang.yang at intel.com>
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 01/78] sched/swait: add swait_event_killable_exclusive()
When a vCPU is introspected, it waits for introspection commands or event
replies. If the introspection channel is closed, the receiving thread
will wake-up the vCPU threads. With this function the vCPU thread will
wake-up on SIGKILL too.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
include/linux/swait.h | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/include/linux/swait.h b/include/linux/swait.h
index 73e06e9986d4..9c53383219f6 100644
--- a/include/linux/swait.h
+++ b/include/linux/swait.h
@@ -297,4 +297,15 @@ do { \
__ret; \
})
+#define __swait_event_killable(wq, condition) \
+ ___swait_event(wq, condition, TASK_KILLABLE, 0, schedule())
+
+#define swait_event_killable_exclusive(wq, condition) \
+({ \
+ int __ret = 0; \
+ if (!(condition)) \
+ __ret = __swait_event_killable(wq, condition); \
+ __ret; \
+})
+
#endif /* _LINUX_SWAIT_H */
From: Mathieu Tarral <mathieu.tarral at protonmail.com>
This function is used by KVMI (KVM introspection sub-system) to
ungracefully shutdown the guest when an introspection tool requests it.
A security application will use it as a last resort in stopping the
spread of a malware from a guest
Signed-off-by: Mathieu Tarral <mathieu.tarral at protonmail.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
kernel/signal.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/signal.c b/kernel/signal.c
index bcd46f547db3..461881343991 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -1451,6 +1451,7 @@ int kill_pid_info(int sig, struct kernel_siginfo *info,
struct pid *pid)
*/
}
}
+EXPORT_SYMBOL(kill_pid_info);
static int kill_proc_info(int sig, struct kernel_siginfo *info, pid_t pid)
{
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 03/78] KVM: add new error codes for VM introspection
These new error codes can give the introspection tool more information about why a introspection command failed, helping it to handle some error cases. Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- include/uapi/linux/kvm_para.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/uapi/linux/kvm_para.h b/include/uapi/linux/kvm_para.h index 8b86609849b9..3ce388249682 100644 --- a/include/uapi/linux/kvm_para.h +++ b/include/uapi/linux/kvm_para.h @@ -17,6 +17,10 @@ #define KVM_E2BIG E2BIG #define KVM_EPERM EPERM #define KVM_EOPNOTSUPP 95 +#define KVM_EAGAIN 11 +#define KVM_ENOENT ENOENT +#define KVM_ENOMEM ENOMEM +#define KVM_EBUSY EBUSY #define KVM_HC_VAPIC_POLL_IRQ 1 #define KVM_HC_MMU_OP 2
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 04/78] KVM: add kvm_vcpu_kick_and_wait()
This function is needed for the KVMI_VCPU_PAUSE command. There are
cases when it is easier for the introspection tool if it knows that
the vCPU doesn't run guest code when the command completed, without
the need to wait for the KVMI_EVENT_PAUSE_VCPU event.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
include/linux/kvm_host.h | 1 +
virt/kvm/kvm_main.c | 10 ++++++++++
2 files changed, 11 insertions(+)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 7ed1e2f8641e..2fb276655cc2 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -799,6 +799,7 @@ void kvm_arch_vcpu_blocking(struct kvm_vcpu *vcpu);
void kvm_arch_vcpu_unblocking(struct kvm_vcpu *vcpu);
bool kvm_vcpu_wake_up(struct kvm_vcpu *vcpu);
void kvm_vcpu_kick(struct kvm_vcpu *vcpu);
+void kvm_vcpu_kick_and_wait(struct kvm_vcpu *vcpu);
int kvm_vcpu_yield_to(struct kvm_vcpu *target);
void kvm_vcpu_on_spin(struct kvm_vcpu *vcpu, bool usermode_vcpu_not_eligible);
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 00268290dcbd..ab66d5a08581 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2498,6 +2498,16 @@ void kvm_vcpu_kick(struct kvm_vcpu *vcpu)
EXPORT_SYMBOL_GPL(kvm_vcpu_kick);
#endif /* !CONFIG_S390 */
+void kvm_vcpu_kick_and_wait(struct kvm_vcpu *vcpu)
+{
+ if (kvm_vcpu_wake_up(vcpu))
+ return;
+
+ if (kvm_request_needs_ipi(vcpu, KVM_REQUEST_WAIT))
+ smp_call_function_single(vcpu->cpu, ack_flush, NULL, 1);
+}
+EXPORT_SYMBOL_GPL(kvm_vcpu_kick_and_wait);
+
int kvm_vcpu_yield_to(struct kvm_vcpu *target)
{
struct pid *pid;
From: ?tefan ?icleru <ssicleru at bitdefender.com>
This function is needed for the KVMI_VM_GET_MAX_GFN command.
Signed-off-by: ?tefan ?icleru <ssicleru at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
include/linux/kvm_host.h | 1 +
virt/kvm/kvm_main.c | 23 +++++++++++++++++++++++
2 files changed, 24 insertions(+)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 2fb276655cc2..e826e874b998 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -769,6 +769,7 @@ struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm,
gfn_t gfn);
bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn);
unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn);
void mark_page_dirty(struct kvm *kvm, gfn_t gfn);
+gfn_t kvm_get_max_gfn(struct kvm *kvm);
struct kvm_memslots *kvm_vcpu_memslots(struct kvm_vcpu *vcpu);
struct kvm_memory_slot *kvm_vcpu_gfn_to_memslot(struct kvm_vcpu *vcpu, gfn_t
gfn);
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index ab66d5a08581..20ffc86fd8d1 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1178,6 +1178,29 @@ static int kvm_vm_ioctl_set_memory_region(struct kvm
*kvm,
return kvm_set_memory_region(kvm, mem);
}
+gfn_t kvm_get_max_gfn(struct kvm *kvm)
+{
+ struct kvm_memory_slot *memslot;
+ struct kvm_memslots *slots;
+ gfn_t max_gfn = 0;
+ int i, idx;
+
+ idx = srcu_read_lock(&kvm->srcu);
+ spin_lock(&kvm->mmu_lock);
+
+ for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
+ slots = __kvm_memslots(kvm, i);
+ kvm_for_each_memslot(memslot, slots)
+ max_gfn = max(max_gfn, memslot->base_gfn
+ + memslot->npages);
+ }
+
+ spin_unlock(&kvm->mmu_lock);
+ srcu_read_unlock(&kvm->srcu, idx);
+
+ return max_gfn;
+}
+
int kvm_get_dirty_log(struct kvm *kvm,
struct kvm_dirty_log *log, int *is_dirty)
{
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 06/78] KVM: doc: fix the hypercall numbering
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- Documentation/virt/kvm/hypercalls.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/virt/kvm/hypercalls.txt b/Documentation/virt/kvm/hypercalls.txt index 5f6d291bd004..aff272bede08 100644 --- a/Documentation/virt/kvm/hypercalls.txt +++ b/Documentation/virt/kvm/hypercalls.txt @@ -122,7 +122,7 @@ compute the CLOCK_REALTIME for its clock, at the same instant. Returns KVM_EOPNOTSUPP if the host does not use TSC clocksource, or if clock type is different than KVM_CLOCK_PAIRING_WALLCLOCK. -6. KVM_HC_SEND_IPI +7. KVM_HC_SEND_IPI ------------------------ Architecture: x86 Status: active @@ -142,7 +142,7 @@ corresponds to the APIC ID a2+1, and so on. Returns the number of CPUs to which the IPIs were delivered successfully. -7. KVM_HC_SCHED_YIELD +8. KVM_HC_SCHED_YIELD ------------------------ Architecture: x86 Status: active
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 07/78] KVM: x86: add kvm_arch_vcpu_get_regs() and kvm_arch_vcpu_get_sregs()
From: Mihai Don?u <mdontu at bitdefender.com>
These functions are needed for VM introspection (get registers commands
and all events sending the vCPU registers to the introspection tool).
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/kvm/x86.c | 10 ++++++++++
include/linux/kvm_host.h | 3 +++
2 files changed, 13 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index cf917139de6b..ff0c12a9322d 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -8615,6 +8615,11 @@ int kvm_arch_vcpu_ioctl_get_regs(struct kvm_vcpu *vcpu,
struct kvm_regs *regs)
return 0;
}
+void kvm_arch_vcpu_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
+{
+ __get_regs(vcpu, regs);
+}
+
static void __set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
{
vcpu->arch.emulate_regs_need_sync_from_vcpu = true;
@@ -8710,6 +8715,11 @@ int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu,
return 0;
}
+void kvm_arch_vcpu_get_sregs(struct kvm_vcpu *vcpu, struct kvm_sregs *sregs)
+{
+ __get_sregs(vcpu, sregs);
+}
+
int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu,
struct kvm_mp_state *mp_state)
{
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index e826e874b998..62f5bf82adc0 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -853,9 +853,12 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
struct kvm_translation *tr);
int kvm_arch_vcpu_ioctl_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs);
+void kvm_arch_vcpu_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs);
int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs);
int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu,
struct kvm_sregs *sregs);
+void kvm_arch_vcpu_get_sregs(struct kvm_vcpu *vcpu,
+ struct kvm_sregs *sregs);
int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
struct kvm_sregs *sregs);
int kvm_arch_vcpu_ioctl_get_mpstate(struct kvm_vcpu *vcpu,
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 08/78] KVM: x86: add kvm_arch_vcpu_set_regs()
From: Nicu?or C??u <ncitu at bitdefender.com>
This is needed for the KVMI_VCPU_SET_REGISTERS, but without clearing
the pending exception.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/kvm/x86.c | 13 ++++++++++---
include/linux/kvm_host.h | 2 ++
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index ff0c12a9322d..d0104adf7906 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -8646,8 +8646,15 @@ static void __set_regs(struct kvm_vcpu *vcpu, struct
kvm_regs *regs)
kvm_rip_write(vcpu, regs->rip);
kvm_set_rflags(vcpu, regs->rflags | X86_EFLAGS_FIXED);
+}
- vcpu->arch.exception.pending = false;
+void kvm_arch_vcpu_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs,
+ bool clear_exception)
+{
+ __set_regs(vcpu, regs);
+
+ if (clear_exception)
+ vcpu->arch.exception.pending = false;
kvm_make_request(KVM_REQ_EVENT, vcpu);
}
@@ -8655,7 +8662,7 @@ static void __set_regs(struct kvm_vcpu *vcpu, struct
kvm_regs *regs)
int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
{
vcpu_load(vcpu);
- __set_regs(vcpu, regs);
+ kvm_arch_vcpu_set_regs(vcpu, regs, true);
vcpu_put(vcpu);
return 0;
}
@@ -9059,7 +9066,7 @@ static int sync_regs(struct kvm_vcpu *vcpu)
return -EINVAL;
if (vcpu->run->kvm_dirty_regs & KVM_SYNC_X86_REGS) {
- __set_regs(vcpu, &vcpu->run->s.regs.regs);
+ kvm_arch_vcpu_set_regs(vcpu, &vcpu->run->s.regs.regs, true);
vcpu->run->kvm_dirty_regs &= ~KVM_SYNC_X86_REGS;
}
if (vcpu->run->kvm_dirty_regs & KVM_SYNC_X86_SREGS) {
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 62f5bf82adc0..c7ef69015050 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -855,6 +855,8 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
int kvm_arch_vcpu_ioctl_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs);
void kvm_arch_vcpu_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs);
int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs);
+void kvm_arch_vcpu_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs,
+ bool clear_exception);
int kvm_arch_vcpu_ioctl_get_sregs(struct kvm_vcpu *vcpu,
struct kvm_sregs *sregs);
void kvm_arch_vcpu_get_sregs(struct kvm_vcpu *vcpu,
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 09/78] KVM: x86: avoid injecting #PF when emulate the VMCALL instruction
From: Mihai Don?u <mdontu at bitdefender.com> It can happened to end up emulating the VMCALL instruction as a result of the handling of an EPT write fault. In this situation, the emulator will try to unconditionally patch the correct hypercall opcode bytes using emulator_write_emulated(). However, this last call uses the fault GPA (if available) or walks the guest page tables at RIP, otherwise. The trouble begins when using KVMI, when we forbid the use of the fault GPA and fallback to the guest pt walk: in Windows (8.1 and newer) the page that we try to write into is marked read-execute and as such emulator_write_emulated() fails and we inject a write #PF, leading to a guest crash. Signed-off-by: Mihai Don?u <mdontu at bitdefender.com> Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- arch/x86/kvm/x86.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index d0104adf7906..fee24bb5fa52 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -7467,11 +7467,15 @@ static int emulator_fix_hypercall(struct x86_emulate_ctxt *ctxt) struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); char instruction[3]; unsigned long rip = kvm_rip_read(vcpu); + int err; kvm_x86_ops->patch_hypercall(vcpu, instruction); - return emulator_write_emulated(ctxt, rip, instruction, 3, + err = emulator_write_emulated(ctxt, rip, instruction, 3, &ctxt->exception); + if (err == X86EMUL_PROPAGATE_FAULT) + err = X86EMUL_CONTINUE; + return err; } static int dm_request_for_irq_injection(struct kvm_vcpu *vcpu)
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 10/78] KVM: x86: add .bp_intercepted() to struct kvm_x86_ops
From: Nicu?or C??u <ncitu at bitdefender.com>
The introspection tool and the userspace could request #BP
interception. This function will be used to check if the interception
is already enabled.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/svm.c | 15 +++++++++++++++
arch/x86/kvm/vmx/vmx.c | 6 ++++++
3 files changed, 22 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index b79cd6aa4075..d279195dac97 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1048,6 +1048,7 @@ struct kvm_x86_ops {
void (*vcpu_load)(struct kvm_vcpu *vcpu, int cpu);
void (*vcpu_put)(struct kvm_vcpu *vcpu);
+ bool (*bp_intercepted)(struct kvm_vcpu *vcpu);
void (*update_bp_intercept)(struct kvm_vcpu *vcpu);
int (*get_msr)(struct kvm_vcpu *vcpu, struct msr_data *msr);
int (*set_msr)(struct kvm_vcpu *vcpu, struct msr_data *msr);
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 122d4ce3b1ab..df34ab0da4ff 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -607,6 +607,13 @@ static inline void clr_exception_intercept(struct vcpu_svm
*svm, int bit)
recalc_intercepts(svm);
}
+static inline bool get_exception_intercept(struct vcpu_svm *svm, int bit)
+{
+ struct vmcb *vmcb = get_host_vmcb(svm);
+
+ return (vmcb->control.intercept_exceptions & (1U << bit));
+}
+
static inline void set_intercept(struct vcpu_svm *svm, int bit)
{
struct vmcb *vmcb = get_host_vmcb(svm);
@@ -7242,6 +7249,13 @@ static bool svm_apic_init_signal_blocked(struct kvm_vcpu
*vcpu)
(svm->vmcb->control.intercept & (1ULL << INTERCEPT_INIT));
}
+static inline bool svm_bp_intercepted(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_svm *svm = to_svm(vcpu);
+
+ return get_exception_intercept(svm, BP_VECTOR);
+}
+
static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.cpu_has_kvm_support = has_svm,
.disabled_by_bios = is_disabled,
@@ -7268,6 +7282,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.vcpu_blocking = svm_vcpu_blocking,
.vcpu_unblocking = svm_vcpu_unblocking,
+ .bp_intercepted = svm_bp_intercepted,
.update_bp_intercept = update_bp_intercept,
.get_msr_feature = svm_get_msr_feature,
.get_msr = svm_get_msr,
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index e3394c839dea..0d7ca70b310e 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7758,6 +7758,11 @@ static __exit void hardware_unsetup(void)
free_kvm_area();
}
+static bool vmx_bp_intercepted(struct kvm_vcpu *vcpu)
+{
+ return (vmcs_read32(EXCEPTION_BITMAP) & (1u << BP_VECTOR));
+}
+
static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.cpu_has_kvm_support = cpu_has_kvm_support,
.disabled_by_bios = vmx_disabled_by_bios,
@@ -7781,6 +7786,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.vcpu_load = vmx_vcpu_load,
.vcpu_put = vmx_vcpu_put,
+ .bp_intercepted = vmx_bp_intercepted,
.update_bp_intercept = update_exception_bitmap,
.get_msr_feature = vmx_get_msr_feature,
.get_msr = vmx_get_msr,
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 11/78] KVM: x86: add .control_cr3_intercept() to struct kvm_x86_ops
This function is needed for the KVMI_VCPU_CONTROL_CR command.
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 6 ++++++
arch/x86/kvm/svm.c | 14 ++++++++++++++
arch/x86/kvm/vmx/vmx.c | 26 ++++++++++++++++++++------
3 files changed, 40 insertions(+), 6 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index d279195dac97..9032c996ebdb 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -134,6 +134,10 @@ static inline gfn_t gfn_to_index(gfn_t gfn, gfn_t base_gfn,
int level)
#define KVM_NR_FIXED_MTRR_REGION 88
#define KVM_NR_VAR_MTRR 8
+#define CR_TYPE_R 1
+#define CR_TYPE_W 2
+#define CR_TYPE_RW 3
+
#define ASYNC_PF_PER_VCPU 64
enum kvm_reg {
@@ -1064,6 +1068,8 @@ struct kvm_x86_ops {
void (*set_cr0)(struct kvm_vcpu *vcpu, unsigned long cr0);
void (*set_cr3)(struct kvm_vcpu *vcpu, unsigned long cr3);
int (*set_cr4)(struct kvm_vcpu *vcpu, unsigned long cr4);
+ void (*control_cr3_intercept)(struct kvm_vcpu *vcpu, int type,
+ bool enable);
void (*set_efer)(struct kvm_vcpu *vcpu, u64 efer);
void (*get_idt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt);
void (*set_idt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt);
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index df34ab0da4ff..b6081afec926 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -7256,6 +7256,19 @@ static inline bool svm_bp_intercepted(struct kvm_vcpu
*vcpu)
return get_exception_intercept(svm, BP_VECTOR);
}
+static void svm_control_cr3_intercept(struct kvm_vcpu *vcpu, int type,
+ bool enable)
+{
+ struct vcpu_svm *svm = to_svm(vcpu);
+
+ if (type & CR_TYPE_R)
+ enable ? set_cr_intercept(svm, INTERCEPT_CR3_READ) :
+ clr_cr_intercept(svm, INTERCEPT_CR3_READ);
+ if (type & CR_TYPE_W)
+ enable ? set_cr_intercept(svm, INTERCEPT_CR3_WRITE) :
+ clr_cr_intercept(svm, INTERCEPT_CR3_WRITE);
+}
+
static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.cpu_has_kvm_support = has_svm,
.disabled_by_bios = is_disabled,
@@ -7297,6 +7310,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.set_cr0 = svm_set_cr0,
.set_cr3 = svm_set_cr3,
.set_cr4 = svm_set_cr4,
+ .control_cr3_intercept = svm_control_cr3_intercept,
.set_efer = svm_set_efer,
.get_idt = svm_get_idt,
.set_idt = svm_set_idt,
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 0d7ca70b310e..4b6edb68e9e0 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -2900,24 +2900,37 @@ void ept_save_pdptrs(struct kvm_vcpu *vcpu)
kvm_register_mark_dirty(vcpu, VCPU_EXREG_PDPTR);
}
+static void vmx_control_cr3_intercept(struct kvm_vcpu *vcpu, int type,
+ bool enable)
+{
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+ u32 cr3_exec_control = 0;
+
+ if (type & CR_TYPE_R)
+ cr3_exec_control |= CPU_BASED_CR3_STORE_EXITING;
+ if (type & CR_TYPE_W)
+ cr3_exec_control |= CPU_BASED_CR3_LOAD_EXITING;
+
+ if (enable)
+ exec_controls_setbit(vmx, cr3_exec_control);
+ else
+ exec_controls_clearbit(vmx, cr3_exec_control);
+}
+
static void ept_update_paging_mode_cr0(unsigned long *hw_cr0,
unsigned long cr0,
struct kvm_vcpu *vcpu)
{
- struct vcpu_vmx *vmx = to_vmx(vcpu);
-
if (!kvm_register_is_available(vcpu, VCPU_EXREG_CR3))
vmx_cache_reg(vcpu, VCPU_EXREG_CR3);
if (!(cr0 & X86_CR0_PG)) {
/* From paging/starting to nonpaging */
- exec_controls_setbit(vmx, CPU_BASED_CR3_LOAD_EXITING |
- CPU_BASED_CR3_STORE_EXITING);
+ vmx_control_cr3_intercept(vcpu, CR_TYPE_RW, true);
vcpu->arch.cr0 = cr0;
vmx_set_cr4(vcpu, kvm_read_cr4(vcpu));
} else if (!is_paging(vcpu)) {
/* From nonpaging to paging */
- exec_controls_clearbit(vmx, CPU_BASED_CR3_LOAD_EXITING |
- CPU_BASED_CR3_STORE_EXITING);
+ vmx_control_cr3_intercept(vcpu, CR_TYPE_RW, false);
vcpu->arch.cr0 = cr0;
vmx_set_cr4(vcpu, kvm_read_cr4(vcpu));
}
@@ -7801,6 +7814,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.set_cr0 = vmx_set_cr0,
.set_cr3 = vmx_set_cr3,
.set_cr4 = vmx_set_cr4,
+ .control_cr3_intercept = vmx_control_cr3_intercept,
.set_efer = vmx_set_efer,
.get_idt = vmx_get_idt,
.set_idt = vmx_set_idt,
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 12/78] KVM: x86: add .cr3_write_intercepted()
From: Nicu?or C??u <ncitu at bitdefender.com>
This function will be used to allow the introspection tool to disable the
CR3-write interception when it is no longer interested in these events,
but only if nothing depends on these VM-exits.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/svm.c | 8 ++++++++
arch/x86/kvm/vmx/vmx.c | 8 ++++++++
3 files changed, 17 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 9032c996ebdb..d2fe08f44084 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1070,6 +1070,7 @@ struct kvm_x86_ops {
int (*set_cr4)(struct kvm_vcpu *vcpu, unsigned long cr4);
void (*control_cr3_intercept)(struct kvm_vcpu *vcpu, int type,
bool enable);
+ bool (*cr3_write_intercepted)(struct kvm_vcpu *vcpu);
void (*set_efer)(struct kvm_vcpu *vcpu, u64 efer);
void (*get_idt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt);
void (*set_idt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt);
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index b6081afec926..554ad7c57a0f 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -7256,6 +7256,13 @@ static inline bool svm_bp_intercepted(struct kvm_vcpu
*vcpu)
return get_exception_intercept(svm, BP_VECTOR);
}
+static inline bool svm_cr3_write_intercepted(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_svm *svm = to_svm(vcpu);
+
+ return is_cr_intercept(svm, INTERCEPT_CR3_WRITE);
+}
+
static void svm_control_cr3_intercept(struct kvm_vcpu *vcpu, int type,
bool enable)
{
@@ -7311,6 +7318,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.set_cr3 = svm_set_cr3,
.set_cr4 = svm_set_cr4,
.control_cr3_intercept = svm_control_cr3_intercept,
+ .cr3_write_intercepted = svm_cr3_write_intercepted,
.set_efer = svm_set_efer,
.get_idt = svm_get_idt,
.set_idt = svm_set_idt,
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 4b6edb68e9e0..7cfd25800d89 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7776,6 +7776,13 @@ static bool vmx_bp_intercepted(struct kvm_vcpu *vcpu)
return (vmcs_read32(EXCEPTION_BITMAP) & (1u << BP_VECTOR));
}
+static bool vmx_cr3_write_intercepted(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+
+ return !!(exec_controls_get(vmx) & CPU_BASED_CR3_LOAD_EXITING);
+}
+
static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.cpu_has_kvm_support = cpu_has_kvm_support,
.disabled_by_bios = vmx_disabled_by_bios,
@@ -7815,6 +7822,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.set_cr3 = vmx_set_cr3,
.set_cr4 = vmx_set_cr4,
.control_cr3_intercept = vmx_control_cr3_intercept,
+ .cr3_write_intercepted = vmx_cr3_write_intercepted,
.set_efer = vmx_set_efer,
.get_idt = vmx_get_idt,
.set_idt = vmx_set_idt,
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 13/78] KVM: x86: add .control_desc_intercept()
This function is needed for the KVMI_EVENT_DESCRIPTOR event.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/svm.c | 26 ++++++++++++++++++++++++++
arch/x86/kvm/vmx/vmx.c | 11 +++++++++++
3 files changed, 38 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index d2fe08f44084..3b86e745da05 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1076,6 +1076,7 @@ struct kvm_x86_ops {
void (*set_idt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt);
void (*get_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt);
void (*set_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt);
+ void (*control_desc_intercept)(struct kvm_vcpu *vcpu, bool enable);
u64 (*get_dr6)(struct kvm_vcpu *vcpu);
void (*set_dr6)(struct kvm_vcpu *vcpu, unsigned long value);
void (*sync_dirty_debug_regs)(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 554ad7c57a0f..060d49b69b2e 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -7276,6 +7276,31 @@ static void svm_control_cr3_intercept(struct kvm_vcpu
*vcpu, int type,
clr_cr_intercept(svm, INTERCEPT_CR3_WRITE);
}
+static void svm_control_desc_intercept(struct kvm_vcpu *vcpu, bool enable)
+{
+ struct vcpu_svm *svm = to_svm(vcpu);
+
+ if (enable) {
+ set_intercept(svm, INTERCEPT_STORE_IDTR);
+ set_intercept(svm, INTERCEPT_STORE_GDTR);
+ set_intercept(svm, INTERCEPT_STORE_LDTR);
+ set_intercept(svm, INTERCEPT_STORE_TR);
+ set_intercept(svm, INTERCEPT_LOAD_IDTR);
+ set_intercept(svm, INTERCEPT_LOAD_GDTR);
+ set_intercept(svm, INTERCEPT_LOAD_LDTR);
+ set_intercept(svm, INTERCEPT_LOAD_TR);
+ } else {
+ clr_intercept(svm, INTERCEPT_STORE_IDTR);
+ clr_intercept(svm, INTERCEPT_STORE_GDTR);
+ clr_intercept(svm, INTERCEPT_STORE_LDTR);
+ clr_intercept(svm, INTERCEPT_STORE_TR);
+ clr_intercept(svm, INTERCEPT_LOAD_IDTR);
+ clr_intercept(svm, INTERCEPT_LOAD_GDTR);
+ clr_intercept(svm, INTERCEPT_LOAD_LDTR);
+ clr_intercept(svm, INTERCEPT_LOAD_TR);
+ }
+}
+
static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.cpu_has_kvm_support = has_svm,
.disabled_by_bios = is_disabled,
@@ -7324,6 +7349,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.set_idt = svm_set_idt,
.get_gdt = svm_get_gdt,
.set_gdt = svm_set_gdt,
+ .control_desc_intercept = svm_control_desc_intercept,
.get_dr6 = svm_get_dr6,
.set_dr6 = svm_set_dr6,
.set_dr7 = svm_set_dr7,
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 7cfd25800d89..646ce2650728 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -2998,6 +2998,16 @@ u64 construct_eptp(struct kvm_vcpu *vcpu, unsigned long
root_hpa)
return eptp;
}
+static void vmx_control_desc_intercept(struct kvm_vcpu *vcpu, bool enable)
+{
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+
+ if (enable)
+ secondary_exec_controls_setbit(vmx, SECONDARY_EXEC_DESC);
+ else
+ secondary_exec_controls_clearbit(vmx, SECONDARY_EXEC_DESC);
+}
+
void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
{
struct kvm *kvm = vcpu->kvm;
@@ -7828,6 +7838,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.set_idt = vmx_set_idt,
.get_gdt = vmx_get_gdt,
.set_gdt = vmx_set_gdt,
+ .control_desc_intercept = vmx_control_desc_intercept,
.get_dr6 = vmx_get_dr6,
.set_dr6 = vmx_set_dr6,
.set_dr7 = vmx_set_dr7,
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 14/78] KVM: x86: add .desc_intercepted()
From: Nicu?or C??u <ncitu at bitdefender.com>
This function will be used to test if the descriptor access events
are already tracked by another user.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/svm.c | 22 ++++++++++++++++++++++
arch/x86/kvm/vmx/vmx.c | 8 ++++++++
3 files changed, 31 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 3b86e745da05..4d43f5479c0c 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1077,6 +1077,7 @@ struct kvm_x86_ops {
void (*get_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt);
void (*set_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt);
void (*control_desc_intercept)(struct kvm_vcpu *vcpu, bool enable);
+ bool (*desc_intercepted)(struct kvm_vcpu *vcpu);
u64 (*get_dr6)(struct kvm_vcpu *vcpu);
void (*set_dr6)(struct kvm_vcpu *vcpu, unsigned long value);
void (*sync_dirty_debug_regs)(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 060d49b69b2e..bf1f2bca5357 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -632,6 +632,13 @@ static inline void clr_intercept(struct vcpu_svm *svm, int
bit)
recalc_intercepts(svm);
}
+static inline bool get_intercept(struct vcpu_svm *svm, int bit)
+{
+ struct vmcb *vmcb = get_host_vmcb(svm);
+
+ return (vmcb->control.intercept & (1ULL << bit));
+}
+
static inline bool vgif_enabled(struct vcpu_svm *svm)
{
return !!(svm->vmcb->control.int_ctl & V_GIF_ENABLE_MASK);
@@ -7301,6 +7308,20 @@ static void svm_control_desc_intercept(struct kvm_vcpu
*vcpu, bool enable)
}
}
+static inline bool svm_desc_intercepted(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_svm *svm = to_svm(vcpu);
+
+ return (get_intercept(svm, INTERCEPT_STORE_IDTR) ||
+ get_intercept(svm, INTERCEPT_STORE_GDTR) ||
+ get_intercept(svm, INTERCEPT_STORE_LDTR) ||
+ get_intercept(svm, INTERCEPT_STORE_TR) ||
+ get_intercept(svm, INTERCEPT_LOAD_IDTR) ||
+ get_intercept(svm, INTERCEPT_LOAD_GDTR) ||
+ get_intercept(svm, INTERCEPT_LOAD_LDTR) ||
+ get_intercept(svm, INTERCEPT_LOAD_TR));
+}
+
static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.cpu_has_kvm_support = has_svm,
.disabled_by_bios = is_disabled,
@@ -7350,6 +7371,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.get_gdt = svm_get_gdt,
.set_gdt = svm_set_gdt,
.control_desc_intercept = svm_control_desc_intercept,
+ .desc_intercepted = svm_desc_intercepted,
.get_dr6 = svm_get_dr6,
.set_dr6 = svm_set_dr6,
.set_dr7 = svm_set_dr7,
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 646ce2650728..8709a26736d9 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7793,6 +7793,13 @@ static bool vmx_cr3_write_intercepted(struct kvm_vcpu
*vcpu)
return !!(exec_controls_get(vmx) & CPU_BASED_CR3_LOAD_EXITING);
}
+static bool vmx_desc_intercepted(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+
+ return !!(secondary_exec_controls_get(vmx) & SECONDARY_EXEC_DESC);
+}
+
static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.cpu_has_kvm_support = cpu_has_kvm_support,
.disabled_by_bios = vmx_disabled_by_bios,
@@ -7839,6 +7846,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.get_gdt = vmx_get_gdt,
.set_gdt = vmx_set_gdt,
.control_desc_intercept = vmx_control_desc_intercept,
+ .desc_intercepted = vmx_desc_intercepted,
.get_dr6 = vmx_get_dr6,
.set_dr6 = vmx_set_dr6,
.set_dr7 = vmx_set_dr7,
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 15/78] KVM: x86: export .msr_write_intercepted()
From: Nicu?or C??u <ncitu at bitdefender.com>
This function will be used to test if a MSR access is already tracked.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/svm.c | 1 +
arch/x86/kvm/vmx/vmx.c | 1 +
3 files changed, 3 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 4d43f5479c0c..8cdb6cece618 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1056,6 +1056,7 @@ struct kvm_x86_ops {
void (*update_bp_intercept)(struct kvm_vcpu *vcpu);
int (*get_msr)(struct kvm_vcpu *vcpu, struct msr_data *msr);
int (*set_msr)(struct kvm_vcpu *vcpu, struct msr_data *msr);
+ bool (*msr_write_intercepted)(struct kvm_vcpu *vcpu, u32 msr);
u64 (*get_segment_base)(struct kvm_vcpu *vcpu, int seg);
void (*get_segment)(struct kvm_vcpu *vcpu,
struct kvm_segment *var, int seg);
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index bf1f2bca5357..e3369562d6fe 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -7353,6 +7353,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.get_msr_feature = svm_get_msr_feature,
.get_msr = svm_get_msr,
.set_msr = svm_set_msr,
+ .msr_write_intercepted = msr_write_intercepted,
.get_segment_base = svm_get_segment_base,
.get_segment = svm_get_segment,
.set_segment = svm_set_segment,
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 8709a26736d9..36dfb95ea578 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7828,6 +7828,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.get_msr_feature = vmx_get_msr_feature,
.get_msr = vmx_get_msr,
.set_msr = vmx_set_msr,
+ .msr_write_intercepted = msr_write_intercepted,
.get_segment_base = vmx_get_segment_base,
.get_segment = vmx_get_segment,
.set_segment = vmx_set_segment,
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 16/78] KVM: x86: use MSR_TYPE_R, MSR_TYPE_W and MSR_TYPE_RW with AMD code too
From: Nicu?or C??u <ncitu at bitdefender.com>
These changes prepare the patch that adds .control_msr_intercept().
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 4 ++++
arch/x86/kvm/svm.c | 42 ++++++++++++++++++++++-----------
arch/x86/kvm/vmx/vmx.h | 4 ----
3 files changed, 32 insertions(+), 18 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 8cdb6cece618..2136f273645a 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -138,6 +138,10 @@ static inline gfn_t gfn_to_index(gfn_t gfn, gfn_t base_gfn,
int level)
#define CR_TYPE_W 2
#define CR_TYPE_RW 3
+#define MSR_TYPE_R 1
+#define MSR_TYPE_W 2
+#define MSR_TYPE_RW 3
+
#define ASYNC_PF_PER_VCPU 64
enum kvm_reg {
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index e3369562d6fe..0021d8c2feca 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1078,7 +1078,7 @@ static bool msr_write_intercepted(struct kvm_vcpu *vcpu,
unsigned msr)
}
static void set_msr_interception(u32 *msrpm, unsigned msr,
- int read, int write)
+ int type, bool value)
{
u8 bit_read, bit_write;
unsigned long tmp;
@@ -1097,8 +1097,11 @@ static void set_msr_interception(u32 *msrpm, unsigned
msr,
BUG_ON(offset == MSR_INVALID);
- read ? clear_bit(bit_read, &tmp) : set_bit(bit_read, &tmp);
- write ? clear_bit(bit_write, &tmp) : set_bit(bit_write, &tmp);
+ if (type & MSR_TYPE_R)
+ value ? clear_bit(bit_read, &tmp) : set_bit(bit_read, &tmp);
+ if (type & MSR_TYPE_W)
+ value ? clear_bit(bit_write, &tmp) : set_bit(bit_write, &tmp);
+
msrpm[offset] = tmp;
}
@@ -1113,7 +1116,8 @@ static void svm_vcpu_init_msrpm(u32 *msrpm)
if (!direct_access_msrs[i].always)
continue;
- set_msr_interception(msrpm, direct_access_msrs[i].index, 1, 1);
+ set_msr_interception(msrpm, direct_access_msrs[i].index,
+ MSR_TYPE_RW, 1);
}
}
@@ -1165,10 +1169,14 @@ static void svm_enable_lbrv(struct vcpu_svm *svm)
u32 *msrpm = svm->msrpm;
svm->vmcb->control.virt_ext |= LBR_CTL_ENABLE_MASK;
- set_msr_interception(msrpm, MSR_IA32_LASTBRANCHFROMIP, 1, 1);
- set_msr_interception(msrpm, MSR_IA32_LASTBRANCHTOIP, 1, 1);
- set_msr_interception(msrpm, MSR_IA32_LASTINTFROMIP, 1, 1);
- set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP, 1, 1);
+ set_msr_interception(msrpm, MSR_IA32_LASTBRANCHFROMIP,
+ MSR_TYPE_RW, 1);
+ set_msr_interception(msrpm, MSR_IA32_LASTBRANCHTOIP,
+ MSR_TYPE_RW, 1);
+ set_msr_interception(msrpm, MSR_IA32_LASTINTFROMIP,
+ MSR_TYPE_RW, 1);
+ set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP,
+ MSR_TYPE_RW, 1);
}
static void svm_disable_lbrv(struct vcpu_svm *svm)
@@ -1176,10 +1184,14 @@ static void svm_disable_lbrv(struct vcpu_svm *svm)
u32 *msrpm = svm->msrpm;
svm->vmcb->control.virt_ext &= ~LBR_CTL_ENABLE_MASK;
- set_msr_interception(msrpm, MSR_IA32_LASTBRANCHFROMIP, 0, 0);
- set_msr_interception(msrpm, MSR_IA32_LASTBRANCHTOIP, 0, 0);
- set_msr_interception(msrpm, MSR_IA32_LASTINTFROMIP, 0, 0);
- set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP, 0, 0);
+ set_msr_interception(msrpm, MSR_IA32_LASTBRANCHFROMIP,
+ MSR_TYPE_RW, 0);
+ set_msr_interception(msrpm, MSR_IA32_LASTBRANCHTOIP,
+ MSR_TYPE_RW, 0);
+ set_msr_interception(msrpm, MSR_IA32_LASTINTFROMIP,
+ MSR_TYPE_RW, 0);
+ set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP,
+ MSR_TYPE_RW, 0);
}
static void disable_nmi_singlestep(struct vcpu_svm *svm)
@@ -4315,7 +4327,8 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct
msr_data *msr)
* We update the L1 MSR bit as well since it will end up
* touching the MSR anyway now.
*/
- set_msr_interception(svm->msrpm, MSR_IA32_SPEC_CTRL, 1, 1);
+ set_msr_interception(svm->msrpm, MSR_IA32_SPEC_CTRL,
+ MSR_TYPE_RW, 1);
break;
case MSR_IA32_PRED_CMD:
if (!msr->host_initiated &&
@@ -4331,7 +4344,8 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct
msr_data *msr)
wrmsrl(MSR_IA32_PRED_CMD, PRED_CMD_IBPB);
if (is_guest_mode(vcpu))
break;
- set_msr_interception(svm->msrpm, MSR_IA32_PRED_CMD, 0, 1);
+ set_msr_interception(svm->msrpm, MSR_IA32_PRED_CMD,
+ MSR_TYPE_W, 1);
break;
case MSR_AMD64_VIRT_SPEC_CTRL:
if (!msr->host_initiated &&
diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
index a4f7f737c5d4..919fffcdf602 100644
--- a/arch/x86/kvm/vmx/vmx.h
+++ b/arch/x86/kvm/vmx/vmx.h
@@ -16,10 +16,6 @@ extern u64 host_efer;
extern u32 get_umwait_control_msr(void);
-#define MSR_TYPE_R 1
-#define MSR_TYPE_W 2
-#define MSR_TYPE_RW 3
-
#define X2APIC_MSR(r) (APIC_BASE_MSR + ((r) >> 4))
#ifdef CONFIG_X86_64
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 17/78] KVM: svm: pass struct kvm_vcpu to set_msr_interception()
From: Nicu?or C??u <ncitu at bitdefender.com>
This is needed in order to handle clients controlling the MSR related
VM-exits.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/kvm/svm.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 0021d8c2feca..174ced633b60 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1077,7 +1077,8 @@ static bool msr_write_intercepted(struct kvm_vcpu *vcpu,
unsigned msr)
return !!test_bit(bit_write, &tmp);
}
-static void set_msr_interception(u32 *msrpm, unsigned msr,
+static void set_msr_interception(struct kvm_vcpu *vcpu,
+ u32 *msrpm, unsigned msr,
int type, bool value)
{
u8 bit_read, bit_write;
@@ -1116,7 +1117,7 @@ static void svm_vcpu_init_msrpm(u32 *msrpm)
if (!direct_access_msrs[i].always)
continue;
- set_msr_interception(msrpm, direct_access_msrs[i].index,
+ set_msr_interception(NULL, msrpm, direct_access_msrs[i].index,
MSR_TYPE_RW, 1);
}
}
@@ -1169,13 +1170,13 @@ static void svm_enable_lbrv(struct vcpu_svm *svm)
u32 *msrpm = svm->msrpm;
svm->vmcb->control.virt_ext |= LBR_CTL_ENABLE_MASK;
- set_msr_interception(msrpm, MSR_IA32_LASTBRANCHFROMIP,
+ set_msr_interception(&svm->vcpu, msrpm, MSR_IA32_LASTBRANCHFROMIP,
MSR_TYPE_RW, 1);
- set_msr_interception(msrpm, MSR_IA32_LASTBRANCHTOIP,
+ set_msr_interception(&svm->vcpu, msrpm, MSR_IA32_LASTBRANCHTOIP,
MSR_TYPE_RW, 1);
- set_msr_interception(msrpm, MSR_IA32_LASTINTFROMIP,
+ set_msr_interception(&svm->vcpu, msrpm, MSR_IA32_LASTINTFROMIP,
MSR_TYPE_RW, 1);
- set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP,
+ set_msr_interception(&svm->vcpu, msrpm, MSR_IA32_LASTINTTOIP,
MSR_TYPE_RW, 1);
}
@@ -1184,13 +1185,13 @@ static void svm_disable_lbrv(struct vcpu_svm *svm)
u32 *msrpm = svm->msrpm;
svm->vmcb->control.virt_ext &= ~LBR_CTL_ENABLE_MASK;
- set_msr_interception(msrpm, MSR_IA32_LASTBRANCHFROMIP,
+ set_msr_interception(&svm->vcpu, msrpm, MSR_IA32_LASTBRANCHFROMIP,
MSR_TYPE_RW, 0);
- set_msr_interception(msrpm, MSR_IA32_LASTBRANCHTOIP,
+ set_msr_interception(&svm->vcpu, msrpm, MSR_IA32_LASTBRANCHTOIP,
MSR_TYPE_RW, 0);
- set_msr_interception(msrpm, MSR_IA32_LASTINTFROMIP,
+ set_msr_interception(&svm->vcpu, msrpm, MSR_IA32_LASTINTFROMIP,
MSR_TYPE_RW, 0);
- set_msr_interception(msrpm, MSR_IA32_LASTINTTOIP,
+ set_msr_interception(&svm->vcpu, msrpm, MSR_IA32_LASTINTTOIP,
MSR_TYPE_RW, 0);
}
@@ -4327,7 +4328,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct
msr_data *msr)
* We update the L1 MSR bit as well since it will end up
* touching the MSR anyway now.
*/
- set_msr_interception(svm->msrpm, MSR_IA32_SPEC_CTRL,
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_SPEC_CTRL,
MSR_TYPE_RW, 1);
break;
case MSR_IA32_PRED_CMD:
@@ -4344,7 +4345,9 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct
msr_data *msr)
wrmsrl(MSR_IA32_PRED_CMD, PRED_CMD_IBPB);
if (is_guest_mode(vcpu))
break;
- set_msr_interception(svm->msrpm, MSR_IA32_PRED_CMD,
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PRED_CMD,
+ MSR_TYPE_R, 0);
+ set_msr_interception(vcpu, svm->msrpm, MSR_IA32_PRED_CMD,
MSR_TYPE_W, 1);
break;
case MSR_AMD64_VIRT_SPEC_CTRL:
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 18/78] KVM: vmx: pass struct kvm_vcpu to the intercept msr related functions
From: Nicu?or C??u <ncitu at bitdefender.com>
This is needed in order to handle clients controlling the MSR related
VM-exits.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/kvm/vmx/vmx.c | 70 +++++++++++++++++++++++-------------------
1 file changed, 38 insertions(+), 32 deletions(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 36dfb95ea578..e6878097d736 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -341,7 +341,8 @@ module_param_cb(vmentry_l1d_flush,
&vmentry_l1d_flush_ops, NULL, 0644);
static bool guest_state_valid(struct kvm_vcpu *vcpu);
static u32 vmx_segment_access_rights(struct kvm_segment *var);
-static __always_inline void vmx_disable_intercept_for_msr(unsigned long
*msr_bitmap,
+static __always_inline void vmx_disable_intercept_for_msr(struct kvm_vcpu
*vcpu,
+ unsigned long *msr_bitmap,
u32 msr, int type);
void vmx_vmexit(void);
@@ -2015,7 +2016,7 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct
msr_data *msr_info)
* in the merging. We update the vmcs01 here for L1 as well
* since it will end up touching the MSR anyway now.
*/
- vmx_disable_intercept_for_msr(vmx->vmcs01.msr_bitmap,
+ vmx_disable_intercept_for_msr(vcpu, vmx->vmcs01.msr_bitmap,
MSR_IA32_SPEC_CTRL,
MSR_TYPE_RW);
break;
@@ -2050,8 +2051,8 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct
msr_data *msr_info)
* vmcs02.msr_bitmap here since it gets completely overwritten
* in the merging.
*/
- vmx_disable_intercept_for_msr(vmx->vmcs01.msr_bitmap, MSR_IA32_PRED_CMD,
- MSR_TYPE_W);
+ vmx_disable_intercept_for_msr(vcpu, vmx->vmcs01.msr_bitmap,
+ MSR_IA32_PRED_CMD, MSR_TYPE_W);
break;
case MSR_IA32_CR_PAT:
if (!kvm_pat_valid(data))
@@ -3612,7 +3613,8 @@ void free_vpid(int vpid)
spin_unlock(&vmx_vpid_lock);
}
-static __always_inline void vmx_disable_intercept_for_msr(unsigned long
*msr_bitmap,
+static __always_inline void vmx_disable_intercept_for_msr(struct kvm_vcpu
*vcpu,
+ unsigned long *msr_bitmap,
u32 msr, int type)
{
int f = sizeof(unsigned long);
@@ -3650,7 +3652,8 @@ static __always_inline void
vmx_disable_intercept_for_msr(unsigned long *msr_bit
}
}
-static __always_inline void vmx_enable_intercept_for_msr(unsigned long
*msr_bitmap,
+static __always_inline void vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu,
+ unsigned long *msr_bitmap,
u32 msr, int type)
{
int f = sizeof(unsigned long);
@@ -3688,13 +3691,14 @@ static __always_inline void
vmx_enable_intercept_for_msr(unsigned long *msr_bitm
}
}
-static __always_inline void vmx_set_intercept_for_msr(unsigned long
*msr_bitmap,
+static __always_inline void vmx_set_intercept_for_msr(struct kvm_vcpu *vcpu,
+ unsigned long *msr_bitmap,
u32 msr, int type, bool value)
{
if (value)
- vmx_enable_intercept_for_msr(msr_bitmap, msr, type);
+ vmx_enable_intercept_for_msr(vcpu, msr_bitmap, msr, type);
else
- vmx_disable_intercept_for_msr(msr_bitmap, msr, type);
+ vmx_disable_intercept_for_msr(vcpu, msr_bitmap, msr, type);
}
static u8 vmx_msr_bitmap_mode(struct kvm_vcpu *vcpu)
@@ -3712,7 +3716,8 @@ static u8 vmx_msr_bitmap_mode(struct kvm_vcpu *vcpu)
return mode;
}
-static void vmx_update_msr_bitmap_x2apic(unsigned long *msr_bitmap,
+static void vmx_update_msr_bitmap_x2apic(struct kvm_vcpu *vcpu,
+ unsigned long *msr_bitmap,
u8 mode)
{
int msr;
@@ -3728,11 +3733,11 @@ static void vmx_update_msr_bitmap_x2apic(unsigned long
*msr_bitmap,
* TPR reads and writes can be virtualized even if virtual interrupt
* delivery is not in use.
*/
- vmx_disable_intercept_for_msr(msr_bitmap, X2APIC_MSR(APIC_TASKPRI),
MSR_TYPE_RW);
+ vmx_disable_intercept_for_msr(vcpu, msr_bitmap, X2APIC_MSR(APIC_TASKPRI),
MSR_TYPE_RW);
if (mode & MSR_BITMAP_MODE_X2APIC_APICV) {
- vmx_enable_intercept_for_msr(msr_bitmap, X2APIC_MSR(APIC_TMCCT),
MSR_TYPE_R);
- vmx_disable_intercept_for_msr(msr_bitmap, X2APIC_MSR(APIC_EOI), MSR_TYPE_W);
- vmx_disable_intercept_for_msr(msr_bitmap, X2APIC_MSR(APIC_SELF_IPI),
MSR_TYPE_W);
+ vmx_enable_intercept_for_msr(vcpu, msr_bitmap, X2APIC_MSR(APIC_TMCCT),
MSR_TYPE_R);
+ vmx_disable_intercept_for_msr(vcpu, msr_bitmap, X2APIC_MSR(APIC_EOI),
MSR_TYPE_W);
+ vmx_disable_intercept_for_msr(vcpu, msr_bitmap, X2APIC_MSR(APIC_SELF_IPI),
MSR_TYPE_W);
}
}
}
@@ -3748,7 +3753,7 @@ void vmx_update_msr_bitmap(struct kvm_vcpu *vcpu)
return;
if (changed & (MSR_BITMAP_MODE_X2APIC | MSR_BITMAP_MODE_X2APIC_APICV))
- vmx_update_msr_bitmap_x2apic(msr_bitmap, mode);
+ vmx_update_msr_bitmap_x2apic(vcpu, msr_bitmap, mode);
vmx->msr_bitmap_mode = mode;
}
@@ -3757,20 +3762,21 @@ void pt_update_intercept_for_msr(struct vcpu_vmx *vmx)
{
unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap;
bool flag = !(vmx->pt_desc.guest.ctl & RTIT_CTL_TRACEEN);
+ struct kvm_vcpu *vcpu = &vmx->vcpu;
u32 i;
- vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_RTIT_STATUS,
+ vmx_set_intercept_for_msr(vcpu, msr_bitmap, MSR_IA32_RTIT_STATUS,
MSR_TYPE_RW, flag);
- vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_RTIT_OUTPUT_BASE,
+ vmx_set_intercept_for_msr(vcpu, msr_bitmap, MSR_IA32_RTIT_OUTPUT_BASE,
MSR_TYPE_RW, flag);
- vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_RTIT_OUTPUT_MASK,
+ vmx_set_intercept_for_msr(vcpu, msr_bitmap, MSR_IA32_RTIT_OUTPUT_MASK,
MSR_TYPE_RW, flag);
- vmx_set_intercept_for_msr(msr_bitmap, MSR_IA32_RTIT_CR3_MATCH,
+ vmx_set_intercept_for_msr(vcpu, msr_bitmap, MSR_IA32_RTIT_CR3_MATCH,
MSR_TYPE_RW, flag);
for (i = 0; i < vmx->pt_desc.addr_range; i++) {
- vmx_set_intercept_for_msr(msr_bitmap,
+ vmx_set_intercept_for_msr(vcpu, msr_bitmap,
MSR_IA32_RTIT_ADDR0_A + i * 2, MSR_TYPE_RW, flag);
- vmx_set_intercept_for_msr(msr_bitmap,
+ vmx_set_intercept_for_msr(vcpu, msr_bitmap,
MSR_IA32_RTIT_ADDR0_B + i * 2, MSR_TYPE_RW, flag);
}
}
@@ -6780,18 +6786,18 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm,
unsigned int id)
goto free_pml;
msr_bitmap = vmx->vmcs01.msr_bitmap;
- vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_TSC, MSR_TYPE_R);
- vmx_disable_intercept_for_msr(msr_bitmap, MSR_FS_BASE, MSR_TYPE_RW);
- vmx_disable_intercept_for_msr(msr_bitmap, MSR_GS_BASE, MSR_TYPE_RW);
- vmx_disable_intercept_for_msr(msr_bitmap, MSR_KERNEL_GS_BASE, MSR_TYPE_RW);
- vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_SYSENTER_CS, MSR_TYPE_RW);
- vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_SYSENTER_ESP, MSR_TYPE_RW);
- vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_SYSENTER_EIP, MSR_TYPE_RW);
+ vmx_disable_intercept_for_msr(NULL, msr_bitmap, MSR_IA32_TSC, MSR_TYPE_R);
+ vmx_disable_intercept_for_msr(NULL, msr_bitmap, MSR_FS_BASE, MSR_TYPE_RW);
+ vmx_disable_intercept_for_msr(NULL, msr_bitmap, MSR_GS_BASE, MSR_TYPE_RW);
+ vmx_disable_intercept_for_msr(NULL, msr_bitmap, MSR_KERNEL_GS_BASE,
MSR_TYPE_RW);
+ vmx_disable_intercept_for_msr(NULL, msr_bitmap, MSR_IA32_SYSENTER_CS,
MSR_TYPE_RW);
+ vmx_disable_intercept_for_msr(NULL, msr_bitmap, MSR_IA32_SYSENTER_ESP,
MSR_TYPE_RW);
+ vmx_disable_intercept_for_msr(NULL, msr_bitmap, MSR_IA32_SYSENTER_EIP,
MSR_TYPE_RW);
if (kvm_cstate_in_guest(kvm)) {
- vmx_disable_intercept_for_msr(msr_bitmap, MSR_CORE_C1_RES, MSR_TYPE_R);
- vmx_disable_intercept_for_msr(msr_bitmap, MSR_CORE_C3_RESIDENCY, MSR_TYPE_R);
- vmx_disable_intercept_for_msr(msr_bitmap, MSR_CORE_C6_RESIDENCY, MSR_TYPE_R);
- vmx_disable_intercept_for_msr(msr_bitmap, MSR_CORE_C7_RESIDENCY, MSR_TYPE_R);
+ vmx_disable_intercept_for_msr(NULL, msr_bitmap, MSR_CORE_C1_RES, MSR_TYPE_R);
+ vmx_disable_intercept_for_msr(NULL, msr_bitmap, MSR_CORE_C3_RESIDENCY,
MSR_TYPE_R);
+ vmx_disable_intercept_for_msr(NULL, msr_bitmap, MSR_CORE_C6_RESIDENCY,
MSR_TYPE_R);
+ vmx_disable_intercept_for_msr(NULL, msr_bitmap, MSR_CORE_C7_RESIDENCY,
MSR_TYPE_R);
}
vmx->msr_bitmap_mode = 0;
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 19/78] KVM: x86: add .control_msr_intercept()
From: Mihai Don?u <mdontu at bitdefender.com>
This is needed for the KVMI_EVENT_MSR event.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 2 ++
arch/x86/kvm/svm.c | 11 +++++++++++
arch/x86/kvm/vmx/vmx.c | 10 ++++++++++
3 files changed, 23 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 2136f273645a..d8c61cc301fa 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1060,6 +1060,8 @@ struct kvm_x86_ops {
void (*update_bp_intercept)(struct kvm_vcpu *vcpu);
int (*get_msr)(struct kvm_vcpu *vcpu, struct msr_data *msr);
int (*set_msr)(struct kvm_vcpu *vcpu, struct msr_data *msr);
+ void (*control_msr_intercept)(struct kvm_vcpu *vcpu, unsigned int msr,
+ int type, bool enable);
bool (*msr_write_intercepted)(struct kvm_vcpu *vcpu, u32 msr);
u64 (*get_segment_base)(struct kvm_vcpu *vcpu, int seg);
void (*get_segment)(struct kvm_vcpu *vcpu,
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 174ced633b60..21f02d92af78 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -7339,6 +7339,16 @@ static inline bool svm_desc_intercepted(struct kvm_vcpu
*vcpu)
get_intercept(svm, INTERCEPT_LOAD_TR));
}
+static void svm_control_msr_intercept(struct kvm_vcpu *vcpu, unsigned int msr,
+ int type, bool enable)
+{
+ const struct vcpu_svm *svm = to_svm(vcpu);
+ u32 *msrpm = is_guest_mode(vcpu) ? svm->nested.msrpm :
+ svm->msrpm;
+
+ set_msr_interception(vcpu, msrpm, msr, type, !enable);
+}
+
static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.cpu_has_kvm_support = has_svm,
.disabled_by_bios = is_disabled,
@@ -7370,6 +7380,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.get_msr_feature = svm_get_msr_feature,
.get_msr = svm_get_msr,
.set_msr = svm_set_msr,
+ .control_msr_intercept = svm_control_msr_intercept,
.msr_write_intercepted = msr_write_intercepted,
.get_segment_base = svm_get_segment_base,
.get_segment = svm_get_segment,
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index e6878097d736..7a61427af370 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7806,6 +7806,15 @@ static bool vmx_desc_intercepted(struct kvm_vcpu *vcpu)
return !!(secondary_exec_controls_get(vmx) & SECONDARY_EXEC_DESC);
}
+static void vmx_control_msr_intercept(struct kvm_vcpu *vcpu, unsigned int msr,
+ int type, bool enable)
+{
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+ unsigned long *msr_bitmap = vmx->vmcs01.msr_bitmap;
+
+ vmx_set_intercept_for_msr(vcpu, msr_bitmap, msr, type, enable);
+}
+
static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.cpu_has_kvm_support = cpu_has_kvm_support,
.disabled_by_bios = vmx_disabled_by_bios,
@@ -7834,6 +7843,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.get_msr_feature = vmx_get_msr_feature,
.get_msr = vmx_get_msr,
.set_msr = vmx_set_msr,
+ .control_msr_intercept = vmx_control_msr_intercept,
.msr_write_intercepted = msr_write_intercepted,
.get_segment_base = vmx_get_segment_base,
.get_segment = vmx_get_segment,
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 20/78] KVM: x86: vmx: use a symbolic constant when checking the exit qualifications
From: Mihai Don?u <mdontu at bitdefender.com> This should make the code more readable. Signed-off-by: Mihai Don?u <mdontu at bitdefender.com> Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- arch/x86/kvm/vmx/vmx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 7a61427af370..538044edddfc 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5185,8 +5185,8 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu) EPT_VIOLATION_EXECUTABLE)) ? PFERR_PRESENT_MASK : 0; - error_code |= (exit_qualification & 0x100) != 0 ? - PFERR_GUEST_FINAL_MASK : PFERR_GUEST_PAGE_MASK; + error_code |= (exit_qualification & EPT_VIOLATION_GVA_TRANSLATED) + ? PFERR_GUEST_FINAL_MASK : PFERR_GUEST_PAGE_MASK; vcpu->arch.exit_qualification = exit_qualification; return kvm_mmu_page_fault(vcpu, gpa, error_code, NULL, 0);
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 21/78] KVM: x86: save the error code during EPT/NPF exits handling
From: Mihai Don?u <mdontu at bitdefender.com>
This is needed for kvm_page_track_emulation_failure().
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 3 +++
arch/x86/kvm/svm.c | 2 ++
arch/x86/kvm/vmx/vmx.c | 1 +
3 files changed, 6 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index d8c61cc301fa..9f12d40198b5 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -811,6 +811,9 @@ struct kvm_vcpu_arch {
/* AMD MSRC001_0015 Hardware Configuration */
u64 msr_hwcr;
+
+ /* #PF translated error code from EPT/NPT exit reason */
+ u64 error_code;
};
struct kvm_lpage_info {
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 21f02d92af78..c3b7f593299f 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -2749,6 +2749,8 @@ static int npf_interception(struct vcpu_svm *svm)
u64 fault_address = __sme_clr(svm->vmcb->control.exit_info_2);
u64 error_code = svm->vmcb->control.exit_info_1;
+ svm->vcpu.arch.error_code = error_code;
+
trace_kvm_page_fault(fault_address, error_code);
return kvm_mmu_page_fault(&svm->vcpu, fault_address, error_code,
static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 538044edddfc..7a96a911e5f2 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -5189,6 +5189,7 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu)
? PFERR_GUEST_FINAL_MASK : PFERR_GUEST_PAGE_MASK;
vcpu->arch.exit_qualification = exit_qualification;
+ vcpu->arch.error_code = error_code;
return kvm_mmu_page_fault(vcpu, gpa, error_code, NULL, 0);
}
From: Mihai Don?u <mdontu at bitdefender.com>
This function is needed for kvmi_update_ad_flags()
and kvm_page_track_emulation_failure().
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 2 ++
arch/x86/include/asm/vmx.h | 2 ++
arch/x86/kvm/svm.c | 9 +++++++++
arch/x86/kvm/vmx/vmx.c | 9 +++++++++
4 files changed, 22 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 9f12d40198b5..6094884d3015 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1253,6 +1253,8 @@ struct kvm_x86_ops {
bool (*apic_init_signal_blocked)(struct kvm_vcpu *vcpu);
int (*enable_direct_tlbflush)(struct kvm_vcpu *vcpu);
+
+ u64 (*fault_gla)(struct kvm_vcpu *vcpu);
};
struct kvm_arch_async_pf {
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 1835767aa335..edb1afc060d6 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -524,6 +524,7 @@ struct vmx_msr_entry {
#define EPT_VIOLATION_READABLE_BIT 3
#define EPT_VIOLATION_WRITABLE_BIT 4
#define EPT_VIOLATION_EXECUTABLE_BIT 5
+#define EPT_VIOLATION_GLA_VALID_BIT 7
#define EPT_VIOLATION_GVA_TRANSLATED_BIT 8
#define EPT_VIOLATION_ACC_READ (1 << EPT_VIOLATION_ACC_READ_BIT)
#define EPT_VIOLATION_ACC_WRITE (1 << EPT_VIOLATION_ACC_WRITE_BIT)
@@ -531,6 +532,7 @@ struct vmx_msr_entry {
#define EPT_VIOLATION_READABLE (1 << EPT_VIOLATION_READABLE_BIT)
#define EPT_VIOLATION_WRITABLE (1 << EPT_VIOLATION_WRITABLE_BIT)
#define EPT_VIOLATION_EXECUTABLE (1 << EPT_VIOLATION_EXECUTABLE_BIT)
+#define EPT_VIOLATION_GLA_VALID (1 << EPT_VIOLATION_GLA_VALID_BIT)
#define EPT_VIOLATION_GVA_TRANSLATED (1 <<
EPT_VIOLATION_GVA_TRANSLATED_BIT)
/*
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index c3b7f593299f..ab9576444e6b 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -7351,6 +7351,13 @@ static void svm_control_msr_intercept(struct kvm_vcpu
*vcpu, unsigned int msr,
set_msr_interception(vcpu, msrpm, msr, type, !enable);
}
+static u64 svm_fault_gla(struct kvm_vcpu *vcpu)
+{
+ const struct vcpu_svm *svm = to_svm(vcpu);
+
+ return svm->vcpu.arch.cr2 ? svm->vcpu.arch.cr2 : ~0ull;
+}
+
static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.cpu_has_kvm_support = has_svm,
.disabled_by_bios = is_disabled,
@@ -7495,6 +7502,8 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.need_emulation_on_page_fault = svm_need_emulation_on_page_fault,
.apic_init_signal_blocked = svm_apic_init_signal_blocked,
+
+ .fault_gla = svm_fault_gla,
};
static int __init svm_init(void)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 7a96a911e5f2..f1df5725d06f 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7816,6 +7816,13 @@ static void vmx_control_msr_intercept(struct kvm_vcpu
*vcpu, unsigned int msr,
vmx_set_intercept_for_msr(vcpu, msr_bitmap, msr, type, enable);
}
+static u64 vmx_fault_gla(struct kvm_vcpu *vcpu)
+{
+ if (vcpu->arch.exit_qualification & EPT_VIOLATION_GLA_VALID)
+ return vmcs_readl(GUEST_LINEAR_ADDRESS);
+ return ~0ull;
+}
+
static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.cpu_has_kvm_support = cpu_has_kvm_support,
.disabled_by_bios = vmx_disabled_by_bios,
@@ -7973,6 +7980,8 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.nested_get_evmcs_version = NULL,
.need_emulation_on_page_fault = vmx_need_emulation_on_page_fault,
.apic_init_signal_blocked = vmx_apic_init_signal_blocked,
+
+ .fault_gla = vmx_fault_gla,
};
static void vmx_cleanup_l1d_flush(void)
From: Mihai Don?u <mdontu at bitdefender.com>
This function is needed for the KVMI_EVENT_PF event.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/svm.c | 9 +++++++++
arch/x86/kvm/vmx/vmx.c | 8 ++++++++
3 files changed, 18 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 6094884d3015..0f25f69fc8be 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1255,6 +1255,7 @@ struct kvm_x86_ops {
int (*enable_direct_tlbflush)(struct kvm_vcpu *vcpu);
u64 (*fault_gla)(struct kvm_vcpu *vcpu);
+ bool (*spt_fault)(struct kvm_vcpu *vcpu);
};
struct kvm_arch_async_pf {
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index ab9576444e6b..f908ef374617 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -7358,6 +7358,14 @@ static u64 svm_fault_gla(struct kvm_vcpu *vcpu)
return svm->vcpu.arch.cr2 ? svm->vcpu.arch.cr2 : ~0ull;
}
+static bool svm_spt_fault(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_svm *svm = to_svm(vcpu);
+ struct vmcb *vmcb = get_host_vmcb(svm);
+
+ return (vmcb->control.exit_code == SVM_EXIT_NPF);
+}
+
static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.cpu_has_kvm_support = has_svm,
.disabled_by_bios = is_disabled,
@@ -7504,6 +7512,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.apic_init_signal_blocked = svm_apic_init_signal_blocked,
.fault_gla = svm_fault_gla,
+ .spt_fault = svm_spt_fault,
};
static int __init svm_init(void)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index f1df5725d06f..6f41a7b27a11 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7823,6 +7823,13 @@ static u64 vmx_fault_gla(struct kvm_vcpu *vcpu)
return ~0ull;
}
+static bool vmx_spt_fault(struct kvm_vcpu *vcpu)
+{
+ const struct vcpu_vmx *vmx = to_vmx(vcpu);
+
+ return (vmx->exit_reason == EXIT_REASON_EPT_VIOLATION);
+}
+
static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.cpu_has_kvm_support = cpu_has_kvm_support,
.disabled_by_bios = vmx_disabled_by_bios,
@@ -7982,6 +7989,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.apic_init_signal_blocked = vmx_apic_init_signal_blocked,
.fault_gla = vmx_fault_gla,
+ .spt_fault = vmx_spt_fault,
};
static void vmx_cleanup_l1d_flush(void)
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 24/78] KVM: x86: add .gpt_translation_fault()
From: Mihai Don?u <mdontu at bitdefender.com>
This function is needed for the KVMI_EVENT_PF event.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/svm.c | 12 ++++++++++++
arch/x86/kvm/vmx/vmx.c | 8 ++++++++
3 files changed, 21 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 0f25f69fc8be..e05569a5da10 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1256,6 +1256,7 @@ struct kvm_x86_ops {
u64 (*fault_gla)(struct kvm_vcpu *vcpu);
bool (*spt_fault)(struct kvm_vcpu *vcpu);
+ bool (*gpt_translation_fault)(struct kvm_vcpu *vcpu);
};
struct kvm_arch_async_pf {
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index f908ef374617..38ecd86c1d58 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -7366,6 +7366,17 @@ static bool svm_spt_fault(struct kvm_vcpu *vcpu)
return (vmcb->control.exit_code == SVM_EXIT_NPF);
}
+static bool svm_gpt_translation_fault(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_svm *svm = to_svm(vcpu);
+ struct vmcb *vmcb = get_host_vmcb(svm);
+
+ if (vmcb->control.exit_info_1 & PFERR_GUEST_PAGE_MASK)
+ return true;
+
+ return false;
+}
+
static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.cpu_has_kvm_support = has_svm,
.disabled_by_bios = is_disabled,
@@ -7513,6 +7524,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
.fault_gla = svm_fault_gla,
.spt_fault = svm_spt_fault,
+ .gpt_translation_fault = svm_gpt_translation_fault,
};
static int __init svm_init(void)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 6f41a7b27a11..83f047fe6bc1 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7830,6 +7830,13 @@ static bool vmx_spt_fault(struct kvm_vcpu *vcpu)
return (vmx->exit_reason == EXIT_REASON_EPT_VIOLATION);
}
+static bool vmx_gpt_translation_fault(struct kvm_vcpu *vcpu)
+{
+ if (vcpu->arch.exit_qualification & EPT_VIOLATION_GVA_TRANSLATED)
+ return false;
+ return true;
+}
+
static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.cpu_has_kvm_support = cpu_has_kvm_support,
.disabled_by_bios = vmx_disabled_by_bios,
@@ -7990,6 +7997,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.fault_gla = vmx_fault_gla,
.spt_fault = vmx_spt_fault,
+ .gpt_translation_fault = vmx_gpt_translation_fault,
};
static void vmx_cleanup_l1d_flush(void)
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 25/78] KVM: x86: add .control_singlestep()
From: Nicu?or C??u <ncitu at bitdefender.com>
This function is needed for KVMI_VCPU_CONTROL_SINGLESTEP
and KVMI_EVENT_SINGLESTEP.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/vmx/vmx.c | 11 +++++++++++
2 files changed, 12 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index e05569a5da10..6927a6044e26 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1257,6 +1257,7 @@ struct kvm_x86_ops {
u64 (*fault_gla)(struct kvm_vcpu *vcpu);
bool (*spt_fault)(struct kvm_vcpu *vcpu);
bool (*gpt_translation_fault)(struct kvm_vcpu *vcpu);
+ void (*control_singlestep)(struct kvm_vcpu *vcpu, bool enable);
};
struct kvm_arch_async_pf {
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 83f047fe6bc1..475f5eb6c4c2 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7837,6 +7837,16 @@ static bool vmx_gpt_translation_fault(struct kvm_vcpu
*vcpu)
return true;
}
+static void vmx_control_singlestep(struct kvm_vcpu *vcpu, bool enable)
+{
+ if (enable)
+ exec_controls_setbit(to_vmx(vcpu),
+ CPU_BASED_MONITOR_TRAP_FLAG);
+ else
+ exec_controls_clearbit(to_vmx(vcpu),
+ CPU_BASED_MONITOR_TRAP_FLAG);
+}
+
static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.cpu_has_kvm_support = cpu_has_kvm_support,
.disabled_by_bios = vmx_disabled_by_bios,
@@ -7998,6 +8008,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
.fault_gla = vmx_fault_gla,
.spt_fault = vmx_spt_fault,
.gpt_translation_fault = vmx_gpt_translation_fault,
+ .control_singlestep = vmx_control_singlestep,
};
static void vmx_cleanup_l1d_flush(void)
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 26/78] KVM: x86: export kvm_arch_vcpu_set_guest_debug()
From: Nicu?or C??u <ncitu at bitdefender.com>
This function is needed for the KVMI_EVENT_BP event.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/kvm/x86.c | 18 +++++++++++++-----
include/linux/kvm_host.h | 2 ++
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index fee24bb5fa52..c607148dcf63 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -8927,14 +8927,12 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
return ret;
}
-int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
- struct kvm_guest_debug *dbg)
+int kvm_arch_vcpu_set_guest_debug(struct kvm_vcpu *vcpu,
+ struct kvm_guest_debug *dbg)
{
unsigned long rflags;
int i, r;
- vcpu_load(vcpu);
-
if (dbg->control & (KVM_GUESTDBG_INJECT_DB | KVM_GUESTDBG_INJECT_BP)) {
r = -EBUSY;
if (vcpu->arch.exception.pending)
@@ -8980,10 +8978,20 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu
*vcpu,
r = 0;
out:
- vcpu_put(vcpu);
return r;
}
+int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
+ struct kvm_guest_debug *dbg)
+{
+ int ret;
+
+ vcpu_load(vcpu);
+ ret = kvm_arch_vcpu_set_guest_debug(vcpu, dbg);
+ vcpu_put(vcpu);
+ return ret;
+}
+
/*
* Translate a guest virtual address to a guest physical address.
*/
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index c7ef69015050..625f567f6120 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -869,6 +869,8 @@ int kvm_arch_vcpu_ioctl_set_mpstate(struct kvm_vcpu *vcpu,
struct kvm_mp_state *mp_state);
int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
struct kvm_guest_debug *dbg);
+int kvm_arch_vcpu_set_guest_debug(struct kvm_vcpu *vcpu,
+ struct kvm_guest_debug *dbg);
int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
int kvm_arch_init(void *opaque);
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 27/78] KVM: x86: extend kvm_mmu_gva_to_gpa_system() with the 'access' parameter
From: Mihai Don?u <mdontu at bitdefender.com>
This is needed for the introspection subsytem to emulate a guest page
table walk on SPT violations due to A/D bit updates.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kvm/x86.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 6927a6044e26..d216ed1a7c7d 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1487,7 +1487,7 @@ gpa_t kvm_mmu_gva_to_gpa_fetch(struct kvm_vcpu *vcpu,
gva_t gva,
gpa_t kvm_mmu_gva_to_gpa_write(struct kvm_vcpu *vcpu, gva_t gva,
struct x86_exception *exception);
gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva,
- struct x86_exception *exception);
+ u32 access, struct x86_exception *exception);
void kvm_vcpu_deactivate_apicv(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index c607148dcf63..5e6327363207 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5325,9 +5325,9 @@ gpa_t kvm_mmu_gva_to_gpa_write(struct kvm_vcpu *vcpu,
gva_t gva,
/* uses this to access any guest's mapped memory without checking CPL */
gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva,
- struct x86_exception *exception)
+ u32 access, struct x86_exception *exception)
{
- return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, 0, exception);
+ return vcpu->arch.walk_mmu->gva_to_gpa(vcpu, gva, access, exception);
}
static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int
bytes,
@@ -9005,7 +9005,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
vcpu_load(vcpu);
idx = srcu_read_lock(&vcpu->kvm->srcu);
- gpa = kvm_mmu_gva_to_gpa_system(vcpu, vaddr, NULL);
+ gpa = kvm_mmu_gva_to_gpa_system(vcpu, vaddr, 0, NULL);
srcu_read_unlock(&vcpu->kvm->srcu, idx);
tr->physical_address = gpa;
tr->valid = gpa != UNMAPPED_GVA;
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 28/78] KVM: x86: export kvm_inject_pending_exception()
From: Nicu?or C??u <ncitu at bitdefender.com>
This function is needed for the KVMI_VCPU_INJECT_EXCEPTION command.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/x86.c | 71 ++++++++++++++++++---------------
2 files changed, 39 insertions(+), 33 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index d216ed1a7c7d..77de935979b2 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1438,6 +1438,7 @@ unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu);
void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags);
bool kvm_rdpmc(struct kvm_vcpu *vcpu);
+void kvm_inject_pending_exception(struct kvm_vcpu *vcpu);
void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr);
void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code);
void kvm_requeue_exception(struct kvm_vcpu *vcpu, unsigned nr);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 5e6327363207..64b4b6dde347 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7523,6 +7523,43 @@ static void update_cr8_intercept(struct kvm_vcpu *vcpu)
kvm_x86_ops->update_cr8_intercept(vcpu, tpr, max_irr);
}
+void kvm_inject_pending_exception(struct kvm_vcpu *vcpu)
+{
+ if (vcpu->arch.exception.pending) {
+ trace_kvm_inj_exception(vcpu->arch.exception.nr,
+ vcpu->arch.exception.has_error_code,
+ vcpu->arch.exception.error_code);
+
+ WARN_ON_ONCE(vcpu->arch.exception.injected);
+ vcpu->arch.exception.pending = false;
+ vcpu->arch.exception.injected = true;
+
+ if (exception_type(vcpu->arch.exception.nr) == EXCPT_FAULT)
+ __kvm_set_rflags(vcpu, kvm_get_rflags(vcpu) |
+ X86_EFLAGS_RF);
+
+ if (vcpu->arch.exception.nr == DB_VECTOR) {
+ /*
+ * This code assumes that nSVM doesn't use
+ * check_nested_events(). If it does, the
+ * DR6/DR7 changes should happen before L1
+ * gets a #VMEXIT for an intercepted #DB in
+ * L2. (Under VMX, on the other hand, the
+ * DR6/DR7 changes should not happen in the
+ * event of a VM-exit to L1 for an intercepted
+ * #DB in L2.)
+ */
+ kvm_deliver_exception_payload(vcpu);
+ if (vcpu->arch.dr7 & DR7_GD) {
+ vcpu->arch.dr7 &= ~DR7_GD;
+ kvm_update_dr7(vcpu);
+ }
+ }
+
+ kvm_x86_ops->queue_exception(vcpu);
+ }
+}
+
static int inject_pending_event(struct kvm_vcpu *vcpu, bool req_int_win)
{
int r;
@@ -7565,39 +7602,7 @@ static int inject_pending_event(struct kvm_vcpu *vcpu,
bool req_int_win)
}
/* try to inject new event if pending */
- if (vcpu->arch.exception.pending) {
- trace_kvm_inj_exception(vcpu->arch.exception.nr,
- vcpu->arch.exception.has_error_code,
- vcpu->arch.exception.error_code);
-
- WARN_ON_ONCE(vcpu->arch.exception.injected);
- vcpu->arch.exception.pending = false;
- vcpu->arch.exception.injected = true;
-
- if (exception_type(vcpu->arch.exception.nr) == EXCPT_FAULT)
- __kvm_set_rflags(vcpu, kvm_get_rflags(vcpu) |
- X86_EFLAGS_RF);
-
- if (vcpu->arch.exception.nr == DB_VECTOR) {
- /*
- * This code assumes that nSVM doesn't use
- * check_nested_events(). If it does, the
- * DR6/DR7 changes should happen before L1
- * gets a #VMEXIT for an intercepted #DB in
- * L2. (Under VMX, on the other hand, the
- * DR6/DR7 changes should not happen in the
- * event of a VM-exit to L1 for an intercepted
- * #DB in L2.)
- */
- kvm_deliver_exception_payload(vcpu);
- if (vcpu->arch.dr7 & DR7_GD) {
- vcpu->arch.dr7 &= ~DR7_GD;
- kvm_update_dr7(vcpu);
- }
- }
-
- kvm_x86_ops->queue_exception(vcpu);
- }
+ kvm_inject_pending_exception(vcpu);
/* Don't consider new event if we re-injected an event */
if (kvm_event_needs_reinjection(vcpu))
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 29/78] KVM: x86: export kvm_vcpu_ioctl_x86_get_xsave()
From: Nicu?or C??u <ncitu at bitdefender.com>
This function is needed for the KVMI_VCPU_GET_XSAVE command.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/kvm/x86.c | 4 ++--
include/linux/kvm_host.h | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 64b4b6dde347..4565f3cce201 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3981,8 +3981,8 @@ static void load_xsave(struct kvm_vcpu *vcpu, u8 *src)
}
}
-static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
- struct kvm_xsave *guest_xsave)
+void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
+ struct kvm_xsave *guest_xsave)
{
if (boot_cpu_has(X86_FEATURE_XSAVE)) {
memset(guest_xsave, 0, sizeof(struct kvm_xsave));
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 625f567f6120..d3bc4351344f 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -872,6 +872,8 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu
*vcpu,
int kvm_arch_vcpu_set_guest_debug(struct kvm_vcpu *vcpu,
struct kvm_guest_debug *dbg);
int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
+void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
+ struct kvm_xsave *guest_xsave);
int kvm_arch_init(void *opaque);
void kvm_arch_exit(void);
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 30/78] KVM: x86: page track: provide all page tracking hooks with the guest virtual address
From: Mihai Don?u <mdontu at bitdefender.com>
This is needed because the emulator calls the page tracking code
irrespective of the current VM-exit reason or available information.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/include/asm/kvm_page_track.h | 10 ++++++----
arch/x86/kvm/mmu/mmu.c | 2 +-
arch/x86/kvm/mmu/page_track.c | 6 +++---
arch/x86/kvm/x86.c | 16 ++++++++--------
drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +-
6 files changed, 20 insertions(+), 18 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 77de935979b2..378a094ceb5b 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1324,7 +1324,7 @@ void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned
long kvm_nr_mmu_pages);
int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3);
bool pdptrs_changed(struct kvm_vcpu *vcpu);
-int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa,
+int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
const void *val, int bytes);
struct kvm_irq_mask_notifier {
diff --git a/arch/x86/include/asm/kvm_page_track.h
b/arch/x86/include/asm/kvm_page_track.h
index 172f9749dbb2..e91f5a16e741 100644
--- a/arch/x86/include/asm/kvm_page_track.h
+++ b/arch/x86/include/asm/kvm_page_track.h
@@ -28,12 +28,14 @@ struct kvm_page_track_notifier_node {
*
* @vcpu: the vcpu where the write access happened.
* @gpa: the physical address written by guest.
+ * @gva: the virtual address written by guest.
* @new: the data was written to the address.
* @bytes: the written length.
* @node: this node
*/
- void (*track_write)(struct kvm_vcpu *vcpu, gpa_t gpa, const u8 *new,
- int bytes, struct kvm_page_track_notifier_node *node);
+ void (*track_write)(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ const u8 *new, int bytes,
+ struct kvm_page_track_notifier_node *node);
/*
* It is called when memory slot is being moved or removed
* users can drop write-protection for the pages in that memory slot
@@ -69,7 +71,7 @@ kvm_page_track_register_notifier(struct kvm *kvm,
void
kvm_page_track_unregister_notifier(struct kvm *kvm,
struct kvm_page_track_notifier_node *n);
-void kvm_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, const u8 *new,
- int bytes);
+void kvm_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ const u8 *new, int bytes);
void kvm_page_track_flush_slot(struct kvm *kvm, struct kvm_memory_slot *slot);
#endif
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 6f92b40d798c..f2e016dfffe6 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -5412,7 +5412,7 @@ static u64 *get_written_sptes(struct kvm_mmu_page *sp,
gpa_t gpa, int *nspte)
return spte;
}
-static void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
+static void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
const u8 *new, int bytes,
struct kvm_page_track_notifier_node *node)
{
diff --git a/arch/x86/kvm/mmu/page_track.c b/arch/x86/kvm/mmu/page_track.c
index 3521e2d176f2..dc891d6a2553 100644
--- a/arch/x86/kvm/mmu/page_track.c
+++ b/arch/x86/kvm/mmu/page_track.c
@@ -220,8 +220,8 @@ EXPORT_SYMBOL_GPL(kvm_page_track_unregister_notifier);
* The node should figure out if the written page is the one that node is
* interested in by itself.
*/
-void kvm_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, const u8 *new,
- int bytes)
+void kvm_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ const u8 *new, int bytes)
{
struct kvm_page_track_notifier_head *head;
struct kvm_page_track_notifier_node *n;
@@ -235,7 +235,7 @@ void kvm_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa,
const u8 *new,
idx = srcu_read_lock(&head->track_srcu);
hlist_for_each_entry_rcu(n, &head->track_notifier_list, node)
if (n->track_write)
- n->track_write(vcpu, gpa, new, bytes, n);
+ n->track_write(vcpu, gpa, gva, new, bytes, n);
srcu_read_unlock(&head->track_srcu, idx);
}
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 4565f3cce201..0dd43cf5d2b1 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5554,7 +5554,7 @@ static int vcpu_mmio_gva_to_gpa(struct kvm_vcpu *vcpu,
unsigned long gva,
return vcpu_is_mmio_gpa(vcpu, gva, *gpa, write);
}
-int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa,
+int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
const void *val, int bytes)
{
int ret;
@@ -5562,14 +5562,14 @@ int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t
gpa,
ret = kvm_vcpu_write_guest(vcpu, gpa, val, bytes);
if (ret < 0)
return 0;
- kvm_page_track_write(vcpu, gpa, val, bytes);
+ kvm_page_track_write(vcpu, gpa, gva, val, bytes);
return 1;
}
struct read_write_emulator_ops {
int (*read_write_prepare)(struct kvm_vcpu *vcpu, void *val,
int bytes);
- int (*read_write_emulate)(struct kvm_vcpu *vcpu, gpa_t gpa,
+ int (*read_write_emulate)(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
void *val, int bytes);
int (*read_write_mmio)(struct kvm_vcpu *vcpu, gpa_t gpa,
int bytes, void *val);
@@ -5590,16 +5590,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void
*val, int bytes)
return 0;
}
-static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
+static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
void *val, int bytes)
{
return !kvm_vcpu_read_guest(vcpu, gpa, val, bytes);
}
-static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
+static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
void *val, int bytes)
{
- return emulator_write_phys(vcpu, gpa, val, bytes);
+ return emulator_write_phys(vcpu, gpa, gva, val, bytes);
}
static int write_mmio(struct kvm_vcpu *vcpu, gpa_t gpa, int bytes, void *val)
@@ -5668,7 +5668,7 @@ static int emulator_read_write_onepage(unsigned long addr,
void *val,
return X86EMUL_PROPAGATE_FAULT;
}
- if (!ret && ops->read_write_emulate(vcpu, gpa, val, bytes))
+ if (!ret && ops->read_write_emulate(vcpu, gpa, addr, val, bytes))
return X86EMUL_CONTINUE;
/*
@@ -5827,7 +5827,7 @@ static int emulator_cmpxchg_emulated(struct
x86_emulate_ctxt *ctxt,
if (!exchanged)
return X86EMUL_CMPXCHG_FAILED;
- kvm_page_track_write(vcpu, gpa, new, bytes);
+ kvm_page_track_write(vcpu, gpa, addr, new, bytes);
return X86EMUL_CONTINUE;
diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c
index 04a5a0d90823..59e2f783c6e9 100644
--- a/drivers/gpu/drm/i915/gvt/kvmgt.c
+++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
@@ -1682,7 +1682,7 @@ static int kvmgt_page_track_remove(unsigned long handle,
u64 gfn)
return 0;
}
-static void kvmgt_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa,
+static void kvmgt_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
const u8 *val, int len,
struct kvm_page_track_notifier_node *node)
{
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 31/78] KVM: x86: page track: add track_create_slot() callback
From: Mihai Don?u <mdontu at bitdefender.com>
This is used to add page access notifications as soon as a slot appears.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_page_track.h | 13 ++++++++++++-
arch/x86/kvm/mmu/page_track.c | 16 +++++++++++++++-
arch/x86/kvm/x86.c | 2 +-
3 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/kvm_page_track.h
b/arch/x86/include/asm/kvm_page_track.h
index e91f5a16e741..dc528c6f2eb0 100644
--- a/arch/x86/include/asm/kvm_page_track.h
+++ b/arch/x86/include/asm/kvm_page_track.h
@@ -36,6 +36,17 @@ struct kvm_page_track_notifier_node {
void (*track_write)(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
const u8 *new, int bytes,
struct kvm_page_track_notifier_node *node);
+ /*
+ * It is called when memory slot is being created
+ *
+ * @kvm: the kvm where memory slot being moved or removed
+ * @slot: the memory slot being moved or removed
+ * @npages: the number of pages
+ * @node: this node
+ */
+ void (*track_create_slot)(struct kvm *kvm, struct kvm_memory_slot *slot,
+ unsigned long npages,
+ struct kvm_page_track_notifier_node *node);
/*
* It is called when memory slot is being moved or removed
* users can drop write-protection for the pages in that memory slot
@@ -53,7 +64,7 @@ void kvm_page_track_cleanup(struct kvm *kvm);
void kvm_page_track_free_memslot(struct kvm_memory_slot *free,
struct kvm_memory_slot *dont);
-int kvm_page_track_create_memslot(struct kvm_memory_slot *slot,
+int kvm_page_track_create_memslot(struct kvm *kvm, struct kvm_memory_slot
*slot,
unsigned long npages);
void kvm_slot_page_track_add_page(struct kvm *kvm,
diff --git a/arch/x86/kvm/mmu/page_track.c b/arch/x86/kvm/mmu/page_track.c
index dc891d6a2553..f36e74430ad2 100644
--- a/arch/x86/kvm/mmu/page_track.c
+++ b/arch/x86/kvm/mmu/page_track.c
@@ -32,9 +32,12 @@ void kvm_page_track_free_memslot(struct kvm_memory_slot
*free,
}
}
-int kvm_page_track_create_memslot(struct kvm_memory_slot *slot,
+int kvm_page_track_create_memslot(struct kvm *kvm, struct kvm_memory_slot
*slot,
unsigned long npages)
{
+ struct kvm_page_track_notifier_head *head;
+ struct kvm_page_track_notifier_node *n;
+ int idx;
int i;
for (i = 0; i < KVM_PAGE_TRACK_MAX; i++) {
@@ -45,6 +48,17 @@ int kvm_page_track_create_memslot(struct kvm_memory_slot
*slot,
goto track_free;
}
+ head = &kvm->arch.track_notifier_head;
+
+ if (hlist_empty(&head->track_notifier_list))
+ return 0;
+
+ idx = srcu_read_lock(&head->track_srcu);
+ hlist_for_each_entry_rcu(n, &head->track_notifier_list, node)
+ if (n->track_create_slot)
+ n->track_create_slot(kvm, slot, npages, n);
+ srcu_read_unlock(&head->track_srcu, idx);
+
return 0;
track_free:
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 0dd43cf5d2b1..c73da40791a7 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -9772,7 +9772,7 @@ int kvm_arch_create_memslot(struct kvm *kvm, struct
kvm_memory_slot *slot,
}
}
- if (kvm_page_track_create_memslot(slot, npages))
+ if (kvm_page_track_create_memslot(kvm, slot, npages))
goto out_free;
return 0;
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 32/78] KVM: x86: page_track: add support for preread, prewrite and preexec
From: Mihai Don?u <mdontu at bitdefender.com>
These callbacks return a boolean value. If false, the emulation should
stop and the instruction should be reexecuted in guest.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_page_track.h | 48 ++++++++++-
arch/x86/kvm/mmu.h | 4 +
arch/x86/kvm/mmu/mmu.c | 81 +++++++++++++++++
arch/x86/kvm/mmu/page_track.c | 120 ++++++++++++++++++++++++--
4 files changed, 243 insertions(+), 10 deletions(-)
diff --git a/arch/x86/include/asm/kvm_page_track.h
b/arch/x86/include/asm/kvm_page_track.h
index dc528c6f2eb0..646cbfa07676 100644
--- a/arch/x86/include/asm/kvm_page_track.h
+++ b/arch/x86/include/asm/kvm_page_track.h
@@ -3,7 +3,10 @@
#define _ASM_X86_KVM_PAGE_TRACK_H
enum kvm_page_track_mode {
+ KVM_PAGE_TRACK_PREREAD,
+ KVM_PAGE_TRACK_PREWRITE,
KVM_PAGE_TRACK_WRITE,
+ KVM_PAGE_TRACK_PREEXEC,
KVM_PAGE_TRACK_MAX,
};
@@ -22,6 +25,33 @@ struct kvm_page_track_notifier_head {
struct kvm_page_track_notifier_node {
struct hlist_node node;
+ /*
+ * It is called when guest is reading the read-tracked page
+ * and the read emulation is about to happen.
+ *
+ * @vcpu: the vcpu where the read access happened.
+ * @gpa: the physical address read by guest.
+ * @gva: the virtual address read by guest.
+ * @bytes: the read length.
+ * @node: this node.
+ */
+ bool (*track_preread)(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ int bytes,
+ struct kvm_page_track_notifier_node *node);
+ /*
+ * It is called when guest is writing the write-tracked page
+ * and the write emulation didn't happened yet.
+ *
+ * @vcpu: the vcpu where the write access happened.
+ * @gpa: the physical address written by guest.
+ * @gva: the virtual address written by guest.
+ * @new: the data was written to the address.
+ * @bytes: the written length.
+ * @node: this node
+ */
+ bool (*track_prewrite)(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ const u8 *new, int bytes,
+ struct kvm_page_track_notifier_node *node);
/*
* It is called when guest is writing the write-tracked page
* and write emulation is finished at that time.
@@ -36,6 +66,17 @@ struct kvm_page_track_notifier_node {
void (*track_write)(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
const u8 *new, int bytes,
struct kvm_page_track_notifier_node *node);
+ /*
+ * It is called when guest is fetching from a exec-tracked page
+ * and the fetch emulation is about to happen.
+ *
+ * @vcpu: the vcpu where the fetch access happened.
+ * @gpa: the physical address fetched by guest.
+ * @gva: the virtual address fetched by guest.
+ * @node: this node.
+ */
+ bool (*track_preexec)(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ struct kvm_page_track_notifier_node *node);
/*
* It is called when memory slot is being created
*
@@ -49,7 +90,7 @@ struct kvm_page_track_notifier_node {
struct kvm_page_track_notifier_node *node);
/*
* It is called when memory slot is being moved or removed
- * users can drop write-protection for the pages in that memory slot
+ * users can drop active protection for the pages in that memory slot
*
* @kvm: the kvm where memory slot being moved or removed
* @slot: the memory slot being moved or removed
@@ -82,7 +123,12 @@ kvm_page_track_register_notifier(struct kvm *kvm,
void
kvm_page_track_unregister_notifier(struct kvm *kvm,
struct kvm_page_track_notifier_node *n);
+bool kvm_page_track_preread(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ int bytes);
+bool kvm_page_track_prewrite(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ const u8 *new, int bytes);
void kvm_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
const u8 *new, int bytes);
+bool kvm_page_track_preexec(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva);
void kvm_page_track_flush_slot(struct kvm *kvm, struct kvm_memory_slot *slot);
#endif
diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
index d55674f44a18..b3a20fc98c69 100644
--- a/arch/x86/kvm/mmu.h
+++ b/arch/x86/kvm/mmu.h
@@ -209,6 +209,10 @@ void kvm_mmu_gfn_disallow_lpage(struct kvm_memory_slot
*slot, gfn_t gfn);
void kvm_mmu_gfn_allow_lpage(struct kvm_memory_slot *slot, gfn_t gfn);
bool kvm_mmu_slot_gfn_write_protect(struct kvm *kvm,
struct kvm_memory_slot *slot, u64 gfn);
+bool kvm_mmu_slot_gfn_read_protect(struct kvm *kvm,
+ struct kvm_memory_slot *slot, u64 gfn);
+bool kvm_mmu_slot_gfn_exec_protect(struct kvm *kvm,
+ struct kvm_memory_slot *slot, u64 gfn);
int kvm_arch_write_log_dirty(struct kvm_vcpu *vcpu);
int kvm_mmu_post_init_vm(struct kvm *kvm);
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index f2e016dfffe6..124e7ca73b48 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -1648,6 +1648,31 @@ static bool spte_write_protect(u64 *sptep, bool
pt_protect)
return mmu_spte_update(sptep, spte);
}
+static bool spte_read_protect(u64 *sptep)
+{
+ u64 spte = *sptep;
+ bool exec_only_supported = (shadow_present_mask == 0ull);
+
+ rmap_printk("rmap_read_protect: spte %p %llx\n", sptep, *sptep);
+
+ WARN_ON_ONCE(!exec_only_supported);
+
+ spte = spte & ~(PT_WRITABLE_MASK | PT_PRESENT_MASK);
+
+ return mmu_spte_update(sptep, spte);
+}
+
+static bool spte_exec_protect(u64 *sptep)
+{
+ u64 spte = *sptep;
+
+ rmap_printk("rmap_exec_protect: spte %p %llx\n", sptep, *sptep);
+
+ spte = spte & ~PT_USER_MASK;
+
+ return mmu_spte_update(sptep, spte);
+}
+
static bool __rmap_write_protect(struct kvm *kvm,
struct kvm_rmap_head *rmap_head,
bool pt_protect)
@@ -1662,6 +1687,32 @@ static bool __rmap_write_protect(struct kvm *kvm,
return flush;
}
+static bool __rmap_read_protect(struct kvm *kvm,
+ struct kvm_rmap_head *rmap_head)
+{
+ u64 *sptep;
+ struct rmap_iterator iter;
+ bool flush = false;
+
+ for_each_rmap_spte(rmap_head, &iter, sptep)
+ flush |= spte_read_protect(sptep);
+
+ return flush;
+}
+
+static bool __rmap_exec_protect(struct kvm *kvm,
+ struct kvm_rmap_head *rmap_head)
+{
+ u64 *sptep;
+ struct rmap_iterator iter;
+ bool flush = false;
+
+ for_each_rmap_spte(rmap_head, &iter, sptep)
+ flush |= spte_exec_protect(sptep);
+
+ return flush;
+}
+
static bool spte_clear_dirty(u64 *sptep)
{
u64 spte = *sptep;
@@ -1837,6 +1888,36 @@ bool kvm_mmu_slot_gfn_write_protect(struct kvm *kvm,
return write_protected;
}
+bool kvm_mmu_slot_gfn_read_protect(struct kvm *kvm,
+ struct kvm_memory_slot *slot, u64 gfn)
+{
+ struct kvm_rmap_head *rmap_head;
+ int i;
+ bool read_protected = false;
+
+ for (i = PT_PAGE_TABLE_LEVEL; i <= PT_MAX_HUGEPAGE_LEVEL; ++i) {
+ rmap_head = __gfn_to_rmap(gfn, i, slot);
+ read_protected |= __rmap_read_protect(kvm, rmap_head);
+ }
+
+ return read_protected;
+}
+
+bool kvm_mmu_slot_gfn_exec_protect(struct kvm *kvm,
+ struct kvm_memory_slot *slot, u64 gfn)
+{
+ struct kvm_rmap_head *rmap_head;
+ int i;
+ bool exec_protected = false;
+
+ for (i = PT_PAGE_TABLE_LEVEL; i <= PT_MAX_HUGEPAGE_LEVEL; ++i) {
+ rmap_head = __gfn_to_rmap(gfn, i, slot);
+ exec_protected |= __rmap_exec_protect(kvm, rmap_head);
+ }
+
+ return exec_protected;
+}
+
static bool rmap_write_protect(struct kvm_vcpu *vcpu, u64 gfn)
{
struct kvm_memory_slot *slot;
diff --git a/arch/x86/kvm/mmu/page_track.c b/arch/x86/kvm/mmu/page_track.c
index f36e74430ad2..cc3eb2cc7e38 100644
--- a/arch/x86/kvm/mmu/page_track.c
+++ b/arch/x86/kvm/mmu/page_track.c
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0-only
/*
- * Support KVM gust page tracking
+ * Support KVM guest page tracking
*
* This feature allows us to track page access in guest. Currently, only
* write access is tracked.
@@ -99,7 +99,7 @@ static void update_gfn_track(struct kvm_memory_slot *slot,
gfn_t gfn,
* @kvm: the guest instance we are interested in.
* @slot: the @gfn belongs to.
* @gfn: the guest page.
- * @mode: tracking mode, currently only write track is supported.
+ * @mode: tracking mode.
*/
void kvm_slot_page_track_add_page(struct kvm *kvm,
struct kvm_memory_slot *slot, gfn_t gfn,
@@ -117,9 +117,16 @@ void kvm_slot_page_track_add_page(struct kvm *kvm,
*/
kvm_mmu_gfn_disallow_lpage(slot, gfn);
- if (mode == KVM_PAGE_TRACK_WRITE)
+ if (mode == KVM_PAGE_TRACK_PREWRITE || mode == KVM_PAGE_TRACK_WRITE) {
if (kvm_mmu_slot_gfn_write_protect(kvm, slot, gfn))
kvm_flush_remote_tlbs(kvm);
+ } else if (mode == KVM_PAGE_TRACK_PREREAD) {
+ if (kvm_mmu_slot_gfn_read_protect(kvm, slot, gfn))
+ kvm_flush_remote_tlbs(kvm);
+ } else if (mode == KVM_PAGE_TRACK_PREEXEC) {
+ if (kvm_mmu_slot_gfn_exec_protect(kvm, slot, gfn))
+ kvm_flush_remote_tlbs(kvm);
+ }
}
EXPORT_SYMBOL_GPL(kvm_slot_page_track_add_page);
@@ -134,7 +141,7 @@ EXPORT_SYMBOL_GPL(kvm_slot_page_track_add_page);
* @kvm: the guest instance we are interested in.
* @slot: the @gfn belongs to.
* @gfn: the guest page.
- * @mode: tracking mode, currently only write track is supported.
+ * @mode: tracking mode.
*/
void kvm_slot_page_track_remove_page(struct kvm *kvm,
struct kvm_memory_slot *slot, gfn_t gfn,
@@ -227,12 +234,78 @@ kvm_page_track_unregister_notifier(struct kvm *kvm,
}
EXPORT_SYMBOL_GPL(kvm_page_track_unregister_notifier);
+/*
+ * Notify the node that a read access is about to happen. Returning false
+ * doesn't stop the other nodes from being called, but it will stop
+ * the emulation.
+ *
+ * The node should figure out if the read page is the one that the node
+ * is interested in by itself.
+ *
+ * The nodes will always be in conflict if they track the same page:
+ * - accepting a read won't guarantee that the next node will not override
+ * the data (filling new/bytes and setting data_ready)
+ * - filling new/bytes with custom data won't guarantee that the next node
+ * will not override that
+ */
+bool kvm_page_track_preread(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ int bytes)
+{
+ struct kvm_page_track_notifier_head *head;
+ struct kvm_page_track_notifier_node *n;
+ int idx;
+ bool ret = true;
+
+ head = &vcpu->kvm->arch.track_notifier_head;
+
+ if (hlist_empty(&head->track_notifier_list))
+ return ret;
+
+ idx = srcu_read_lock(&head->track_srcu);
+ hlist_for_each_entry_rcu(n, &head->track_notifier_list, node)
+ if (n->track_preread)
+ if (!n->track_preread(vcpu, gpa, gva, bytes, n))
+ ret = false;
+ srcu_read_unlock(&head->track_srcu, idx);
+ return ret;
+}
+
+/*
+ * Notify the node that a write access is about to happen. Returning false
+ * doesn't stop the other nodes from being called, but it will stop
+ * the emulation.
+ *
+ * The node should figure out if the written page is the one that the node
+ * is interested in by itself.
+ */
+bool kvm_page_track_prewrite(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ const u8 *new, int bytes)
+{
+ struct kvm_page_track_notifier_head *head;
+ struct kvm_page_track_notifier_node *n;
+ int idx;
+ bool ret = true;
+
+ head = &vcpu->kvm->arch.track_notifier_head;
+
+ if (hlist_empty(&head->track_notifier_list))
+ return ret;
+
+ idx = srcu_read_lock(&head->track_srcu);
+ hlist_for_each_entry_rcu(n, &head->track_notifier_list, node)
+ if (n->track_prewrite)
+ if (!n->track_prewrite(vcpu, gpa, gva, new, bytes, n))
+ ret = false;
+ srcu_read_unlock(&head->track_srcu, idx);
+ return ret;
+}
+
/*
* Notify the node that write access is intercepted and write emulation is
* finished at this time.
*
- * The node should figure out if the written page is the one that node is
- * interested in by itself.
+ * The node should figure out if the written page is the one that the node
+ * is interested in by itself.
*/
void kvm_page_track_write(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
const u8 *new, int bytes)
@@ -253,12 +326,41 @@ void kvm_page_track_write(struct kvm_vcpu *vcpu, gpa_t
gpa, gva_t gva,
srcu_read_unlock(&head->track_srcu, idx);
}
+/*
+ * Notify the node that an instruction is about to be executed.
+ * Returning false doesn't stop the other nodes from being called,
+ * but it will stop the emulation with X86EMUL_RETRY_INSTR.
+ *
+ * The node should figure out if the page is the one that the node
+ * is interested in by itself.
+ */
+bool kvm_page_track_preexec(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva)
+{
+ struct kvm_page_track_notifier_head *head;
+ struct kvm_page_track_notifier_node *n;
+ int idx;
+ bool ret = true;
+
+ head = &vcpu->kvm->arch.track_notifier_head;
+
+ if (hlist_empty(&head->track_notifier_list))
+ return ret;
+
+ idx = srcu_read_lock(&head->track_srcu);
+ hlist_for_each_entry_rcu(n, &head->track_notifier_list, node)
+ if (n->track_preexec)
+ if (!n->track_preexec(vcpu, gpa, gva, n))
+ ret = false;
+ srcu_read_unlock(&head->track_srcu, idx);
+ return ret;
+}
+
/*
* Notify the node that memory slot is being removed or moved so that it can
- * drop write-protection for the pages in the memory slot.
+ * drop active protection for the pages in the memory slot.
*
- * The node should figure out it has any write-protected pages in this slot
- * by itself.
+ * The node should figure out if the page is the one that the node
+ * is interested in by itself.
*/
void kvm_page_track_flush_slot(struct kvm *kvm, struct kvm_memory_slot *slot)
{
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 33/78] KVM: x86: wire in the preread/prewrite/preexec page trackers
From: Mihai Don?u <mdontu at bitdefender.com>
These are needed by the introspection subsystem.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Marian Rotariu <marian.c.rotariu at gmail.com>
Signed-off-by: Marian Rotariu <marian.c.rotariu at gmail.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_emulate.h | 1 +
arch/x86/kvm/emulate.c | 4 +++
arch/x86/kvm/mmu/mmu.c | 57 +++++++++++++++++++++++-------
arch/x86/kvm/x86.c | 42 +++++++++++++++++-----
4 files changed, 83 insertions(+), 21 deletions(-)
diff --git a/arch/x86/include/asm/kvm_emulate.h
b/arch/x86/include/asm/kvm_emulate.h
index 77cf6c11f66b..067b95bd83c6 100644
--- a/arch/x86/include/asm/kvm_emulate.h
+++ b/arch/x86/include/asm/kvm_emulate.h
@@ -447,6 +447,7 @@ bool x86_page_table_writing_insn(struct x86_emulate_ctxt
*ctxt);
#define EMULATION_OK 0
#define EMULATION_RESTART 1
#define EMULATION_INTERCEPTED 2
+#define EMULATION_RETRY_INSTR 3
void init_decode_cache(struct x86_emulate_ctxt *ctxt);
int x86_emulate_insn(struct x86_emulate_ctxt *ctxt);
int emulator_task_switch(struct x86_emulate_ctxt *ctxt,
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 952d1a4f4d7e..2af9bf7e226b 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -5414,6 +5414,8 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void
*insn, int insn_len)
ctxt->memopp->addr.mem.ea + ctxt->_eip);
done:
+ if (rc == X86EMUL_RETRY_INSTR)
+ return EMULATION_RETRY_INSTR;
if (rc == X86EMUL_PROPAGATE_FAULT)
ctxt->have_exception = true;
return (rc != X86EMUL_CONTINUE) ? EMULATION_FAILED : EMULATION_OK;
@@ -5786,6 +5788,8 @@ int x86_emulate_insn(struct x86_emulate_ctxt *ctxt)
if (rc == X86EMUL_INTERCEPTED)
return EMULATION_INTERCEPTED;
+ if (rc == X86EMUL_RETRY_INSTR)
+ return EMULATION_RETRY_INSTR;
if (rc == X86EMUL_CONTINUE)
writeback_registers(ctxt);
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 124e7ca73b48..5f0ddc6b67de 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -1218,9 +1218,13 @@ static void account_shadowed(struct kvm *kvm, struct
kvm_mmu_page *sp)
slot = __gfn_to_memslot(slots, gfn);
/* the non-leaf shadow pages are keeping readonly. */
- if (sp->role.level > PT_PAGE_TABLE_LEVEL)
- return kvm_slot_page_track_add_page(kvm, slot, gfn,
- KVM_PAGE_TRACK_WRITE);
+ if (sp->role.level > PT_PAGE_TABLE_LEVEL) {
+ kvm_slot_page_track_add_page(kvm, slot, gfn,
+ KVM_PAGE_TRACK_PREWRITE);
+ kvm_slot_page_track_add_page(kvm, slot, gfn,
+ KVM_PAGE_TRACK_WRITE);
+ return;
+ }
kvm_mmu_gfn_disallow_lpage(slot, gfn);
}
@@ -1246,9 +1250,13 @@ static void unaccount_shadowed(struct kvm *kvm, struct
kvm_mmu_page *sp)
gfn = sp->gfn;
slots = kvm_memslots_for_spte_role(kvm, sp->role);
slot = __gfn_to_memslot(slots, gfn);
- if (sp->role.level > PT_PAGE_TABLE_LEVEL)
- return kvm_slot_page_track_remove_page(kvm, slot, gfn,
- KVM_PAGE_TRACK_WRITE);
+ if (sp->role.level > PT_PAGE_TABLE_LEVEL) {
+ kvm_slot_page_track_remove_page(kvm, slot, gfn,
+ KVM_PAGE_TRACK_PREWRITE);
+ kvm_slot_page_track_remove_page(kvm, slot, gfn,
+ KVM_PAGE_TRACK_WRITE);
+ return;
+ }
kvm_mmu_gfn_allow_lpage(slot, gfn);
}
@@ -3041,7 +3049,8 @@ static bool mmu_need_write_protect(struct kvm_vcpu *vcpu,
gfn_t gfn,
{
struct kvm_mmu_page *sp;
- if (kvm_page_track_is_active(vcpu, gfn, KVM_PAGE_TRACK_WRITE))
+ if (kvm_page_track_is_active(vcpu, gfn, KVM_PAGE_TRACK_PREWRITE) ||
+ kvm_page_track_is_active(vcpu, gfn, KVM_PAGE_TRACK_WRITE))
return true;
for_each_gfn_indirect_valid_sp(vcpu->kvm, sp, gfn) {
@@ -3398,6 +3407,21 @@ static void disallowed_hugepage_adjust(struct
kvm_shadow_walk_iterator it,
}
}
+static unsigned int kvm_mmu_apply_introspection_access(struct kvm_vcpu *vcpu,
+ gfn_t gfn,
+ unsigned int acc)
+{
+ if (kvm_page_track_is_active(vcpu, gfn, KVM_PAGE_TRACK_PREREAD))
+ acc &= ~ACC_USER_MASK;
+ if (kvm_page_track_is_active(vcpu, gfn, KVM_PAGE_TRACK_PREWRITE) ||
+ kvm_page_track_is_active(vcpu, gfn, KVM_PAGE_TRACK_WRITE))
+ acc &= ~ACC_WRITE_MASK;
+ if (kvm_page_track_is_active(vcpu, gfn, KVM_PAGE_TRACK_PREEXEC))
+ acc &= ~ACC_EXEC_MASK;
+
+ return acc;
+}
+
static int __direct_map(struct kvm_vcpu *vcpu, gpa_t gpa, int write,
int map_writable, int level, kvm_pfn_t pfn,
bool prefault, bool lpage_disallowed)
@@ -3407,6 +3431,7 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t gpa,
int write,
int ret;
gfn_t gfn = gpa >> PAGE_SHIFT;
gfn_t base_gfn = gfn;
+ unsigned int acc;
if (!VALID_PAGE(vcpu->arch.mmu->root_hpa))
return RET_PF_RETRY;
@@ -3434,7 +3459,9 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t gpa,
int write,
}
}
- ret = mmu_set_spte(vcpu, it.sptep, ACC_ALL,
+ acc = kvm_mmu_apply_introspection_access(vcpu, base_gfn, ACC_ALL);
+
+ ret = mmu_set_spte(vcpu, it.sptep, acc,
write, level, base_gfn, pfn, prefault,
map_writable);
direct_pte_prefetch(vcpu, it.sptep);
@@ -4199,15 +4226,21 @@ static bool page_fault_handle_page_track(struct kvm_vcpu
*vcpu,
if (unlikely(error_code & PFERR_RSVD_MASK))
return false;
- if (!(error_code & PFERR_PRESENT_MASK) ||
- !(error_code & PFERR_WRITE_MASK))
+ if (!(error_code & PFERR_PRESENT_MASK))
return false;
/*
- * guest is writing the page which is write tracked which can
+ * guest is reading/writing/fetching the page which is
+ * read/write/execute tracked which can
* not be fixed by page fault handler.
*/
- if (kvm_page_track_is_active(vcpu, gfn, KVM_PAGE_TRACK_WRITE))
+ if (((error_code & PFERR_USER_MASK)
+ && kvm_page_track_is_active(vcpu, gfn, KVM_PAGE_TRACK_PREREAD))
+ || ((error_code & PFERR_WRITE_MASK)
+ && (kvm_page_track_is_active(vcpu, gfn, KVM_PAGE_TRACK_PREWRITE)
+ || kvm_page_track_is_active(vcpu, gfn, KVM_PAGE_TRACK_WRITE)))
+ || ((error_code & PFERR_FETCH_MASK)
+ && kvm_page_track_is_active(vcpu, gfn, KVM_PAGE_TRACK_PREEXEC)))
return true;
return false;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index c73da40791a7..8c6a8d03e41a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5346,6 +5346,8 @@ static int kvm_read_guest_virt_helper(gva_t addr, void
*val, unsigned int bytes,
if (gpa == UNMAPPED_GVA)
return X86EMUL_PROPAGATE_FAULT;
+ if (!kvm_page_track_preread(vcpu, gpa, addr, toread))
+ return X86EMUL_RETRY_INSTR;
ret = kvm_vcpu_read_guest_page(vcpu, gpa >> PAGE_SHIFT, data,
offset, toread);
if (ret < 0) {
@@ -5377,6 +5379,9 @@ static int kvm_fetch_guest_virt(struct x86_emulate_ctxt
*ctxt,
if (unlikely(gpa == UNMAPPED_GVA))
return X86EMUL_PROPAGATE_FAULT;
+ if (!kvm_page_track_preexec(vcpu, gpa, addr))
+ return X86EMUL_RETRY_INSTR;
+
offset = addr & (PAGE_SIZE-1);
if (WARN_ON(offset + bytes > PAGE_SIZE))
bytes = (unsigned)PAGE_SIZE - offset;
@@ -5557,13 +5562,22 @@ static int vcpu_mmio_gva_to_gpa(struct kvm_vcpu *vcpu,
unsigned long gva,
int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
const void *val, int bytes)
{
- int ret;
-
- ret = kvm_vcpu_write_guest(vcpu, gpa, val, bytes);
- if (ret < 0)
- return 0;
+ if (!kvm_page_track_prewrite(vcpu, gpa, gva, val, bytes))
+ return X86EMUL_RETRY_INSTR;
+ if (kvm_vcpu_write_guest(vcpu, gpa, val, bytes) < 0)
+ return X86EMUL_UNHANDLEABLE;
kvm_page_track_write(vcpu, gpa, gva, val, bytes);
- return 1;
+ return X86EMUL_CONTINUE;
+}
+
+static int emulator_read_phys(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ void *val, int bytes)
+{
+ if (!kvm_page_track_preread(vcpu, gpa, gva, bytes))
+ return X86EMUL_RETRY_INSTR;
+ if (kvm_vcpu_read_guest(vcpu, gpa, val, bytes) < 0)
+ return X86EMUL_UNHANDLEABLE;
+ return X86EMUL_CONTINUE;
}
struct read_write_emulator_ops {
@@ -5593,7 +5607,7 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val,
int bytes)
static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
void *val, int bytes)
{
- return !kvm_vcpu_read_guest(vcpu, gpa, val, bytes);
+ return emulator_read_phys(vcpu, gpa, gva, val, bytes);
}
static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
@@ -5668,8 +5682,11 @@ static int emulator_read_write_onepage(unsigned long
addr, void *val,
return X86EMUL_PROPAGATE_FAULT;
}
- if (!ret && ops->read_write_emulate(vcpu, gpa, addr, val, bytes))
- return X86EMUL_CONTINUE;
+ if (!ret) {
+ ret = ops->read_write_emulate(vcpu, gpa, addr, val, bytes);
+ if (ret == X86EMUL_CONTINUE || ret == X86EMUL_RETRY_INSTR)
+ return ret;
+ }
/*
* Is this MMIO handled locally?
@@ -5803,6 +5820,9 @@ static int emulator_cmpxchg_emulated(struct
x86_emulate_ctxt *ctxt,
if (kvm_vcpu_map(vcpu, gpa_to_gfn(gpa), &map))
goto emul_write;
+ if (!kvm_page_track_prewrite(vcpu, gpa, addr, new, bytes))
+ return X86EMUL_RETRY_INSTR;
+
kaddr = map.hva + offset_in_page(gpa);
switch (bytes) {
@@ -6683,6 +6703,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
trace_kvm_emulate_insn_start(vcpu);
++vcpu->stat.insn_emulation;
+ if (r == EMULATION_RETRY_INSTR)
+ return 1;
if (r != EMULATION_OK) {
if ((emulation_type & EMULTYPE_TRAP_UD) ||
(emulation_type & EMULTYPE_TRAP_UD_FORCED)) {
@@ -6740,6 +6762,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
r = x86_emulate_insn(ctxt);
+ if (r == EMULATION_RETRY_INSTR)
+ return 1;
if (r == EMULATION_INTERCEPTED)
return 1;
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 34/78] KVM: x86: intercept the write access on sidt and other emulated instructions
This is needed for the introspection subsystem to track the changes to
descriptor table registers.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/kvm/x86.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 8c6a8d03e41a..6e665341cc80 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5450,11 +5450,14 @@ static int kvm_write_guest_virt_helper(gva_t addr, void
*val, unsigned int bytes
if (gpa == UNMAPPED_GVA)
return X86EMUL_PROPAGATE_FAULT;
+ if (!kvm_page_track_prewrite(vcpu, gpa, addr, data, towrite))
+ return X86EMUL_RETRY_INSTR;
ret = kvm_vcpu_write_guest(vcpu, gpa, data, towrite);
if (ret < 0) {
r = X86EMUL_IO_NEEDED;
goto out;
}
+ kvm_page_track_write(vcpu, gpa, addr, data, towrite);
bytes -= towrite;
data += towrite;
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 35/78] KVM: x86: disable gpa_available optimization for fetch and page-walk NPF/EPT violations
From: Mircea C?rjaliu <mcirjaliu at bitdefender.com>
This change is needed because the introspection tool can write-protect
guest page tables, exec-protect heap/stack pages and let KVM emulate
the instruction that caused these violations.
Signed-off-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/kvm/mmu/mmu.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 5f0ddc6b67de..d28b7425c4f1 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -5636,8 +5636,13 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2,
u64 error_code,
int r, emulation_type = 0;
bool direct = vcpu->arch.mmu->direct_map;
- /* With shadow page tables, fault_address contains a GVA or nGPA. */
- if (vcpu->arch.mmu->direct_map) {
+ /*
+ * With shadow page tables, fault_address contains a GVA or nGPA.
+ * On a fetch fault, fault_address contains the instruction pointer.
+ */
+ if (vcpu->arch.mmu->direct_map &&
+ likely(!(error_code & PFERR_FETCH_MASK)) &&
+ (error_code & PFERR_GUEST_FINAL_MASK)) {
vcpu->arch.gpa_available = true;
vcpu->arch.gpa_val = cr2;
}
From: Mihai Don?u <mdontu at bitdefender.com>
The KVM introspection subsystem provides a facility for applications to
control the execution of other VMs (pause, resume, shutdown), query the
state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the
shadow page tables and receive notifications when events of interest
have taken place (shadow page table level faults, key MSR writes,
hypercalls etc.). Some notifications can be responded to with an action
(like preventing an MSR from being written), others are mere informative
(like breakpoint events which can be used for execution tracing).
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Marian Rotariu <marian.c.rotariu at gmail.com>
Signed-off-by: Marian Rotariu <marian.c.rotariu at gmail.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 140 ++++++++++++++++++++++++++++++
arch/x86/kvm/Kconfig | 9 ++
arch/x86/kvm/Makefile | 2 +
include/linux/kvm_host.h | 2 +
include/linux/kvmi_host.h | 23 +++++
virt/kvm/introspection/kvmi.c | 25 ++++++
virt/kvm/introspection/kvmi_int.h | 7 ++
virt/kvm/kvm_main.c | 13 +++
8 files changed, 221 insertions(+)
create mode 100644 Documentation/virt/kvm/kvmi.rst
create mode 100644 include/linux/kvmi_host.h
create mode 100644 virt/kvm/introspection/kvmi.c
create mode 100644 virt/kvm/introspection/kvmi_int.h
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
new file mode 100644
index 000000000000..af685e837b4b
--- /dev/null
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -0,0 +1,140 @@
+.. SPDX-License-Identifier: GPL-2.0
+
+========================================================+KVMI - The kernel
virtual machine introspection subsystem
+========================================================+
+The KVM introspection subsystem provides a facility for applications running
+on the host or in a separate VM, to control the execution of other VMs
+(pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.),
+alter the page access bits in the shadow page tables (only for the hardware
+backed ones, eg. Intel's EPT) and receive notifications when events of
+interest have taken place (shadow page table level faults, key MSR writes,
+hypercalls etc.). Some notifications can be responded to with an action
+(like preventing an MSR from being written), others are mere informative
+(like breakpoint events which can be used for execution tracing).
+With few exceptions, all events are optional. An application using this
+subsystem will explicitly register for them.
+
+The use case that gave way for the creation of this subsystem is to monitor
+the guest OS and as such the ABI/API is highly influenced by how the guest
+software (kernel, applications) sees the world. For example, some events
+provide information specific for the host CPU architecture
+(eg. MSR_IA32_SYSENTER_EIP) merely because its leveraged by guest software
+to implement a critical feature (fast system calls).
+
+At the moment, the target audience for KVMI are security software authors
+that wish to perform forensics on newly discovered threats (exploits) or
+to implement another layer of security like preventing a large set of
+kernel rootkits simply by "locking" the kernel image in the shadow
page
+tables (ie. enforce .text r-x, .rodata rw- etc.). It's the latter case that
+made KVMI a separate subsystem, even though many of these features are
+available in the device manager (eg. QEMU). The ability to build a security
+application that does not interfere (in terms of performance) with the
+guest software asks for a specialized interface that is designed for minimum
+overhead.
+
+API/ABI
+======+
+This chapter describes the VMI interface used to monitor and control local
+guests from a user application.
+
+Overview
+--------
+
+The interface is socket based, one connection for every VM. One end is in the
+host kernel while the other is held by the user application (introspection
+tool).
+
+The initial connection is established by an application running on the host
+(eg. QEMU) that connects to the introspection tool and after a handshake the
+socket is passed to the host kernel making all further communication take
+place between it and the introspection tool. The initiating party (QEMU) can
+close its end so that any potential exploits cannot take a hold of it.
+
+The socket protocol allows for commands and events to be multiplexed over
+the same connection. As such, it is possible for the introspection tool to
+receive an event while waiting for the result of a command. Also, it can
+send a command while the host kernel is waiting for a reply to an event.
+
+The kernel side of the socket communication is blocking and will wait for
+an answer from its peer indefinitely or until the guest is powered off
+(killed), restarted or the peer goes away. Obviously, whether the guest
+can really continue normal execution depends on whether the introspection
+tool has made any modifications that require an active KVMI channel.
+
+Handshake
+---------
+
+Although this falls out of the scope of the introspection subsystem, below
+is a proposal of a handshake that can be used by implementors.
+
+Based on the system administration policies, the management tool
+(eg. libvirt) starts device managers (eg. QEMU) with some extra arguments:
+what introspection tool could monitor/control that specific guest (and
+how to connect to) and what introspection commands/events are allowed.
+
+The device manager will connect to the introspection tool and wait for a
+cryptographic hash of a cookie that should be known by both peers. If the
+hash is correct (the destination has been "authenticated"), the
device
+manager will send another cryptographic hash and random salt. The peer
+recomputes the hash of the cookie bytes including the salt and if they match,
+the device manager has been "authenticated" too. This is a rather
crude
+system that makes it difficult for device manager exploits to trick the
+introspection tool into believing its working OK.
+
+The cookie would normally be generated by a management tool (eg. libvirt)
+and make it available to the device manager and to a properly authenticated
+client. It is the job of a third party to retrieve the cookie from the
+management application and pass it over a secure channel to the introspection
+tool.
+
+Once the basic "authentication" has taken place, the introspection
tool
+can receive information on the guest (its UUID) and other flags (endianness
+or features supported by the host kernel).
+
+In the end, the device manager will pass the file handle (plus the allowed
+commands/events) to KVM, and forget about it. It will be notified by
+KVM when the introspection tool closes the file handle (in case of
+errors), and should reinitiate the handshake.
+
+Unhooking
+---------
+
+During a VMI session it is possible for the guest to be patched and for
+some of these patches to "talk" with the introspection tool. It thus
+becomes necessary to remove them before the guest is suspended, moved
+(migrated) or a snapshot with memory is created.
+
+The actions are normally performed by the device manager. In the case
+of QEMU, it will use another ioctl to notify the introspection tool and
+wait for a limited amount of time (a few seconds) for a confirmationthat
+is OK to proceed.
+
+Live migrations
+---------------
+
+Before the live migration takes place, the introspection tool has to be
+notified and have a chance to unhook (see **Unhooking**).
+
+The QEMU instance on the receiving end, if configured for KVMI, will need to
+establish a connection to the introspection tool after the migration has
+completed.
+
+Obviously, this creates a window in which the guest is not
+introspected. The user will need to be aware of this detail.
+Future introspection technologies can choose not to disconnect and instead
+transfer the necessary context to the introspection tool at the migration
+destination via a separate channel.
+
+Memory access safety
+--------------------
+
+The KVMI API gives access to the entire guest physical address space but
+provides no information on which parts of it are system RAM and which are
+device-specific memory (DMA, emulated MMIO, reserved by a passthrough
+device etc.). It is up to the user to determine, using the guest operating
+system data structures, the areas that are safe to access (code, stack, heap
+etc.).
+
diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
index 840e12583b85..78b3580b5601 100644
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@@ -96,6 +96,15 @@ config KVM_MMU_AUDIT
This option adds a R/W kVM module parameter 'mmu_audit', which allows
auditing of KVM MMU events at runtime.
+config KVM_INTROSPECTION
+ bool "KVM Introspection"
+ depends on KVM && (KVM_INTEL || KVM_AMD)
+ default n
+ help
+ Provides the introspection interface, which allows the control
+ of any running VM. It must be explicitly enabled by setting
+ the module parameter 'kvm.introspection'.
+
# OK, it's a little counter-intuitive to do this, but it puts it neatly
under
# the virtualization menu.
source "drivers/vhost/Kconfig"
diff --git a/arch/x86/kvm/Makefile b/arch/x86/kvm/Makefile
index b19ef421084d..53b3579c2900 100644
--- a/arch/x86/kvm/Makefile
+++ b/arch/x86/kvm/Makefile
@@ -3,10 +3,12 @@
ccflags-y += -Iarch/x86/kvm
KVM := ../../../virt/kvm
+KVMI := $(KVM)/introspection
kvm-y += $(KVM)/kvm_main.o $(KVM)/coalesced_mmio.o \
$(KVM)/eventfd.o $(KVM)/irqchip.o $(KVM)/vfio.o
kvm-$(CONFIG_KVM_ASYNC_PF) += $(KVM)/async_pf.o
+kvm-$(CONFIG_KVM_INTROSPECTION) += $(KVMI)/kvmi.o
kvm-y += x86.o emulate.o i8259.o irq.o lapic.o \
i8254.o ioapic.o irq_comm.o cpuid.o pmu.o mtrr.o \
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index d3bc4351344f..862dc45f971f 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -35,6 +35,8 @@
#include <asm/kvm_host.h>
+#include <linux/kvmi_host.h>
+
#ifndef KVM_MAX_VCPU_ID
#define KVM_MAX_VCPU_ID KVM_MAX_VCPUS
#endif
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
new file mode 100644
index 000000000000..8cd613fdd4f2
--- /dev/null
+++ b/include/linux/kvmi_host.h
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef __KVMI_HOST_H
+#define __KVMI_HOST_H
+
+struct kvm;
+
+#ifdef CONFIG_KVM_INTROSPECTION
+
+int kvmi_init(void);
+void kvmi_uninit(void);
+void kvmi_create_vm(struct kvm *kvm);
+void kvmi_destroy_vm(struct kvm *kvm);
+
+#else
+
+static inline int kvmi_init(void) { return 0; }
+static inline void kvmi_uninit(void) { }
+static inline void kvmi_create_vm(struct kvm *kvm) { }
+static inline void kvmi_destroy_vm(struct kvm *kvm) { }
+
+#endif /* CONFIG_KVM_INTROSPECTION */
+
+#endif
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
new file mode 100644
index 000000000000..c74ddb8075cd
--- /dev/null
+++ b/virt/kvm/introspection/kvmi.c
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * KVM introspection
+ *
+ * Copyright (C) 2017-2020 Bitdefender S.R.L.
+ *
+ */
+#include "kvmi_int.h"
+
+int kvmi_init(void)
+{
+ return 0;
+}
+
+void kvmi_uninit(void)
+{
+}
+
+void kvmi_create_vm(struct kvm *kvm)
+{
+}
+
+void kvmi_destroy_vm(struct kvm *kvm)
+{
+}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
new file mode 100644
index 000000000000..34af926f9838
--- /dev/null
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -0,0 +1,7 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __KVMI_INT_H__
+#define __KVMI_INT_H__
+
+#include <linux/kvm_host.h>
+
+#endif
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 20ffc86fd8d1..d33065665e22 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -90,6 +90,9 @@ unsigned int halt_poll_ns_shrink;
module_param(halt_poll_ns_shrink, uint, 0644);
EXPORT_SYMBOL_GPL(halt_poll_ns_shrink);
+static bool enable_introspection;
+module_param_named(introspection, enable_introspection, bool, 0644);
+
/*
* Ordering of locks:
*
@@ -739,6 +742,9 @@ static struct kvm *kvm_create_vm(unsigned long type)
if (r)
goto out_err;
+ if (enable_introspection)
+ kvmi_create_vm(kvm);
+
mutex_lock(&kvm_lock);
list_add(&kvm->vm_list, &vm_list);
mutex_unlock(&kvm_lock);
@@ -791,6 +797,7 @@ static void kvm_destroy_vm(struct kvm *kvm)
int i;
struct mm_struct *mm = kvm->mm;
+ kvmi_destroy_vm(kvm);
kvm_uevent_notify_change(KVM_EVENT_DESTROY_VM, kvm);
kvm_destroy_vm_debugfs(kvm);
kvm_arch_sync_events(kvm);
@@ -4439,6 +4446,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned
vcpu_align,
r = kvm_vfio_ops_init();
WARN_ON(r);
+ if (enable_introspection) {
+ r = kvmi_init();
+ WARN_ON(r);
+ }
+
return 0;
out_unreg:
@@ -4463,6 +4475,7 @@ EXPORT_SYMBOL_GPL(kvm_init);
void kvm_exit(void)
{
+ kvmi_uninit();
debugfs_remove_recursive(kvm_debugfs_dir);
misc_deregister(&kvm_dev);
kmem_cache_destroy(kvm_vcpu_cache);
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 37/78] KVM: introspection: add hook/unhook ioctls
On hook, a new thread is created to handle the messages coming from the
introspection tool (commands or event replies).
Co-developed-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com>
Signed-off-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/api.txt | 42 +++++
arch/x86/include/asm/kvmi_host.h | 8 +
arch/x86/kvm/Makefile | 2 +-
arch/x86/kvm/x86.c | 5 +
include/linux/kvm_host.h | 2 +
include/linux/kvmi_host.h | 17 ++
include/uapi/linux/kvm.h | 10 ++
include/uapi/linux/kvmi.h | 13 ++
tools/testing/selftests/kvm/Makefile | 1 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 78 +++++++++
virt/kvm/introspection/kvmi.c | 148 ++++++++++++++++++
virt/kvm/introspection/kvmi_int.h | 20 +++
virt/kvm/introspection/kvmi_msg.c | 39 +++++
virt/kvm/kvm_main.c | 11 ++
14 files changed, 395 insertions(+), 1 deletion(-)
create mode 100644 arch/x86/include/asm/kvmi_host.h
create mode 100644 include/uapi/linux/kvmi.h
create mode 100644 tools/testing/selftests/kvm/x86_64/kvmi_test.c
create mode 100644 virt/kvm/introspection/kvmi_msg.c
diff --git a/Documentation/virt/kvm/api.txt b/Documentation/virt/kvm/api.txt
index ebb37b34dcfc..540d9015d726 100644
--- a/Documentation/virt/kvm/api.txt
+++ b/Documentation/virt/kvm/api.txt
@@ -4168,6 +4168,48 @@ This ioctl issues an ultravisor call to terminate the
secure guest,
unpins the VPA pages and releases all the device pages that are used to
track the secure pages by hypervisor.
+4.122 KVM_INTROSPECTION_HOOK
+
+Capability: KVM_CAP_INTROSPECTION
+Architectures: x86
+Type: vm ioctl
+Parameters: struct kvm_introspection (in)
+Returns: 0 on success, a negative value on error
+Errors:
+ ENOMEM: memory allocation failed
+ EEXIST: the VM is already introspected
+ EINVAL: the file descriptor doesn't correspond to an active socket
+ padding is not zero
+ EPERM: the introspection is disabled (kvm.introspection=0)
+
+This ioctl is used to enable the introspection of the current VM.
+
+struct kvm_introspection {
+ __s32 fd;
+ __u32 padding;
+ __u8 uuid[16];
+};
+
+fd is the file descriptor of a socket connected to the introspection tool,
+
+padding must be zero (it might be used in the future),
+
+uuid is used for debug and error messages.
+
+The KVMI version can be retrieved using the KVM_CAP_INTROSPECTION of
+the KVM_CHECK_EXTENSION ioctl() at run-time.
+
+4.123 KVM_INTROSPECTION_UNHOOK
+
+Capability: KVM_CAP_INTROSPECTION
+Architectures: x86
+Type: vm ioctl
+Parameters: none
+Returns: 0 on success, a negative value on error
+
+This ioctl is used to free all introspection structures
+related to this VM.
+
5. The kvm_run structure
------------------------
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
new file mode 100644
index 000000000000..38c398262913
--- /dev/null
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -0,0 +1,8 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_X86_KVMI_HOST_H
+#define _ASM_X86_KVMI_HOST_H
+
+struct kvm_arch_introspection {
+};
+
+#endif /* _ASM_X86_KVMI_HOST_H */
diff --git a/arch/x86/kvm/Makefile b/arch/x86/kvm/Makefile
index 53b3579c2900..c46ec49dfeb9 100644
--- a/arch/x86/kvm/Makefile
+++ b/arch/x86/kvm/Makefile
@@ -8,7 +8,7 @@ KVMI := $(KVM)/introspection
kvm-y += $(KVM)/kvm_main.o $(KVM)/coalesced_mmio.o \
$(KVM)/eventfd.o $(KVM)/irqchip.o $(KVM)/vfio.o
kvm-$(CONFIG_KVM_ASYNC_PF) += $(KVM)/async_pf.o
-kvm-$(CONFIG_KVM_INTROSPECTION) += $(KVMI)/kvmi.o
+kvm-$(CONFIG_KVM_INTROSPECTION) += $(KVMI)/kvmi.o $(KVMI)/kvmi_msg.o
kvm-y += x86.o emulate.o i8259.o irq.o lapic.o \
i8254.o ioapic.o irq_comm.o cpuid.o pmu.o mtrr.o \
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 6e665341cc80..46aeb32cb07f 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3335,6 +3335,11 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long
ext)
case KVM_CAP_HYPERV_ENLIGHTENED_VMCS:
r = kvm_x86_ops->nested_enable_evmcs != NULL;
break;
+#ifdef CONFIG_KVM_INTROSPECTION
+ case KVM_CAP_INTROSPECTION:
+ r = KVMI_VERSION;
+ break;
+#endif
default:
break;
}
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 862dc45f971f..0104cb2c8ee0 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -503,6 +503,8 @@ struct kvm {
struct srcu_struct srcu;
struct srcu_struct irq_srcu;
pid_t userspace_pid;
+ struct mutex kvmi_lock;
+ struct kvm_introspection *kvmi;
};
#define kvm_err(fmt, ...) \
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 8cd613fdd4f2..c8b9c87ecff2 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -2,8 +2,22 @@
#ifndef __KVMI_HOST_H
#define __KVMI_HOST_H
+#include <uapi/linux/kvmi.h>
+
struct kvm;
+#include <asm/kvmi_host.h>
+
+struct kvm_introspection {
+ struct kvm_arch_introspection arch;
+ struct kvm *kvm;
+
+ uuid_t uuid;
+
+ struct socket *sock;
+ struct task_struct *recv;
+};
+
#ifdef CONFIG_KVM_INTROSPECTION
int kvmi_init(void);
@@ -11,6 +25,9 @@ void kvmi_uninit(void);
void kvmi_create_vm(struct kvm *kvm);
void kvmi_destroy_vm(struct kvm *kvm);
+int kvmi_ioctl_hook(struct kvm *kvm, void __user *argp);
+int kvmi_ioctl_unhook(struct kvm *kvm);
+
#else
static inline int kvmi_init(void) { return 0; }
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index f0a16b4adbbd..09132d8dd3e5 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -1009,6 +1009,7 @@ struct kvm_ppc_resize_hpt {
#define KVM_CAP_PPC_GUEST_DEBUG_SSTEP 176
#define KVM_CAP_ARM_NISV_TO_USER 177
#define KVM_CAP_ARM_INJECT_EXT_DABT 178
+#define KVM_CAP_INTROSPECTION 179
#ifdef KVM_CAP_IRQ_ROUTING
@@ -1553,6 +1554,15 @@ struct kvm_sev_dbg {
__u32 len;
};
+struct kvm_introspection_hook {
+ __s32 fd;
+ __u32 padding;
+ __u8 uuid[16];
+};
+
+#define KVM_INTROSPECTION_HOOK _IOW(KVMIO, 0xc3, struct
kvm_introspection_hook)
+#define KVM_INTROSPECTION_UNHOOK _IO(KVMIO, 0xc4)
+
#define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
#define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
new file mode 100644
index 000000000000..34dda91016db
--- /dev/null
+++ b/include/uapi/linux/kvmi.h
@@ -0,0 +1,13 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _UAPI__LINUX_KVMI_H
+#define _UAPI__LINUX_KVMI_H
+
+/*
+ * KVMI structures and definitions
+ */
+
+enum {
+ KVMI_VERSION = 0x00000001
+};
+
+#endif /* _UAPI__LINUX_KVMI_H */
diff --git a/tools/testing/selftests/kvm/Makefile
b/tools/testing/selftests/kvm/Makefile
index 3138a916574a..c3b7c1217a6e 100644
--- a/tools/testing/selftests/kvm/Makefile
+++ b/tools/testing/selftests/kvm/Makefile
@@ -15,6 +15,7 @@ LIBKVM_s390x = lib/s390x/processor.c lib/s390x/ucall.c
TEST_GEN_PROGS_x86_64 = x86_64/cr4_cpuid_sync_test
TEST_GEN_PROGS_x86_64 += x86_64/evmcs_test
TEST_GEN_PROGS_x86_64 += x86_64/hyperv_cpuid
+TEST_GEN_PROGS_x86_64 += x86_64/kvmi_test
TEST_GEN_PROGS_x86_64 += x86_64/mmio_warning_test
TEST_GEN_PROGS_x86_64 += x86_64/platform_info_test
TEST_GEN_PROGS_x86_64 += x86_64/set_sregs_test
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
new file mode 100644
index 000000000000..cd8744ec6939
--- /dev/null
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -0,0 +1,78 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * KVM introspection tests
+ *
+ * Copyright (C) 2020, Bitdefender S.R.L.
+ */
+
+#define _GNU_SOURCE /* for program_invocation_short_name */
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include "test_util.h"
+
+#include "kvm_util.h"
+#include "processor.h"
+#include "../lib/kvm_util_internal.h"
+
+#define VCPU_ID 5
+
+static int socket_pair[2];
+#define Kvm_socket socket_pair[0]
+#define Userspace_socket socket_pair[1]
+
+void setup_socket(void)
+{
+ int r;
+
+ r = socketpair(AF_UNIX, SOCK_STREAM, 0, socket_pair);
+ TEST_ASSERT(r == 0,
+ "socketpair() failed, errno %d (%s)\n",
+ errno, strerror(errno));
+}
+
+static void hook_introspection(struct kvm_vm *vm)
+{
+ struct kvm_introspection_hook hook = {.fd = Kvm_socket};
+ int r;
+
+ r = ioctl(vm->fd, KVM_INTROSPECTION_HOOK, &hook);
+ TEST_ASSERT(r == 0,
+ "KVM_INTROSPECTION_HOOK failed, errno %d (%s)\n",
+ errno, strerror(errno));
+}
+
+static void unhook_introspection(struct kvm_vm *vm)
+{
+ int r;
+
+ r = ioctl(vm->fd, KVM_INTROSPECTION_UNHOOK, NULL);
+ TEST_ASSERT(r == 0,
+ "KVM_INTROSPECTION_UNHOOK failed, errno %d (%s)\n",
+ errno, strerror(errno));
+}
+
+static void test_introspection(struct kvm_vm *vm)
+{
+ setup_socket();
+ hook_introspection(vm);
+ unhook_introspection(vm);
+}
+
+int main(int argc, char *argv[])
+{
+ struct kvm_vm *vm;
+
+ if (!kvm_check_cap(KVM_CAP_INTROSPECTION)) {
+ fprintf(stderr,
+ "KVM_CAP_INTROSPECTION not available, skipping tests\n");
+ exit(KSFT_SKIP);
+ }
+
+ vm = vm_create_default(VCPU_ID, 0, NULL);
+ vcpu_set_cpuid(vm, VCPU_ID, kvm_get_supported_cpuid());
+
+ test_introspection(vm);
+
+ return 0;
+}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index c74ddb8075cd..7a009480517a 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -6,6 +6,7 @@
*
*/
#include "kvmi_int.h"
+#include <linux/kthread.h>
int kvmi_init(void)
{
@@ -16,10 +17,157 @@ void kvmi_uninit(void)
{
}
+static void free_kvmi(struct kvm *kvm)
+{
+ kfree(kvm->kvmi);
+ kvm->kvmi = NULL;
+}
+
+static struct kvm_introspection *
+alloc_kvmi(struct kvm *kvm, const struct kvm_introspection_hook *hook)
+{
+ struct kvm_introspection *kvmi;
+
+ kvmi = kzalloc(sizeof(*kvmi), GFP_KERNEL);
+ if (!kvmi)
+ return NULL;
+
+ BUILD_BUG_ON(sizeof(hook->uuid) != sizeof(kvmi->uuid));
+ memcpy(&kvmi->uuid, &hook->uuid, sizeof(kvmi->uuid));
+
+ kvmi->kvm = kvm;
+
+ return kvmi;
+}
+
+static void kvmi_destroy(struct kvm_introspection *kvmi)
+{
+ struct kvm *kvm = kvmi->kvm;
+
+ free_kvmi(kvm);
+}
+
+static void kvmi_stop_recv_thread(struct kvm_introspection *kvmi)
+{
+ kvmi_sock_shutdown(kvmi);
+}
+
+static void __kvmi_unhook(struct kvm *kvm)
+{
+ struct kvm_introspection *kvmi = KVMI(kvm);
+
+ kvmi_sock_put(kvmi);
+}
+
+static void kvmi_unhook(struct kvm *kvm)
+{
+ struct kvm_introspection *kvmi;
+
+ mutex_lock(&kvm->kvmi_lock);
+
+ kvmi = KVMI(kvm);
+ if (kvmi) {
+ kvmi_stop_recv_thread(kvmi);
+ __kvmi_unhook(kvm);
+ kvmi_destroy(kvmi);
+ }
+
+ mutex_unlock(&kvm->kvmi_lock);
+}
+
+int kvmi_ioctl_unhook(struct kvm *kvm)
+{
+ kvmi_unhook(kvm);
+ return 0;
+}
+
+static int __kvmi_hook(struct kvm *kvm,
+ const struct kvm_introspection_hook *hook)
+{
+ struct kvm_introspection *kvmi = KVMI(kvm);
+
+ if (!kvmi_sock_get(kvmi, hook->fd))
+ return -EINVAL;
+
+ return 0;
+}
+
+static int kvmi_recv_thread(void *arg)
+{
+ struct kvm_introspection *kvmi = arg;
+
+ while (kvmi_msg_process(kvmi))
+ ;
+
+ /*
+ * Signal userspace (which might wait for POLLHUP only)
+ * and prevent the vCPUs from sending other events.
+ */
+ kvmi_sock_shutdown(kvmi);
+
+ return 0;
+}
+
+int kvmi_hook(struct kvm *kvm, const struct kvm_introspection_hook *hook)
+{
+ struct kvm_introspection *kvmi;
+ int err = 0;
+
+ mutex_lock(&kvm->kvmi_lock);
+
+ if (kvm->kvmi) {
+ err = -EEXIST;
+ goto out;
+ }
+
+ kvmi = alloc_kvmi(kvm, hook);
+ if (!kvmi) {
+ err = -ENOMEM;
+ goto out;
+ }
+
+ kvm->kvmi = kvmi;
+
+ err = __kvmi_hook(kvm, hook);
+ if (err)
+ goto destroy;
+
+ kvmi->recv = kthread_run(kvmi_recv_thread, kvmi, "kvmi-recv");
+ if (IS_ERR(kvmi->recv)) {
+ err = -ENOMEM;
+ goto unhook;
+ }
+
+ goto out;
+
+unhook:
+ __kvmi_unhook(kvm);
+destroy:
+ kvmi_destroy(kvmi);
+out:
+ mutex_unlock(&kvm->kvmi_lock);
+ return err;
+}
+
+int kvmi_ioctl_hook(struct kvm *kvm, void __user *argp)
+{
+ struct kvm_introspection_hook i;
+
+ if (copy_from_user(&i, argp, sizeof(i)))
+ return -EFAULT;
+
+ if (i.padding)
+ return -EINVAL;
+
+ return kvmi_hook(kvm, &i);
+}
+
void kvmi_create_vm(struct kvm *kvm)
{
+ mutex_init(&kvm->kvmi_lock);
}
void kvmi_destroy_vm(struct kvm *kvm)
{
+ kvmi_unhook(kvm);
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 34af926f9838..01451d573788 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -4,4 +4,24 @@
#include <linux/kvm_host.h>
+#define kvmi_warn(kvmi, fmt, ...) \
+ kvm_info("%pU WARNING: " fmt, &kvmi->uuid, ## __VA_ARGS__)
+#define kvmi_warn_once(kvmi, fmt, ...) ({ \
+ static bool __section(.data.once) __warned; \
+ if (!__warned) { \
+ __warned = true; \
+ kvmi_warn(kvmi, fmt, ## __VA_ARGS__); \
+ } \
+ })
+#define kvmi_err(kvmi, fmt, ...) \
+ kvm_info("%pU ERROR: " fmt, &kvmi->uuid, ## __VA_ARGS__)
+
+#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
+
+/* kvmi_msg.c */
+bool kvmi_sock_get(struct kvm_introspection *kvmi, int fd);
+void kvmi_sock_shutdown(struct kvm_introspection *kvmi);
+void kvmi_sock_put(struct kvm_introspection *kvmi);
+bool kvmi_msg_process(struct kvm_introspection *kvmi);
+
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
new file mode 100644
index 000000000000..f9e66274fb43
--- /dev/null
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * KVM introspection (message handling)
+ *
+ * Copyright (C) 2017-2020 Bitdefender S.R.L.
+ *
+ */
+#include <linux/net.h>
+#include "kvmi_int.h"
+
+bool kvmi_sock_get(struct kvm_introspection *kvmi, int fd)
+{
+ struct socket *sock;
+ int r;
+
+ sock = sockfd_lookup(fd, &r);
+ if (!sock)
+ return false;
+
+ kvmi->sock = sock;
+
+ return true;
+}
+
+void kvmi_sock_put(struct kvm_introspection *kvmi)
+{
+ if (kvmi->sock)
+ sockfd_put(kvmi->sock);
+}
+
+void kvmi_sock_shutdown(struct kvm_introspection *kvmi)
+{
+ kernel_sock_shutdown(kvmi->sock, SHUT_RDWR);
+}
+
+bool kvmi_msg_process(struct kvm_introspection *kvmi)
+{
+ return false;
+}
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index d33065665e22..77bab9ba918b 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -3495,6 +3495,17 @@ static long kvm_vm_ioctl(struct file *filp,
case KVM_CHECK_EXTENSION:
r = kvm_vm_ioctl_check_extension_generic(kvm, arg);
break;
+#ifdef CONFIG_KVM_INTROSPECTION
+ case KVM_INTROSPECTION_HOOK:
+ if (enable_introspection)
+ r = kvmi_ioctl_hook(kvm, argp);
+ else
+ r = -EPERM;
+ break;
+ case KVM_INTROSPECTION_UNHOOK:
+ r = kvmi_ioctl_unhook(kvm);
+ break;
+#endif /* CONFIG_KVM_INTROSPECTION */
default:
r = kvm_arch_vm_ioctl(filp, ioctl, arg);
}
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 38/78] KVM: introspection: add permission access ioctls
KVM_INTROSPECTION_COMMAND and KVM_INTROSPECTION_EVENTS ioctls should be
used by userspace to allow access for specific (or all) introspection
commands and events.
By default, all the introspection events and almost all the introspection
commands are disallowed. Some commands are always allowed, those querying
the introspection capabilities.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/api.txt | 50 ++++++++++
include/linux/kvmi_host.h | 7 ++
include/uapi/linux/kvm.h | 8 ++
include/uapi/linux/kvmi.h | 8 ++
.../testing/selftests/kvm/x86_64/kvmi_test.c | 28 ++++++
virt/kvm/introspection/kvmi.c | 92 +++++++++++++++++++
virt/kvm/introspection/kvmi_int.h | 4 +
virt/kvm/kvm_main.c | 6 ++
8 files changed, 203 insertions(+)
diff --git a/Documentation/virt/kvm/api.txt b/Documentation/virt/kvm/api.txt
index 540d9015d726..c1da0a67d7af 100644
--- a/Documentation/virt/kvm/api.txt
+++ b/Documentation/virt/kvm/api.txt
@@ -4210,6 +4210,56 @@ Returns: 0 on success, a negative value on error
This ioctl is used to free all introspection structures
related to this VM.
+4.124 KVM_INTROSPECTION_COMMAND
+
+Capability: KVM_CAP_INTROSPECTION
+Architectures: x86
+Type: vm ioctl
+Parameters: struct kvm_introspection_feature (in)
+Returns: 0 on success, a negative value on error
+Errors:
+ EINVAL: the command is unknown
+ EPERM: the command can't be disallowed (e.g. KVMI_GET_VERSION)
+
+This ioctl is used to allow or disallow introspection commands
+for the current VM. By default, almost all commands are disallowed
+except for those used to query the API.
+
+struct kvm_introspection_feature {
+ __u32 allow;
+ __s32 id;
+};
+
+If allow is 1, the command specified by id is allowed. If allow is 0,
+the command is disallowed.
+
+Unless set to -1 (meaning all commands), id must be a command ID
+(e.g. KVMI_GET_VERSION)
+
+4.125 KVM_INTROSPECTION_EVENT
+
+Capability: KVM_CAP_INTROSPECTION
+Architectures: x86
+Type: vm ioctl
+Parameters: struct kvm_introspection_feature (in)
+Returns: 0 on success, a negative value on error
+Errors:
+ EINVAL: the event is unknown
+
+This ioctl is used to allow or disallow introspection events
+for the current VM. By default, all events are disallowed.
+
+struct kvm_introspection_feature {
+ __u32 allow;
+ __s32 id;
+};
+
+If allow is 1, the event specified by id is allowed. If allow is 0,
+the event is disallowed.
+
+Unless set to -1 (meaning all event), id must be a event ID
+(e.g. KVMI_EVENT_UNHOOK, KVMI_EVENT_CR, etc.)
+
5. The kvm_run structure
------------------------
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index c8b9c87ecff2..4e77a0227c08 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -8,6 +8,8 @@ struct kvm;
#include <asm/kvmi_host.h>
+#define KVMI_NUM_COMMANDS KVMI_NUM_MESSAGES
+
struct kvm_introspection {
struct kvm_arch_introspection arch;
struct kvm *kvm;
@@ -16,6 +18,9 @@ struct kvm_introspection {
struct socket *sock;
struct task_struct *recv;
+
+ DECLARE_BITMAP(cmd_allow_mask, KVMI_NUM_COMMANDS);
+ DECLARE_BITMAP(event_allow_mask, KVMI_NUM_EVENTS);
};
#ifdef CONFIG_KVM_INTROSPECTION
@@ -27,6 +32,8 @@ void kvmi_destroy_vm(struct kvm *kvm);
int kvmi_ioctl_hook(struct kvm *kvm, void __user *argp);
int kvmi_ioctl_unhook(struct kvm *kvm);
+int kvmi_ioctl_command(struct kvm *kvm, void __user *argp);
+int kvmi_ioctl_event(struct kvm *kvm, void __user *argp);
#else
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 09132d8dd3e5..e2de987b5d8f 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -1563,6 +1563,14 @@ struct kvm_introspection_hook {
#define KVM_INTROSPECTION_HOOK _IOW(KVMIO, 0xc3, struct
kvm_introspection_hook)
#define KVM_INTROSPECTION_UNHOOK _IO(KVMIO, 0xc4)
+struct kvm_introspection_feature {
+ __u32 allow;
+ __s32 id;
+};
+
+#define KVM_INTROSPECTION_COMMAND _IOW(KVMIO, 0xc5, struct
kvm_introspection_feature)
+#define KVM_INTROSPECTION_EVENT _IOW(KVMIO, 0xc6, struct
kvm_introspection_feature)
+
#define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
#define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 34dda91016db..d7b18ffef4fa 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -10,4 +10,12 @@ enum {
KVMI_VERSION = 0x00000001
};
+enum {
+ KVMI_NUM_MESSAGES
+};
+
+enum {
+ KVMI_NUM_EVENTS
+};
+
#endif /* _UAPI__LINUX_KVMI_H */
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index cd8744ec6939..ea411611e296 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -31,15 +31,43 @@ void setup_socket(void)
errno, strerror(errno));
}
+static void toggle_event_permission(struct kvm_vm *vm, __s32 id, bool allow)
+{
+ struct kvm_introspection_feature feat = {
+ .allow = allow ? 1 : 0,
+ .id = id
+ };
+ int r;
+
+ r = ioctl(vm->fd, KVM_INTROSPECTION_EVENT, &feat);
+ TEST_ASSERT(r == 0,
+ "KVM_INTROSPECTION_EVENT failed, id %d, errno %d (%s)\n",
+ id, errno, strerror(errno));
+}
+
+static void allow_event(struct kvm_vm *vm, __s32 event_id)
+{
+ toggle_event_permission(vm, event_id, true);
+}
+
static void hook_introspection(struct kvm_vm *vm)
{
+ __s32 all_IDs = -1;
struct kvm_introspection_hook hook = {.fd = Kvm_socket};
+ struct kvm_introspection_feature feat = {.allow = 1, .id = all_IDs};
int r;
r = ioctl(vm->fd, KVM_INTROSPECTION_HOOK, &hook);
TEST_ASSERT(r == 0,
"KVM_INTROSPECTION_HOOK failed, errno %d (%s)\n",
errno, strerror(errno));
+
+ r = ioctl(vm->fd, KVM_INTROSPECTION_COMMAND, &feat);
+ TEST_ASSERT(r == 0,
+ "KVM_INTROSPECTION_COMMAND failed, errno %d (%s)\n",
+ errno, strerror(errno));
+
+ allow_event(vm, all_IDs);
}
static void unhook_introspection(struct kvm_vm *vm)
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 7a009480517a..791d2536415e 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -171,3 +171,95 @@ void kvmi_destroy_vm(struct kvm *kvm)
{
kvmi_unhook(kvm);
}
+
+static int kvmi_ioctl_get_feature(void __user *argp, bool *allow, int *id,
+ unsigned long *bitmask)
+{
+ struct kvm_introspection_feature feat;
+ int all_bits = -1;
+
+ if (copy_from_user(&feat, argp, sizeof(feat)))
+ return -EFAULT;
+
+ if (feat.id < 0 && feat.id != all_bits)
+ return -EINVAL;
+
+ *allow = !!(feat.allow & 1);
+ *id = feat.id;
+ *bitmask = *id == all_bits ? -1 : BIT(feat.id);
+
+ return 0;
+}
+
+static int kvmi_ioctl_feature(struct kvm *kvm,
+ bool allow, unsigned long *requested,
+ size_t off_dest, unsigned int nbits)
+{
+ struct kvm_introspection *kvmi;
+ unsigned long *dest;
+ int err = 0;
+
+ mutex_lock(&kvm->kvmi_lock);
+
+ kvmi = KVMI(kvm);
+ if (!kvmi) {
+ err = -EFAULT;
+ goto out;
+ }
+
+ dest = (unsigned long *)((char *)kvmi + off_dest);
+
+ if (allow)
+ bitmap_or(dest, dest, requested, nbits);
+ else
+ bitmap_andnot(dest, dest, requested, nbits);
+
+out:
+ mutex_unlock(&kvm->kvmi_lock);
+
+ return err;
+}
+
+int kvmi_ioctl_event(struct kvm *kvm, void __user *argp)
+{
+ DECLARE_BITMAP(requested, KVMI_NUM_EVENTS);
+ DECLARE_BITMAP(known, KVMI_NUM_EVENTS);
+ size_t off_bitmap;
+ bool allow;
+ int err;
+ int id;
+
+ err = kvmi_ioctl_get_feature(argp, &allow, &id, requested);
+ if (err)
+ return err;
+
+ bitmap_from_u64(known, KVMI_KNOWN_EVENTS);
+ bitmap_and(requested, requested, known, KVMI_NUM_EVENTS);
+
+ off_bitmap = offsetof(struct kvm_introspection, event_allow_mask);
+
+ return kvmi_ioctl_feature(kvm, allow, requested, off_bitmap,
+ KVMI_NUM_EVENTS);
+}
+
+int kvmi_ioctl_command(struct kvm *kvm, void __user *argp)
+{
+ DECLARE_BITMAP(requested, KVMI_NUM_COMMANDS);
+ DECLARE_BITMAP(known, KVMI_NUM_COMMANDS);
+ size_t off_bitmap;
+ bool allow;
+ int err;
+ int id;
+
+ err = kvmi_ioctl_get_feature(argp, &allow, &id, requested);
+ if (err)
+ return err;
+
+ bitmap_from_u64(known, KVMI_KNOWN_COMMANDS);
+ bitmap_and(requested, requested, known, KVMI_NUM_COMMANDS);
+
+ off_bitmap = offsetof(struct kvm_introspection, cmd_allow_mask);
+
+ return kvmi_ioctl_feature(kvm, allow, requested, off_bitmap,
+ KVMI_NUM_COMMANDS);
+}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 01451d573788..c5cf40d03d68 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -16,6 +16,10 @@
#define kvmi_err(kvmi, fmt, ...) \
kvm_info("%pU ERROR: " fmt, &kvmi->uuid, ## __VA_ARGS__)
+#define KVMI_KNOWN_EVENTS 0
+
+#define KVMI_KNOWN_COMMANDS 0
+
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
/* kvmi_msg.c */
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 77bab9ba918b..f5632a3a7fb3 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -3505,6 +3505,12 @@ static long kvm_vm_ioctl(struct file *filp,
case KVM_INTROSPECTION_UNHOOK:
r = kvmi_ioctl_unhook(kvm);
break;
+ case KVM_INTROSPECTION_COMMAND:
+ r = kvmi_ioctl_command(kvm, argp);
+ break;
+ case KVM_INTROSPECTION_EVENT:
+ r = kvmi_ioctl_event(kvm, argp);
+ break;
#endif /* CONFIG_KVM_INTROSPECTION */
default:
r = kvm_arch_vm_ioctl(filp, ioctl, arg);
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 39/78] KVM: introspection: add the read/dispatch message function
Based on the common header (struct kvmi_msg_hdr), the receiving thread
will read/validate all messages, execute the VM introspection commands
(eg. KVMI_VM_GET_INFO) and dispatch the vCPU introspection commands
(eg. KVMI_VCPU_GET_REGISTERS) and the replies to vCPU events.
The vCPU threads will reply to vCPU introspection commands without the
help of the receiving thread.
This thread will end when the socket is closed (by userspace or the
introspection tool) or on the first API error (eg. wrong message size).
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 86 +++++++
include/uapi/linux/kvmi.h | 15 ++
.../testing/selftests/kvm/x86_64/kvmi_test.c | 100 ++++++++
virt/kvm/introspection/kvmi.c | 43 +++-
virt/kvm/introspection/kvmi_int.h | 7 +
virt/kvm/introspection/kvmi_msg.c | 224 +++++++++++++++++-
6 files changed, 473 insertions(+), 2 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index af685e837b4b..4aa77ae0c3c5 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -64,6 +64,85 @@ an answer from its peer indefinitely or until the guest is
powered off
can really continue normal execution depends on whether the introspection
tool has made any modifications that require an active KVMI channel.
+All messages (commands or events) have a common header::
+
+ struct kvmi_msg_hdr {
+ __u16 id;
+ __u16 size;
+ __u32 seq;
+ };
+
+The replies have the same header, with the sequence number (``seq``)
+and message id (``id``) matching the command/event.
+
+After ``kvmi_msg_hdr``, ``id`` specific data of ``size`` bytes will
+follow.
+
+The message header and its data must be sent with one ``sendmsg()`` call
+to the socket. This simplifies the receiver loop and avoids
+the reconstruction of messages on the other side.
+
+The wire protocol uses the host native byte-order. The introspection tool
+must check this during the handshake and do the necessary conversion.
+
+A command reply begins with::
+
+ struct kvmi_error_code {
+ __s32 err;
+ __u32 padding;
+ }
+
+followed by the command specific data if the error code ``err`` is zero.
+
+The error code -KVM_ENOSYS is returned for unsupported commands.
+
+The error code -KVM_EPERM is returned for disallowed commands (see
**Hooking**).
+
+The error code is related to the message processing, including unsupported
+commands. For all the other errors (incomplete messages, wrong sequence
+numbers, socket errors etc.) the socket will be closed. The device
+manager should reconnect.
+
+While all commands will have a reply as soon as possible, the replies
+to events will probably be delayed until a set of (new) commands will
+complete::
+
+ Host kernel Tool
+ ----------- ----
+ event 1 ->
+ <- command 1
+ command 1 reply ->
+ <- command 2
+ command 2 reply ->
+ <- event 1 reply
+
+If both ends send a message at the same time::
+
+ Host kernel Tool
+ ----------- ----
+ event X -> <- command X
+
+the host kernel will reply to 'command X', regardless of the receive
time
+(before or after the 'event X' was sent).
+
+As it can be seen below, the wire protocol specifies occasional padding. This
+is to permit working with the data by directly using C structures or to round
+the structure size to a multiple of 8 bytes (64bit) to improve the copy
+operations that happen during ``recvmsg()`` or ``sendmsg()``. The members
+should have the native alignment of the host (4 bytes on x86). All padding
+must be initialized with zero otherwise the respective commands will fail
+with -KVM_EINVAL.
+
+To describe the commands/events, we reuse some conventions from api.txt:
+
+ - Architectures: which instruction set architectures provide this
command/event
+
+ - Versions: which versions provide this command/event
+
+ - Parameters: incoming message data
+
+ - Returns: outgoing/reply message data
+
Handshake
---------
@@ -99,6 +178,13 @@ commands/events) to KVM, and forget about it. It will be
notified by
KVM when the introspection tool closes the file handle (in case of
errors), and should reinitiate the handshake.
+Once the file handle reaches KVM, the introspection tool should
+use the *KVMI_GET_VERSION* command to get the API version and/or the
+*KVMI_VM_CHECK_COMMAND* and *KVMI_VM_CHECK_EVENT* commands to see which
+commands/events are allowed for this guest. The error code -KVM_EPERM
+will be returned if the introspection tool uses a command or enables an
+event which is disallowed.
+
Unhooking
---------
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index d7b18ffef4fa..7620fdbf4749 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -18,4 +18,19 @@ enum {
KVMI_NUM_EVENTS
};
+struct kvmi_msg_hdr {
+ __u16 id;
+ __u16 size;
+ __u32 seq;
+};
+
+enum {
+ KVMI_MSG_SIZE = (4096 * 2 - sizeof(struct kvmi_msg_hdr))
+};
+
+struct kvmi_error_code {
+ __s32 err;
+ __u32 padding;
+};
+
#endif /* _UAPI__LINUX_KVMI_H */
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index ea411611e296..1793582b7e10 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -15,6 +15,9 @@
#include "processor.h"
#include "../lib/kvm_util_internal.h"
+#include "linux/kvm_para.h"
+#include "linux/kvmi.h"
+
#define VCPU_ID 5
static int socket_pair[2];
@@ -80,10 +83,107 @@ static void unhook_introspection(struct kvm_vm *vm)
errno, strerror(errno));
}
+static void receive_data(void *dest, size_t size)
+{
+ ssize_t r;
+
+ r = recv(Userspace_socket, dest, size, MSG_WAITALL);
+ TEST_ASSERT(r == size,
+ "recv() failed, expected %d, result %d, errno %d (%s)\n",
+ size, r, errno, strerror(errno));
+}
+
+static int receive_cmd_reply(struct kvmi_msg_hdr *req, void *rpl,
+ size_t rpl_size)
+{
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_error_code ec;
+
+ receive_data(&hdr, sizeof(hdr));
+
+ TEST_ASSERT(hdr.seq == req->seq,
+ "Unexpected messages sequence 0x%x, expected 0x%x\n",
+ hdr.seq, req->seq);
+
+ TEST_ASSERT(hdr.size >= sizeof(ec),
+ "Invalid message size %d, expected %d bytes (at least)\n",
+ hdr.size, sizeof(ec));
+
+ receive_data(&ec, sizeof(ec));
+
+ if (ec.err) {
+ TEST_ASSERT(hdr.size == sizeof(ec),
+ "Invalid command reply on error\n");
+ } else {
+ TEST_ASSERT(hdr.size == sizeof(ec) + rpl_size,
+ "Invalid command reply\n");
+
+ if (rpl && rpl_size)
+ receive_data(rpl, rpl_size);
+ }
+
+ return ec.err;
+}
+
+static unsigned int new_seq(void)
+{
+ static unsigned int seq;
+
+ return seq++;
+}
+
+static void send_message(int msg_id, struct kvmi_msg_hdr *hdr, size_t size)
+{
+ ssize_t r;
+
+ hdr->id = msg_id;
+ hdr->seq = new_seq();
+ hdr->size = size - sizeof(*hdr);
+
+ r = send(Userspace_socket, hdr, size, 0);
+ TEST_ASSERT(r == size,
+ "send() failed, sending %d, result %d, errno %d (%s)\n",
+ size, r, errno, strerror(errno));
+}
+
+static const char *kvm_strerror(int error)
+{
+ switch (error) {
+ case KVM_ENOSYS:
+ return "Invalid system call number";
+ case KVM_EOPNOTSUPP:
+ return "Operation not supported on transport endpoint";
+ default:
+ return strerror(error);
+ }
+}
+
+static int do_command(int cmd_id, struct kvmi_msg_hdr *req,
+ size_t req_size, void *rpl, size_t rpl_size)
+{
+ send_message(cmd_id, req, req_size);
+ return receive_cmd_reply(req, rpl, rpl_size);
+}
+
+static void test_cmd_invalid(void)
+{
+ int invalid_msg_id = 0xffff;
+ struct kvmi_msg_hdr req;
+ int r;
+
+ r = do_command(invalid_msg_id, &req, sizeof(req), NULL, 0);
+ TEST_ASSERT(r == -KVM_ENOSYS,
+ "Invalid command didn't failed with KVM_ENOSYS, error %d
(%s)\n",
+ -r, kvm_strerror(-r));
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
hook_introspection(vm);
+
+ test_cmd_invalid();
+
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 791d2536415e..706372e9e56a 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -8,13 +8,54 @@
#include "kvmi_int.h"
#include <linux/kthread.h>
-int kvmi_init(void)
+static struct kmem_cache *msg_cache;
+
+void *kvmi_msg_alloc(void)
+{
+ return kmem_cache_zalloc(msg_cache, GFP_KERNEL);
+}
+
+void *kvmi_msg_alloc_check(size_t size)
+{
+ if (size > KVMI_MSG_SIZE_ALLOC)
+ return NULL;
+ return kvmi_msg_alloc();
+}
+
+void kvmi_msg_free(void *addr)
+{
+ if (addr)
+ kmem_cache_free(msg_cache, addr);
+}
+
+static void kvmi_cache_destroy(void)
{
+ kmem_cache_destroy(msg_cache);
+ msg_cache = NULL;
+}
+
+static int kvmi_cache_create(void)
+{
+ msg_cache = kmem_cache_create("kvmi_msg", KVMI_MSG_SIZE_ALLOC,
+ 4096, SLAB_ACCOUNT, NULL);
+
+ if (!msg_cache) {
+ kvmi_cache_destroy();
+
+ return -1;
+ }
+
return 0;
}
+int kvmi_init(void)
+{
+ return kvmi_cache_create();
+}
+
void kvmi_uninit(void)
{
+ kvmi_cache_destroy();
}
static void free_kvmi(struct kvm *kvm)
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index c5cf40d03d68..46ba90cb5e66 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -16,6 +16,8 @@
#define kvmi_err(kvmi, fmt, ...) \
kvm_info("%pU ERROR: " fmt, &kvmi->uuid, ## __VA_ARGS__)
+#define KVMI_MSG_SIZE_ALLOC (sizeof(struct kvmi_msg_hdr) + KVMI_MSG_SIZE)
+
#define KVMI_KNOWN_EVENTS 0
#define KVMI_KNOWN_COMMANDS 0
@@ -28,4 +30,9 @@ void kvmi_sock_shutdown(struct kvm_introspection *kvmi);
void kvmi_sock_put(struct kvm_introspection *kvmi);
bool kvmi_msg_process(struct kvm_introspection *kvmi);
+/* kvmi.c */
+void *kvmi_msg_alloc(void);
+void *kvmi_msg_alloc_check(size_t size);
+void kvmi_msg_free(void *addr);
+
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index f9e66274fb43..ed095fcf50bc 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -8,6 +8,19 @@
#include <linux/net.h>
#include "kvmi_int.h"
+static const char *const msg_IDs[] = {
+};
+
+static bool is_known_message(u16 id)
+{
+ return id < ARRAY_SIZE(msg_IDs) && msg_IDs[id];
+}
+
+static const char *id2str(u16 id)
+{
+ return is_known_message(id) ? msg_IDs[id] : "unknown";
+}
+
bool kvmi_sock_get(struct kvm_introspection *kvmi, int fd)
{
struct socket *sock;
@@ -33,7 +46,216 @@ void kvmi_sock_shutdown(struct kvm_introspection *kvmi)
kernel_sock_shutdown(kvmi->sock, SHUT_RDWR);
}
+static int kvmi_sock_read(struct kvm_introspection *kvmi, void *buf,
+ size_t size)
+{
+ struct kvec i = {
+ .iov_base = buf,
+ .iov_len = size,
+ };
+ struct msghdr m = { };
+ int rc;
+
+ rc = kernel_recvmsg(kvmi->sock, &m, &i, 1, size, MSG_WAITALL);
+
+ if (unlikely(rc != size && rc >= 0))
+ rc = -EPIPE;
+
+ return rc >= 0 ? 0 : rc;
+}
+
+static int kvmi_sock_write(struct kvm_introspection *kvmi, struct kvec *i,
+ size_t n, size_t size)
+{
+ struct msghdr m = { };
+ int rc;
+
+ rc = kernel_sendmsg(kvmi->sock, &m, i, n, size);
+
+ if (unlikely(rc != size && rc >= 0))
+ rc = -EPIPE;
+
+ return rc >= 0 ? 0 : rc;
+}
+
+static int kvmi_msg_reply(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg, int err,
+ const void *rpl, size_t rpl_size)
+{
+ struct kvmi_error_code ec;
+ struct kvmi_msg_hdr h;
+ struct kvec vec[3] = {
+ { .iov_base = &h, .iov_len = sizeof(h) },
+ { .iov_base = &ec, .iov_len = sizeof(ec) },
+ { .iov_base = (void *)rpl, .iov_len = rpl_size },
+ };
+ size_t size = sizeof(h) + sizeof(ec) + (err ? 0 : rpl_size);
+ size_t n = err ? ARRAY_SIZE(vec) - 1 : ARRAY_SIZE(vec);
+
+ memset(&h, 0, sizeof(h));
+ h.id = msg->id;
+ h.seq = msg->seq;
+ h.size = size - sizeof(h);
+
+ memset(&ec, 0, sizeof(ec));
+ ec.err = err;
+
+ return kvmi_sock_write(kvmi, vec, n, size);
+}
+
+static int kvmi_msg_vm_reply(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg,
+ int err, const void *rpl,
+ size_t rpl_size)
+{
+ return kvmi_msg_reply(kvmi, msg, err, rpl, rpl_size);
+}
+
+static bool is_command_allowed(struct kvm_introspection *kvmi, int id)
+{
+ return test_bit(id, kvmi->cmd_allow_mask);
+}
+
+/*
+ * These commands are executed by the receiving thread/worker.
+ */
+static int(*const msg_vm[])(struct kvm_introspection *,
+ const struct kvmi_msg_hdr *, const void *) = {
+};
+
+static bool is_vm_message(u16 id)
+{
+ return id < ARRAY_SIZE(msg_vm) && !!msg_vm[id];
+}
+
+static bool is_unsupported_message(u16 id)
+{
+ bool supported;
+
+ supported = is_known_message(id) && is_vm_message(id);
+
+ return !supported;
+}
+
+static int kvmi_consume_bytes(struct kvm_introspection *kvmi, size_t bytes)
+{
+ size_t to_read;
+ u8 buf[1024];
+ int err = 0;
+
+ while (bytes && !err) {
+ to_read = min(bytes, sizeof(buf));
+
+ err = kvmi_sock_read(kvmi, buf, to_read);
+
+ bytes -= to_read;
+ }
+
+ return err;
+}
+
+static struct kvmi_msg_hdr *
+kvmi_msg_recv(struct kvm_introspection *kvmi, bool *unsupported)
+{
+ struct kvmi_msg_hdr *msg;
+ int err;
+
+ *unsupported = false;
+
+ msg = kvmi_msg_alloc();
+ if (!msg)
+ goto out_err;
+
+ err = kvmi_sock_read(kvmi, msg, sizeof(*msg));
+ if (err)
+ goto out_err;
+
+ if (msg->size > KVMI_MSG_SIZE)
+ goto out_err_msg;
+
+ if (is_unsupported_message(msg->id)) {
+ if (msg->size && kvmi_consume_bytes(kvmi, msg->size) < 0)
+ goto out_err_msg;
+
+ *unsupported = true;
+ return msg;
+ }
+
+ if (msg->size && kvmi_sock_read(kvmi, msg + 1, msg->size) <
0)
+ goto out_err_msg;
+
+ return msg;
+
+out_err_msg:
+ kvmi_err(kvmi, "%s id %u (%s) size %u\n",
+ __func__, msg->id, id2str(msg->id), msg->size);
+
+out_err:
+ kvmi_msg_free(msg);
+
+ return NULL;
+}
+
+static int kvmi_msg_dispatch_vm_cmd(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg)
+{
+ return msg_vm[msg->id](kvmi, msg, msg + 1);
+}
+
+static int kvmi_msg_dispatch(struct kvm_introspection *kvmi,
+ struct kvmi_msg_hdr *msg, bool *queued)
+{
+ int err;
+
+ err = kvmi_msg_dispatch_vm_cmd(kvmi, msg);
+
+ if (err)
+ kvmi_err(kvmi, "%s: msg id: %u (%s), err: %d\n", __func__,
+ msg->id, id2str(msg->id), err);
+
+ return err;
+}
+
+static bool is_message_allowed(struct kvm_introspection *kvmi, __u16 id)
+{
+ if (id >= KVMI_NUM_COMMANDS)
+ return false;
+
+ return is_command_allowed(kvmi, id);
+}
+
+static int kvmi_msg_vm_reply_ec(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg, int ec)
+{
+ return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0);
+}
+
bool kvmi_msg_process(struct kvm_introspection *kvmi)
{
- return false;
+ struct kvmi_msg_hdr *msg;
+ bool queued = false;
+ bool unsupported;
+ int err = -1;
+
+ msg = kvmi_msg_recv(kvmi, &unsupported);
+ if (!msg)
+ goto out;
+
+ if (unsupported) {
+ err = kvmi_msg_vm_reply_ec(kvmi, msg, -KVM_ENOSYS);
+ goto out;
+ }
+
+ if (!is_message_allowed(kvmi, msg->id)) {
+ err = kvmi_msg_vm_reply_ec(kvmi, msg, -KVM_EPERM);
+ goto out;
+ }
+
+ err = kvmi_msg_dispatch(kvmi, msg, &queued);
+
+out:
+ if (!queued)
+ kvmi_msg_free(msg);
+
+ return err == 0;
}
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 40/78] KVM: introspection: add KVMI_GET_VERSION
This command should be used by the introspection tool to identify the
commands/events supported by the KVMi subsystem and, most important,
what messages must be used for event replies. These messages might be
extended in future versions. The kernel side will accept smaller/older
or bigger/newer command messages, but not bigger/newer event replies.
The KVMI_GET_VERSION command is always allowed and any attempt
from userspace to explicitly disallow this command through
KVM_INTROSPECTION_COMMAND will get -EPERM (unless userspace chooses to
disable all commands, using id=-1, in which case KVMI_GET_VERSION is
silently allowed, without an error).
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 27 +++++++++++++++++++
include/uapi/linux/kvmi.h | 10 +++++++
.../testing/selftests/kvm/x86_64/kvmi_test.c | 25 +++++++++++++++++
virt/kvm/introspection/kvmi.c | 14 ++++++++++
virt/kvm/introspection/kvmi_int.h | 4 ++-
virt/kvm/introspection/kvmi_msg.c | 13 +++++++++
6 files changed, 92 insertions(+), 1 deletion(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 4aa77ae0c3c5..36f8cd4a836d 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -224,3 +224,30 @@ device etc.). It is up to the user to determine, using the
guest operating
system data structures, the areas that are safe to access (code, stack, heap
etc.).
+Commands
+--------
+
+The following C structures are meant to be used directly when communicating
+over the wire. The peer that detects any size mismatch should simply close
+the connection and report the error.
+
+1. KVMI_GET_VERSION
+-------------------
+
+:Architectures: all
+:Versions: >= 1
+:Parameters: none
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+ struct kvmi_get_version_reply {
+ __u32 version;
+ __u32 padding;
+ };
+
+Returns the introspection API version.
+
+This command is always allowed and successful (if the introspection is
+built in kernel).
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 7620fdbf4749..ee817cb05cc6 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -6,11 +6,16 @@
* KVMI structures and definitions
*/
+#include <linux/kernel.h>
+#include <linux/types.h>
+
enum {
KVMI_VERSION = 0x00000001
};
enum {
+ KVMI_GET_VERSION = 2,
+
KVMI_NUM_MESSAGES
};
@@ -33,4 +38,9 @@ struct kvmi_error_code {
__u32 padding;
};
+struct kvmi_get_version_reply {
+ __u32 version;
+ __u32 padding;
+};
+
#endif /* _UAPI__LINUX_KVMI_H */
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 1793582b7e10..733e82478f6e 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -177,12 +177,37 @@ static void test_cmd_invalid(void)
-r, kvm_strerror(-r));
}
+static void test_vm_command(int cmd_id, struct kvmi_msg_hdr *req,
+ size_t req_size, void *rpl, size_t rpl_size)
+{
+ int r;
+
+ r = do_command(cmd_id, req, req_size, rpl, rpl_size);
+ TEST_ASSERT(r == 0,
+ "Command %d failed, error %d (%s)\n",
+ cmd_id, -r, kvm_strerror(-r));
+}
+
+static void test_cmd_get_version(void)
+{
+ struct kvmi_get_version_reply rpl;
+ struct kvmi_msg_hdr req;
+
+ test_vm_command(KVMI_GET_VERSION, &req, sizeof(req), &rpl,
sizeof(rpl));
+ TEST_ASSERT(rpl.version == KVMI_VERSION,
+ "Unexpected KVMI version %d, expecting %d\n",
+ rpl.version, KVMI_VERSION);
+
+ DEBUG("KVMI version: %u\n", rpl.version);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
hook_introspection(vm);
test_cmd_invalid();
+ test_cmd_get_version();
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 706372e9e56a..8597b6ef0cfb 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -76,6 +76,8 @@ alloc_kvmi(struct kvm *kvm, const struct
kvm_introspection_hook *hook)
BUILD_BUG_ON(sizeof(hook->uuid) != sizeof(kvmi->uuid));
memcpy(&kvmi->uuid, &hook->uuid, sizeof(kvmi->uuid));
+ set_bit(KVMI_GET_VERSION, kvmi->cmd_allow_mask);
+
kvmi->kvm = kvm;
return kvmi;
@@ -299,6 +301,18 @@ int kvmi_ioctl_command(struct kvm *kvm, void __user *argp)
bitmap_from_u64(known, KVMI_KNOWN_COMMANDS);
bitmap_and(requested, requested, known, KVMI_NUM_COMMANDS);
+ if (!allow) {
+ DECLARE_BITMAP(always_allowed, KVMI_NUM_COMMANDS);
+
+ if (id == KVMI_GET_VERSION)
+ return -EPERM;
+
+ set_bit(KVMI_GET_VERSION, always_allowed);
+
+ bitmap_andnot(requested, requested, always_allowed,
+ KVMI_NUM_COMMANDS);
+ }
+
off_bitmap = offsetof(struct kvm_introspection, cmd_allow_mask);
return kvmi_ioctl_feature(kvm, allow, requested, off_bitmap,
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 46ba90cb5e66..947af4615fa5 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -20,7 +20,9 @@
#define KVMI_KNOWN_EVENTS 0
-#define KVMI_KNOWN_COMMANDS 0
+#define KVMI_KNOWN_COMMANDS ( \
+ BIT(KVMI_GET_VERSION) \
+ )
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index ed095fcf50bc..81e42c65da16 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -9,6 +9,7 @@
#include "kvmi_int.h"
static const char *const msg_IDs[] = {
+ [KVMI_GET_VERSION] = "KVMI_GET_VERSION",
};
static bool is_known_message(u16 id)
@@ -116,11 +117,23 @@ static bool is_command_allowed(struct kvm_introspection
*kvmi, int id)
return test_bit(id, kvmi->cmd_allow_mask);
}
+static int handle_get_version(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg, const void *req)
+{
+ struct kvmi_get_version_reply rpl;
+
+ memset(&rpl, 0, sizeof(rpl));
+ rpl.version = KVMI_VERSION;
+
+ return kvmi_msg_vm_reply(kvmi, msg, 0, &rpl, sizeof(rpl));
+}
+
/*
* These commands are executed by the receiving thread/worker.
*/
static int(*const msg_vm[])(struct kvm_introspection *,
const struct kvmi_msg_hdr *, const void *) = {
+ [KVMI_GET_VERSION] = handle_get_version,
};
static bool is_vm_message(u16 id)
Adalbert Lazăr
2020-Feb-07 18:15 UTC
[RFC PATCH v7 41/78] KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT
These commands can be used by the introspection tool to check what
introspection commands and events are supported (by KVMi) and allowed
(by userspace).
The introspection tool will get one of the following error codes:
* -KVM_ENOSYS (unsupported command/event)
* -KVM_PERM (disallowed command/event)
* -KVM_EINVAL (the padding space, used for future extensions,
is not zero)
* 0 (the command/event is supported and allowed)
These commands can be seen as alternative methods to KVMI_GET_VERSION
in checking if the introspection supports a specific command/event.
As with the KVMI_GET_VERSION command, these two commands can never be
disallowed by userspace.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 62 +++++++++++++++++++
include/uapi/linux/kvmi.h | 16 ++++-
.../testing/selftests/kvm/x86_64/kvmi_test.c | 55 ++++++++++++++++
virt/kvm/introspection/kvmi.c | 8 ++-
virt/kvm/introspection/kvmi_int.h | 2 +
virt/kvm/introspection/kvmi_msg.c | 46 +++++++++++++-
6 files changed, 185 insertions(+), 4 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 36f8cd4a836d..9205f51fa5a0 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -251,3 +251,65 @@ Returns the introspection API version.
This command is always allowed and successful (if the introspection is
built in kernel).
+
+2. KVMI_VM_CHECK_COMMAND
+------------------------
+
+:Architectures: all
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vm_check_command {
+ __u16 id;
+ __u16 padding1;
+ __u32 padding2;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+
+Checks if the command specified by ``id`` is allowed.
+
+This command is always allowed.
+
+:Errors:
+
+* -KVM_EPERM - the command specified by ``id`` is disallowed
+* -KVM_EINVAL - padding is not zero
+* -KVM_EINVAL - the command specified by ``id`` is not known
+
+3. KVMI_VM_CHECK_EVENT
+----------------------
+
+:Architectures: all
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vm_check_event {
+ __u16 id;
+ __u16 padding1;
+ __u32 padding2;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+
+Checks if the event specified by ``id`` is allowed.
+
+This command is always allowed.
+
+:Errors:
+
+* -KVM_EPERM - the event specified by ``id`` is disallowed
+* -KVM_EINVAL - padding is not zero
+* -KVM_EINVAL - the event specified by ``id`` is not known
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index ee817cb05cc6..ba550e9fae2e 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -14,7 +14,9 @@ enum {
};
enum {
- KVMI_GET_VERSION = 2,
+ KVMI_GET_VERSION = 2,
+ KVMI_VM_CHECK_COMMAND = 3,
+ KVMI_VM_CHECK_EVENT = 4,
KVMI_NUM_MESSAGES
};
@@ -43,4 +45,16 @@ struct kvmi_get_version_reply {
__u32 padding;
};
+struct kvmi_vm_check_command {
+ __u16 id;
+ __u16 padding1;
+ __u32 padding2;
+};
+
+struct kvmi_vm_check_event {
+ __u16 id;
+ __u16 padding1;
+ __u32 padding2;
+};
+
#endif /* _UAPI__LINUX_KVMI_H */
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 733e82478f6e..e3e51fe3f85f 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -201,6 +201,59 @@ static void test_cmd_get_version(void)
DEBUG("KVMI version: %u\n", rpl.version);
}
+static int cmd_check_command(__u16 id)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vm_check_command cmd;
+ } req = {};
+
+ req.cmd.id = id;
+
+ return do_command(KVMI_VM_CHECK_COMMAND, &req.hdr, sizeof(req), NULL,
+ 0);
+}
+
+static void test_cmd_check_command(void)
+{
+ __u16 valid_id = KVMI_GET_VERSION;
+ __u16 invalid_id = 0xffff;
+ int r;
+
+ r = cmd_check_command(valid_id);
+ TEST_ASSERT(r == 0,
+ "KVMI_VM_CHECK_COMMAND failed, error %d (%s)\n",
+ -r, kvm_strerror(-r));
+
+ r = cmd_check_command(invalid_id);
+ TEST_ASSERT(r == -KVM_EINVAL,
+ "KVMI_VM_CHECK_COMMAND didn't failed with -KVM_EINVAL, error %d
(%s)\n",
+ -r, kvm_strerror(-r));
+}
+
+static int cmd_check_event(__u16 id)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vm_check_event cmd;
+ } req = {};
+
+ req.cmd.id = id;
+
+ return do_command(KVMI_VM_CHECK_EVENT, &req.hdr, sizeof(req), NULL, 0);
+}
+
+static void test_cmd_check_event(void)
+{
+ __u16 invalid_id = 0xffff;
+ int r;
+
+ r = cmd_check_event(invalid_id);
+ TEST_ASSERT(r == -KVM_EINVAL,
+ "KVMI_VM_CHECK_EVENT didn't failed with -KVM_EINVAL, error %d
(%s)\n",
+ -r, kvm_strerror(-r));
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -208,6 +261,8 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_invalid();
test_cmd_get_version();
+ test_cmd_check_command();
+ test_cmd_check_event();
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 8597b6ef0cfb..8f8e18696794 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -77,6 +77,8 @@ alloc_kvmi(struct kvm *kvm, const struct
kvm_introspection_hook *hook)
memcpy(&kvmi->uuid, &hook->uuid, sizeof(kvmi->uuid));
set_bit(KVMI_GET_VERSION, kvmi->cmd_allow_mask);
+ set_bit(KVMI_VM_CHECK_COMMAND, kvmi->cmd_allow_mask);
+ set_bit(KVMI_VM_CHECK_EVENT, kvmi->cmd_allow_mask);
kvmi->kvm = kvm;
@@ -304,10 +306,14 @@ int kvmi_ioctl_command(struct kvm *kvm, void __user *argp)
if (!allow) {
DECLARE_BITMAP(always_allowed, KVMI_NUM_COMMANDS);
- if (id == KVMI_GET_VERSION)
+ if (id == KVMI_GET_VERSION
+ || id == KVMI_VM_CHECK_COMMAND
+ || id == KVMI_VM_CHECK_EVENT)
return -EPERM;
set_bit(KVMI_GET_VERSION, always_allowed);
+ set_bit(KVMI_VM_CHECK_COMMAND, always_allowed);
+ set_bit(KVMI_VM_CHECK_EVENT, always_allowed);
bitmap_andnot(requested, requested, always_allowed,
KVMI_NUM_COMMANDS);
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 947af4615fa5..feb83b8d0f12 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -22,6 +22,8 @@
#define KVMI_KNOWN_COMMANDS ( \
BIT(KVMI_GET_VERSION) \
+ | BIT(KVMI_VM_CHECK_COMMAND) \
+ | BIT(KVMI_VM_CHECK_EVENT) \
)
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 81e42c65da16..b7da5cc7286f 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -9,7 +9,9 @@
#include "kvmi_int.h"
static const char *const msg_IDs[] = {
- [KVMI_GET_VERSION] = "KVMI_GET_VERSION",
+ [KVMI_GET_VERSION] = "KVMI_GET_VERSION",
+ [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND",
+ [KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
};
static bool is_known_message(u16 id)
@@ -128,12 +130,52 @@ static int handle_get_version(struct kvm_introspection
*kvmi,
return kvmi_msg_vm_reply(kvmi, msg, 0, &rpl, sizeof(rpl));
}
+static int handle_check_command(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg,
+ const void *_req)
+{
+ const struct kvmi_vm_check_command *req = _req;
+ int ec = 0;
+
+ if (req->padding1 || req->padding2)
+ ec = -KVM_EINVAL;
+ else if (req->id >= KVMI_NUM_COMMANDS)
+ ec = -KVM_EINVAL;
+ else if (!is_command_allowed(kvmi, req->id))
+ ec = -KVM_EPERM;
+
+ return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0);
+}
+
+static bool is_event_allowed(struct kvm_introspection *kvmi, int id)
+{
+ return test_bit(id, kvmi->event_allow_mask);
+}
+
+static int handle_check_event(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg, const void *_req)
+{
+ const struct kvmi_vm_check_event *req = _req;
+ int ec = 0;
+
+ if (req->padding1 || req->padding2)
+ ec = -KVM_EINVAL;
+ else if (req->id >= KVMI_NUM_EVENTS)
+ ec = -KVM_EINVAL;
+ else if (!is_event_allowed(kvmi, req->id))
+ ec = -KVM_EPERM;
+
+ return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0);
+}
+
/*
* These commands are executed by the receiving thread/worker.
*/
static int(*const msg_vm[])(struct kvm_introspection *,
const struct kvmi_msg_hdr *, const void *) = {
- [KVMI_GET_VERSION] = handle_get_version,
+ [KVMI_GET_VERSION] = handle_get_version,
+ [KVMI_VM_CHECK_COMMAND] = handle_check_command,
+ [KVMI_VM_CHECK_EVENT] = handle_check_event,
};
static bool is_vm_message(u16 id)
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 42/78] KVM: introspection: add KVMI_VM_GET_INFO
From: Mihai Don?u <mdontu at bitdefender.com>
For now, this command returns only the number of online vCPUs.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 18 ++++++++++++++++++
include/uapi/linux/kvmi.h | 6 ++++++
tools/testing/selftests/kvm/x86_64/kvmi_test.c | 15 +++++++++++++++
virt/kvm/introspection/kvmi_int.h | 1 +
virt/kvm/introspection/kvmi_msg.c | 14 ++++++++++++++
5 files changed, 54 insertions(+)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 9205f51fa5a0..0a7266fed564 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -313,3 +313,21 @@ This command is always allowed.
* -KVM_EPERM - the event specified by ``id`` is disallowed
* -KVM_EINVAL - padding is not zero
* -KVM_EINVAL - the event specified by ``id`` is not known
+
+4. KVMI_VM_GET_INFO
+-------------------
+
+:Architectures: all
+:Versions: >= 1
+:Parameters: none
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+ struct kvmi_vm_get_info_reply {
+ __u32 vcpu_count;
+ __u32 padding[3];
+ };
+
+Returns the number of online vCPUs.
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index ba550e9fae2e..b7e45d4601a5 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -17,6 +17,7 @@ enum {
KVMI_GET_VERSION = 2,
KVMI_VM_CHECK_COMMAND = 3,
KVMI_VM_CHECK_EVENT = 4,
+ KVMI_VM_GET_INFO = 5,
KVMI_NUM_MESSAGES
};
@@ -57,4 +58,9 @@ struct kvmi_vm_check_event {
__u32 padding2;
};
+struct kvmi_vm_get_info_reply {
+ __u32 vcpu_count;
+ __u32 padding[3];
+};
+
#endif /* _UAPI__LINUX_KVMI_H */
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index e3e51fe3f85f..7e59ebca1517 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -254,6 +254,20 @@ static void test_cmd_check_event(void)
-r, kvm_strerror(-r));
}
+static void test_cmd_get_vm_info(void)
+{
+ struct kvmi_vm_get_info_reply rpl;
+ struct kvmi_msg_hdr req;
+
+ test_vm_command(KVMI_VM_GET_INFO, &req, sizeof(req), &rpl,
+ sizeof(rpl));
+ TEST_ASSERT(rpl.vcpu_count == 1,
+ "Unexpected number of vCPU count %u\n",
+ rpl.vcpu_count);
+
+ DEBUG("vcpu count: %u\n", rpl.vcpu_count);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -263,6 +277,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_get_version();
test_cmd_check_command();
test_cmd_check_event();
+ test_cmd_get_vm_info();
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index feb83b8d0f12..3c1a397d07a1 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -24,6 +24,7 @@
BIT(KVMI_GET_VERSION) \
| BIT(KVMI_VM_CHECK_COMMAND) \
| BIT(KVMI_VM_CHECK_EVENT) \
+ | BIT(KVMI_VM_GET_INFO) \
)
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index b7da5cc7286f..a8f524e67f1c 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -12,6 +12,7 @@ static const char *const msg_IDs[] = {
[KVMI_GET_VERSION] = "KVMI_GET_VERSION",
[KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND",
[KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
+ [KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
};
static bool is_known_message(u16 id)
@@ -168,6 +169,18 @@ static int handle_check_event(struct kvm_introspection
*kvmi,
return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0);
}
+static int handle_get_info(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg,
+ const void *req)
+{
+ struct kvmi_vm_get_info_reply rpl;
+
+ memset(&rpl, 0, sizeof(rpl));
+ rpl.vcpu_count = atomic_read(&kvmi->kvm->online_vcpus);
+
+ return kvmi_msg_vm_reply(kvmi, msg, 0, &rpl, sizeof(rpl));
+}
+
/*
* These commands are executed by the receiving thread/worker.
*/
@@ -176,6 +189,7 @@ static int(*const msg_vm[])(struct kvm_introspection *,
[KVMI_GET_VERSION] = handle_get_version,
[KVMI_VM_CHECK_COMMAND] = handle_check_command,
[KVMI_VM_CHECK_EVENT] = handle_check_event,
+ [KVMI_VM_GET_INFO] = handle_get_info,
};
static bool is_vm_message(u16 id)
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 43/78] KVM: introspection: add KVMI_EVENT_UNHOOK
In certain situations (when the guest has to be paused, suspended,
migrated, etc.), userspace will use the KVM_INTROSPECTION_PREUNHOOK
ioctl in order to trigger the KVMI_EVENT_UNHOOK. If the event is sent
successfully (the VM has an active introspection channel), userspace
should delay the action (pause/suspend/...) to give the introspection
tool the chance to remove its hooks (eg. breakpoints) while the guest
is still running. Once a timeout is reached or the introspection tool
has closed the socket, userspace should resume the action.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/api.txt | 23 +++++++
Documentation/virt/kvm/kvmi.rst | 69 ++++++++++++++++++-
arch/x86/include/uapi/asm/kvmi.h | 29 ++++++++
include/linux/kvmi_host.h | 3 +
include/uapi/linux/kvm.h | 2 +
include/uapi/linux/kvmi.h | 13 ++++
.../testing/selftests/kvm/x86_64/kvmi_test.c | 42 +++++++++++
virt/kvm/introspection/kvmi.c | 30 ++++++++
virt/kvm/introspection/kvmi_int.h | 8 ++-
virt/kvm/introspection/kvmi_msg.c | 34 +++++++++
virt/kvm/kvm_main.c | 3 +
11 files changed, 252 insertions(+), 4 deletions(-)
create mode 100644 arch/x86/include/uapi/asm/kvmi.h
diff --git a/Documentation/virt/kvm/api.txt b/Documentation/virt/kvm/api.txt
index c1da0a67d7af..8fbb7fd0f0b4 100644
--- a/Documentation/virt/kvm/api.txt
+++ b/Documentation/virt/kvm/api.txt
@@ -4260,6 +4260,29 @@ the event is disallowed.
Unless set to -1 (meaning all event), id must be a event ID
(e.g. KVMI_EVENT_UNHOOK, KVMI_EVENT_CR, etc.)
+4.126 KVM_INTROSPECTION_PREUNHOOK
+
+Capability: KVM_CAP_INTROSPECTION
+Architectures: x86
+Type: vm ioctl
+Parameters: none
+Returns: 0 on success, a negative value on error
+Errors:
+ EFAULT: the introspection is not enabled
+ the socket (passed with KVM_INTROSPECTION_HOOK) had an error
+ ENOENT: the introspection tool didn't subscribed
+ to this type of introspection event (unhook).
+
+This ioctl is used to inform that the current VM is
+paused/suspended/migrated/etc.
+
+KVM should send an 'unhook' introspection event to the introspection
tool.
+
+If this ioctl is successful, the userspace should give the
+introspection tool a chance to unhook the VM and then it should use
+KVM_INTROSPECTION_UNHOOK to make sure all the introspection structures
+are freed.
+
5. The kvm_run structure
------------------------
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 0a7266fed564..949e940487ab 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -194,9 +194,10 @@ becomes necessary to remove them before the guest is
suspended, moved
(migrated) or a snapshot with memory is created.
The actions are normally performed by the device manager. In the case
-of QEMU, it will use another ioctl to notify the introspection tool and
-wait for a limited amount of time (a few seconds) for a confirmationthat
-is OK to proceed.
+of QEMU, it will use the *KVM_INTROSPECTION_PREUNHOOK* ioctl to trigger
+the *KVMI_EVENT_UNHOOK* event and wait for a limited amount of time
+(a few seconds) for a confirmation from the introspection tool that is
+OK to proceed.
Live migrations
---------------
@@ -331,3 +332,65 @@ This command is always allowed.
};
Returns the number of online vCPUs.
+
+Events
+=====+
+All introspection events (VM or vCPU related) are sent
+using the *KVMI_EVENT* message id.
+
+The *KVMI_EVENT_UNHOOK* event doesn't have a reply and share the kvmi_event
+structure, for consistency with the vCPU events.
+
+The message data begins with a common structure, having the size of the
+structure, the vCPU index and the event id::
+
+ struct kvmi_event {
+ __u16 size;
+ __u16 vcpu;
+ __u8 event;
+ __u8 padding[3];
+ struct kvmi_event_arch arch;
+ }
+
+On x86 the structure looks like this::
+
+ struct kvmi_event_arch {
+ __u8 mode;
+ __u8 padding[7];
+ struct kvm_regs regs;
+ struct kvm_sregs sregs;
+ struct {
+ __u64 sysenter_cs;
+ __u64 sysenter_esp;
+ __u64 sysenter_eip;
+ __u64 efer;
+ __u64 star;
+ __u64 lstar;
+ __u64 cstar;
+ __u64 pat;
+ __u64 shadow_gs;
+ } msrs;
+ };
+
+It contains information about the vCPU state at the time of the event.
+
+Specific data can follow these common structures.
+
+1. KVMI_EVENT_UNHOOK
+--------------------
+
+:Architecture: all
+:Versions: >= 1
+:Actions: none
+:Parameters:
+
+::
+
+ struct kvmi_event;
+
+:Returns: none
+
+This event is sent when the device manager has to pause/stop/migrate the
+guest (see **Unhooking**). The introspection tool has a chance to unhook
+and close the KVMI channel (signaling that the operation can proceed).
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
new file mode 100644
index 000000000000..551f9ed1ed9c
--- /dev/null
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -0,0 +1,29 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _UAPI_ASM_X86_KVMI_H
+#define _UAPI_ASM_X86_KVMI_H
+
+/*
+ * KVM introspection - x86 specific structures and definitions
+ */
+
+#include <asm/kvm.h>
+
+struct kvmi_event_arch {
+ __u8 mode; /* 2, 4 or 8 */
+ __u8 padding[7];
+ struct kvm_regs regs;
+ struct kvm_sregs sregs;
+ struct {
+ __u64 sysenter_cs;
+ __u64 sysenter_esp;
+ __u64 sysenter_eip;
+ __u64 efer;
+ __u64 star;
+ __u64 lstar;
+ __u64 cstar;
+ __u64 pat;
+ __u64 shadow_gs;
+ } msrs;
+};
+
+#endif /* _UAPI_ASM_X86_KVMI_H */
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 4e77a0227c08..180e26335a8f 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -21,6 +21,8 @@ struct kvm_introspection {
DECLARE_BITMAP(cmd_allow_mask, KVMI_NUM_COMMANDS);
DECLARE_BITMAP(event_allow_mask, KVMI_NUM_EVENTS);
+
+ atomic_t ev_seq;
};
#ifdef CONFIG_KVM_INTROSPECTION
@@ -34,6 +36,7 @@ int kvmi_ioctl_hook(struct kvm *kvm, void __user *argp);
int kvmi_ioctl_unhook(struct kvm *kvm);
int kvmi_ioctl_command(struct kvm *kvm, void __user *argp);
int kvmi_ioctl_event(struct kvm *kvm, void __user *argp);
+int kvmi_ioctl_preunhook(struct kvm *kvm);
#else
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index e2de987b5d8f..f745a3c60e02 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -1571,6 +1571,8 @@ struct kvm_introspection_feature {
#define KVM_INTROSPECTION_COMMAND _IOW(KVMIO, 0xc5, struct
kvm_introspection_feature)
#define KVM_INTROSPECTION_EVENT _IOW(KVMIO, 0xc6, struct
kvm_introspection_feature)
+#define KVM_INTROSPECTION_PREUNHOOK _IO(KVMIO, 0xc7)
+
#define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
#define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index b7e45d4601a5..e74240aff5b7 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -8,12 +8,15 @@
#include <linux/kernel.h>
#include <linux/types.h>
+#include <asm/kvmi.h>
enum {
KVMI_VERSION = 0x00000001
};
enum {
+ KVMI_EVENT = 1,
+
KVMI_GET_VERSION = 2,
KVMI_VM_CHECK_COMMAND = 3,
KVMI_VM_CHECK_EVENT = 4,
@@ -23,6 +26,8 @@ enum {
};
enum {
+ KVMI_EVENT_UNHOOK = 0,
+
KVMI_NUM_EVENTS
};
@@ -63,4 +68,12 @@ struct kvmi_vm_get_info_reply {
__u32 padding[3];
};
+struct kvmi_event {
+ __u16 size;
+ __u16 vcpu;
+ __u8 event;
+ __u8 padding[3];
+ struct kvmi_event_arch arch;
+};
+
#endif /* _UAPI__LINUX_KVMI_H */
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 7e59ebca1517..f5d67fd0cde8 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -268,6 +268,47 @@ static void test_cmd_get_vm_info(void)
DEBUG("vcpu count: %u\n", rpl.vcpu_count);
}
+static void trigger_event_unhook_notification(struct kvm_vm *vm)
+{
+ int r;
+
+ r = ioctl(vm->fd, KVM_INTROSPECTION_PREUNHOOK, NULL);
+ TEST_ASSERT(r == 0,
+ "KVM_INTROSPECTION_PREUNHOOK failed, errno %d (%s)\n",
+ errno, strerror(errno));
+}
+
+static void receive_event(struct kvmi_msg_hdr *hdr, struct kvmi_event *ev,
+ size_t ev_size, int event_id)
+{
+ receive_data(hdr, sizeof(*hdr));
+
+ TEST_ASSERT(hdr->id == KVMI_EVENT,
+ "Unexpected messages id %d, expected %d\n",
+ hdr->id, KVMI_EVENT);
+
+ TEST_ASSERT(hdr->size == ev_size,
+ "Invalid event size %d, expected %d bytes\n",
+ hdr->size, ev_size);
+
+ receive_data(ev, ev_size);
+
+ TEST_ASSERT(ev->event == event_id,
+ "Unexpected event %d, expected %d\n",
+ ev->event, event_id);
+}
+
+static void test_event_unhook(struct kvm_vm *vm)
+{
+ __u16 id = KVMI_EVENT_UNHOOK;
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_event ev;
+
+ trigger_event_unhook_notification(vm);
+
+ receive_event(&hdr, &ev, sizeof(ev), id);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -278,6 +319,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_check_command();
test_cmd_check_event();
test_cmd_get_vm_info();
+ test_event_unhook(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 8f8e18696794..74e3e1aa326b 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -80,6 +80,8 @@ alloc_kvmi(struct kvm *kvm, const struct
kvm_introspection_hook *hook)
set_bit(KVMI_VM_CHECK_COMMAND, kvmi->cmd_allow_mask);
set_bit(KVMI_VM_CHECK_EVENT, kvmi->cmd_allow_mask);
+ atomic_set(&kvmi->ev_seq, 0);
+
kvmi->kvm = kvm;
return kvmi;
@@ -324,3 +326,31 @@ int kvmi_ioctl_command(struct kvm *kvm, void __user *argp)
return kvmi_ioctl_feature(kvm, allow, requested, off_bitmap,
KVMI_NUM_COMMANDS);
}
+
+static bool kvmi_unhook_event(struct kvm_introspection *kvmi)
+{
+ int err;
+
+ err = kvmi_msg_send_unhook(kvmi);
+
+ return !err;
+}
+
+int kvmi_ioctl_preunhook(struct kvm *kvm)
+{
+ struct kvm_introspection *kvmi;
+ int err = 0;
+
+ mutex_lock(&kvm->kvmi_lock);
+
+ kvmi = KVMI(kvm);
+ if (!kvmi)
+ return -EFAULT;
+
+ if (!kvmi_unhook_event(kvmi))
+ err = -ENOENT;
+
+ mutex_unlock(&kvm->kvmi_lock);
+
+ return err;
+}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 3c1a397d07a1..3ea8e8250f7d 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -18,7 +18,12 @@
#define KVMI_MSG_SIZE_ALLOC (sizeof(struct kvmi_msg_hdr) + KVMI_MSG_SIZE)
-#define KVMI_KNOWN_EVENTS 0
+#define KVMI_KNOWN_VM_EVENTS ( \
+ BIT(KVMI_EVENT_UNHOOK) \
+ )
+#define KVMI_KNOWN_VCPU_EVENTS 0
+
+#define KVMI_KNOWN_EVENTS (KVMI_KNOWN_VM_EVENTS | KVMI_KNOWN_VCPU_EVENTS)
#define KVMI_KNOWN_COMMANDS ( \
BIT(KVMI_GET_VERSION) \
@@ -34,6 +39,7 @@ bool kvmi_sock_get(struct kvm_introspection *kvmi, int fd);
void kvmi_sock_shutdown(struct kvm_introspection *kvmi);
void kvmi_sock_put(struct kvm_introspection *kvmi);
bool kvmi_msg_process(struct kvm_introspection *kvmi);
+int kvmi_msg_send_unhook(struct kvm_introspection *kvmi);
/* kvmi.c */
void *kvmi_msg_alloc(void);
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index a8f524e67f1c..dbc2ba9a1399 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -328,3 +328,37 @@ bool kvmi_msg_process(struct kvm_introspection *kvmi)
return err == 0;
}
+
+static inline u32 new_seq(struct kvm_introspection *kvmi)
+{
+ return atomic_inc_return(&kvmi->ev_seq);
+}
+
+static void kvmi_setup_event_common(struct kvmi_event *ev, u32 ev_id)
+{
+ memset(ev, 0, sizeof(*ev));
+
+ ev->event = ev_id;
+ ev->size = sizeof(*ev);
+}
+
+int kvmi_msg_send_unhook(struct kvm_introspection *kvmi)
+{
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_event common;
+ struct kvec vec[] = {
+ {.iov_base = &hdr, .iov_len = sizeof(hdr) },
+ {.iov_base = &common, .iov_len = sizeof(common)},
+ };
+ size_t msg_size = sizeof(hdr) + sizeof(common);
+ size_t n = ARRAY_SIZE(vec);
+
+ memset(&hdr, 0, sizeof(hdr));
+ hdr.id = KVMI_EVENT;
+ hdr.seq = new_seq(kvmi);
+ hdr.size = msg_size - sizeof(hdr);
+
+ kvmi_setup_event_common(&common, KVMI_EVENT_UNHOOK);
+
+ return kvmi_sock_write(kvmi, vec, n, msg_size);
+}
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index f5632a3a7fb3..4f83735f2b74 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -3511,6 +3511,9 @@ static long kvm_vm_ioctl(struct file *filp,
case KVM_INTROSPECTION_EVENT:
r = kvmi_ioctl_event(kvm, argp);
break;
+ case KVM_INTROSPECTION_PREUNHOOK:
+ r = kvmi_ioctl_preunhook(kvm);
+ break;
#endif /* CONFIG_KVM_INTROSPECTION */
default:
r = kvm_arch_vm_ioctl(filp, ioctl, arg);
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 44/78] KVM: introspection: add KVMI_VM_CONTROL_EVENTS
With this command the introspection tool enables/disables VM events
(ie. KVMI_EVENT_UNHOOK), because no event (neither VM event, nor vCPU
event) will be sent to the introspection tool unless enabled/requested.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 44 +++++++++++++++--
include/linux/kvmi_host.h | 2 +
include/uapi/linux/kvmi.h | 18 +++++--
.../testing/selftests/kvm/x86_64/kvmi_test.c | 48 +++++++++++++++++++
virt/kvm/introspection/kvmi.c | 14 ++++++
virt/kvm/introspection/kvmi_int.h | 9 ++++
virt/kvm/introspection/kvmi_msg.c | 43 +++++++++++++----
7 files changed, 161 insertions(+), 17 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 949e940487ab..7039f4d2b782 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -333,11 +333,45 @@ This command is always allowed.
Returns the number of online vCPUs.
+5. KVMI_VM_CONTROL_EVENTS
+-------------------------
+
+:Architectures: all
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vm_control_events {
+ __u16 event_id;
+ __u8 enable;
+ __u8 padding1;
+ __u32 padding2;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code
+
+Enables/disables VM introspection events. This command can be used with
+the following events::
+
+ KVMI_EVENT_UNHOOK
+
+:Errors:
+
+* -KVM_EINVAL - the event ID is invalid/unknown (use *KVMI_VM_CHECK_EVENT*
first)
+* -KVM_EINVAL - padding is not zero
+* -KVM_EPERM - the access is restricted by the host
+
Events
=====
All introspection events (VM or vCPU related) are sent
-using the *KVMI_EVENT* message id.
+using the *KVMI_EVENT* message id. No event will be sent unless
+it is explicitly enabled.
The *KVMI_EVENT_UNHOOK* event doesn't have a reply and share the kvmi_event
structure, for consistency with the vCPU events.
@@ -391,6 +425,8 @@ Specific data can follow these common structures.
:Returns: none
-This event is sent when the device manager has to pause/stop/migrate the
-guest (see **Unhooking**). The introspection tool has a chance to unhook
-and close the KVMI channel (signaling that the operation can proceed).
+This event is sent when the device manager has to pause/stop/migrate
+the guest (see **Unhooking**) and the introspection has been enabled
+for this event (see **KVMI_VM_CONTROL_EVENTS**). The introspection tool
+has a chance to unhook and close the KVMI channel (signaling that the
+operation can proceed).
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 180e26335a8f..41b22af771fb 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -22,6 +22,8 @@ struct kvm_introspection {
DECLARE_BITMAP(cmd_allow_mask, KVMI_NUM_COMMANDS);
DECLARE_BITMAP(event_allow_mask, KVMI_NUM_EVENTS);
+ DECLARE_BITMAP(vm_event_enable_mask, KVMI_NUM_EVENTS);
+
atomic_t ev_seq;
};
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index e74240aff5b7..da9bf30ae513 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -15,12 +15,13 @@ enum {
};
enum {
- KVMI_EVENT = 1,
+ KVMI_EVENT = 1,
- KVMI_GET_VERSION = 2,
- KVMI_VM_CHECK_COMMAND = 3,
- KVMI_VM_CHECK_EVENT = 4,
- KVMI_VM_GET_INFO = 5,
+ KVMI_GET_VERSION = 2,
+ KVMI_VM_CHECK_COMMAND = 3,
+ KVMI_VM_CHECK_EVENT = 4,
+ KVMI_VM_GET_INFO = 5,
+ KVMI_VM_CONTROL_EVENTS = 6,
KVMI_NUM_MESSAGES
};
@@ -68,6 +69,13 @@ struct kvmi_vm_get_info_reply {
__u32 padding[3];
};
+struct kvmi_vm_control_events {
+ __u16 event_id;
+ __u8 enable;
+ __u8 padding1;
+ __u32 padding2;
+};
+
struct kvmi_event {
__u16 size;
__u16 vcpu;
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index f5d67fd0cde8..23dba71e7dc6 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -298,15 +298,62 @@ static void receive_event(struct kvmi_msg_hdr *hdr, struct
kvmi_event *ev,
ev->event, event_id);
}
+static int cmd_vm_control_events(__u16 event_id, bool enable)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vm_control_events cmd;
+ } req = {};
+
+ req.cmd.event_id = event_id;
+ req.cmd.enable = enable ? 1 : 0;
+
+ return do_command(KVMI_VM_CONTROL_EVENTS, &req.hdr, sizeof(req),
+ NULL, 0);
+}
+
+static void enable_vm_event(__u16 event_id)
+{
+ int r;
+
+ r = cmd_vm_control_events(event_id, true);
+ TEST_ASSERT(r == 0,
+ "KVMI_VM_CONTROL_EVENTS failed to enable VM event %d, error %d
(%s)\n",
+ event_id, -r, kvm_strerror(-r));
+}
+
+static void disable_vm_event(__u16 event_id)
+{
+ int r;
+
+ r = cmd_vm_control_events(event_id, false);
+ TEST_ASSERT(r == 0,
+ "KVMI_VM_CONTROL_EVENTS failed to disable VM event %d, error %d
(%s)\n",
+ event_id, -r, kvm_strerror(-r));
+}
+
static void test_event_unhook(struct kvm_vm *vm)
{
__u16 id = KVMI_EVENT_UNHOOK;
struct kvmi_msg_hdr hdr;
struct kvmi_event ev;
+ enable_vm_event(id);
+
trigger_event_unhook_notification(vm);
receive_event(&hdr, &ev, sizeof(ev), id);
+
+ disable_vm_event(id);
+}
+
+static void test_cmd_vm_control_events(void)
+{
+ __u16 id = KVMI_EVENT_UNHOOK;
+
+ enable_vm_event(id);
+
+ disable_vm_event(id);
}
static void test_introspection(struct kvm_vm *vm)
@@ -320,6 +367,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_check_event();
test_cmd_get_vm_info();
test_event_unhook(vm);
+ test_cmd_vm_control_events();
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 74e3e1aa326b..9d246152c5e8 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -331,6 +331,9 @@ static bool kvmi_unhook_event(struct kvm_introspection
*kvmi)
{
int err;
+ if (!is_vm_event_enabled(kvmi, KVMI_EVENT_UNHOOK))
+ return false;
+
err = kvmi_msg_send_unhook(kvmi);
return !err;
@@ -354,3 +357,14 @@ int kvmi_ioctl_preunhook(struct kvm *kvm)
return err;
}
+
+int kvmi_cmd_vm_control_events(struct kvm_introspection *kvmi,
+ unsigned int event_id, bool enable)
+{
+ if (enable)
+ set_bit(event_id, kvmi->vm_event_enable_mask);
+ else
+ clear_bit(event_id, kvmi->vm_event_enable_mask);
+
+ return 0;
+}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 3ea8e8250f7d..d1c143334626 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -29,11 +29,18 @@
BIT(KVMI_GET_VERSION) \
| BIT(KVMI_VM_CHECK_COMMAND) \
| BIT(KVMI_VM_CHECK_EVENT) \
+ | BIT(KVMI_VM_CONTROL_EVENTS) \
| BIT(KVMI_VM_GET_INFO) \
)
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
+static inline bool is_vm_event_enabled(struct kvm_introspection *kvmi,
+ int event)
+{
+ return test_bit(event, kvmi->vm_event_enable_mask);
+}
+
/* kvmi_msg.c */
bool kvmi_sock_get(struct kvm_introspection *kvmi, int fd);
void kvmi_sock_shutdown(struct kvm_introspection *kvmi);
@@ -45,5 +52,7 @@ int kvmi_msg_send_unhook(struct kvm_introspection *kvmi);
void *kvmi_msg_alloc(void);
void *kvmi_msg_alloc_check(size_t size);
void kvmi_msg_free(void *addr);
+int kvmi_cmd_vm_control_events(struct kvm_introspection *kvmi,
+ unsigned int event_id, bool enable);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index dbc2ba9a1399..79b26853b5cb 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -9,10 +9,11 @@
#include "kvmi_int.h"
static const char *const msg_IDs[] = {
- [KVMI_GET_VERSION] = "KVMI_GET_VERSION",
- [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND",
- [KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
- [KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
+ [KVMI_GET_VERSION] = "KVMI_GET_VERSION",
+ [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND",
+ [KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
+ [KVMI_VM_CONTROL_EVENTS] = "KVMI_VM_CONTROL_EVENTS",
+ [KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
};
static bool is_known_message(u16 id)
@@ -181,15 +182,41 @@ static int handle_get_info(struct kvm_introspection *kvmi,
return kvmi_msg_vm_reply(kvmi, msg, 0, &rpl, sizeof(rpl));
}
+static int handle_vm_control_events(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg,
+ const void *_req)
+{
+ const struct kvmi_vm_control_events *req = _req;
+ DECLARE_BITMAP(known_events, KVMI_NUM_EVENTS);
+ int ec;
+
+ bitmap_from_u64(known_events, KVMI_KNOWN_VM_EVENTS);
+
+ if (req->padding1 || req->padding2)
+ ec = -KVM_EINVAL;
+ else if (req->event_id >= KVMI_NUM_EVENTS)
+ ec = -KVM_EINVAL;
+ else if (!test_bit(req->event_id, known_events))
+ ec = -KVM_EINVAL;
+ else if (!is_event_allowed(kvmi, req->event_id))
+ ec = -KVM_EPERM;
+ else
+ ec = kvmi_cmd_vm_control_events(kvmi, req->event_id,
+ req->enable);
+
+ return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0);
+}
+
/*
* These commands are executed by the receiving thread/worker.
*/
static int(*const msg_vm[])(struct kvm_introspection *,
const struct kvmi_msg_hdr *, const void *) = {
- [KVMI_GET_VERSION] = handle_get_version,
- [KVMI_VM_CHECK_COMMAND] = handle_check_command,
- [KVMI_VM_CHECK_EVENT] = handle_check_event,
- [KVMI_VM_GET_INFO] = handle_get_info,
+ [KVMI_GET_VERSION] = handle_get_version,
+ [KVMI_VM_CHECK_COMMAND] = handle_check_command,
+ [KVMI_VM_CHECK_EVENT] = handle_check_event,
+ [KVMI_VM_CONTROL_EVENTS] = handle_vm_control_events,
+ [KVMI_VM_GET_INFO] = handle_get_info,
};
static bool is_vm_message(u16 id)
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 45/78] KVM: introspection: add KVMI_VM_READ_PHYSICAL/KVMI_VM_WRITE_PHYSICAL
From: Mihai Don?u <mdontu at bitdefender.com>
These commands allows the introspection tool to read/write from/to the
guest memory.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 62 +++++++
include/uapi/linux/kvmi.h | 13 ++
.../testing/selftests/kvm/x86_64/kvmi_test.c | 167 ++++++++++++++++++
virt/kvm/introspection/kvmi.c | 135 ++++++++++++++
virt/kvm/introspection/kvmi_int.h | 9 +
virt/kvm/introspection/kvmi_msg.c | 46 +++++
6 files changed, 432 insertions(+)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 7039f4d2b782..60fa50585c36 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -366,6 +366,68 @@ the following events::
* -KVM_EINVAL - padding is not zero
* -KVM_EPERM - the access is restricted by the host
+6. KVMI_VM_READ_PHYSICAL
+------------------------
+
+:Architectures: all
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vm_read_physical {
+ __u64 gpa;
+ __u64 size;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+ __u8 data[0];
+
+Reads from the guest memory.
+
+Currently, the size must be non-zero and the read must be restricted to
+one page (offset + size <= PAGE_SIZE).
+
+:Errors:
+
+* -KVM_EINVAL - the specified gpa/size pair is invalid
+* -KVM_ENOENT - the guest page doesn't exists
+
+7. KVMI_VM_WRITE_PHYSICAL
+-------------------------
+
+:Architectures: all
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vm_write_physical {
+ __u64 gpa;
+ __u64 size;
+ __u8 data[0];
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code
+
+Writes into the guest memory.
+
+Currently, the size must be non-zero and the write must be restricted to
+one page (offset + size <= PAGE_SIZE).
+
+:Errors:
+
+* -KVM_EINVAL - the specified gpa/size pair is invalid
+* -KVM_ENOENT - the guest page doesn't exists
+
Events
=====
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index da9bf30ae513..3b8590c0fc98 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -22,6 +22,8 @@ enum {
KVMI_VM_CHECK_EVENT = 4,
KVMI_VM_GET_INFO = 5,
KVMI_VM_CONTROL_EVENTS = 6,
+ KVMI_VM_READ_PHYSICAL = 7,
+ KVMI_VM_WRITE_PHYSICAL = 8,
KVMI_NUM_MESSAGES
};
@@ -76,6 +78,17 @@ struct kvmi_vm_control_events {
__u32 padding2;
};
+struct kvmi_vm_read_physical {
+ __u64 gpa;
+ __u64 size;
+};
+
+struct kvmi_vm_write_physical {
+ __u64 gpa;
+ __u64 size;
+ __u8 data[0];
+};
+
struct kvmi_event {
__u16 size;
__u16 vcpu;
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 23dba71e7dc6..b0573d7e2e5b 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -24,6 +24,13 @@ static int socket_pair[2];
#define Kvm_socket socket_pair[0]
#define Userspace_socket socket_pair[1]
+static vm_vaddr_t test_gva;
+static void *test_hva;
+static vm_paddr_t test_gpa;
+
+static uint8_t test_write_pattern;
+static int page_size;
+
void setup_socket(void)
{
int r;
@@ -356,6 +363,150 @@ static void test_cmd_vm_control_events(void)
disable_vm_event(id);
}
+static int cmd_write_page(__u64 gpa, __u64 size, void *p)
+{
+ struct kvmi_vm_write_physical *cmd;
+ struct kvmi_msg_hdr *req;
+ size_t req_size;
+ int r;
+
+ req_size = sizeof(*req) + sizeof(*cmd) + size;
+
+ req = calloc(1, req_size);
+ TEST_ASSERT(req, "Insufficient Memory\n");
+
+ cmd = (struct kvmi_vm_write_physical *)(req + 1);
+ cmd->gpa = gpa;
+ cmd->size = size;
+
+ memcpy(cmd + 1, p, size);
+
+ r = do_command(KVMI_VM_WRITE_PHYSICAL, req, req_size, NULL, 0);
+
+ free(req);
+
+ return r;
+}
+
+static void write_guest_page(__u64 gpa, void *p)
+{
+ int r;
+
+ r = cmd_write_page(gpa, page_size, p);
+ TEST_ASSERT(r == 0,
+ "KVMI_VM_WRITE_PHYSICAL failed, gpa 0x%lx, error %d (%s)\n",
+ gpa, -r, kvm_strerror(-r));
+}
+
+static void write_with_invalid_arguments(__u64 gpa, __u64 size, void *p)
+{
+ int r;
+
+ r = cmd_write_page(gpa, size, p);
+ TEST_ASSERT(r == -KVM_EINVAL,
+ "KVMI_VM_WRITE_PHYSICAL did not failed with EINVAL, gpa 0x%lx, error %d
(%s)\n",
+ gpa, -r, kvm_strerror(-r));
+}
+
+static void write_invalid_guest_page(struct kvm_vm *vm, void *p)
+{
+ uint64_t gpa = vm->max_gfn << vm->page_shift;
+ int r;
+
+ r = cmd_write_page(gpa, 1, p);
+ TEST_ASSERT(r == -KVM_ENOENT,
+ "KVMI_VM_WRITE_PHYSICAL did not failed with ENOENT, gpa 0x%lx, error %d
(%s)\n",
+ gpa, -r, kvm_strerror(-r));
+}
+
+static int cmd_read_page(__u64 gpa, __u64 size, void *p)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vm_read_physical cmd;
+ } req = { };
+
+ req.cmd.gpa = gpa;
+ req.cmd.size = size;
+
+ return do_command(KVMI_VM_READ_PHYSICAL, &req.hdr, sizeof(req), p,
+ page_size);
+}
+
+static void read_guest_page(__u64 gpa, void *p)
+{
+ int r;
+
+ r = cmd_read_page(gpa, page_size, p);
+ TEST_ASSERT(r == 0,
+ "KVMI_VM_READ_PHYSICAL failed, gpa 0x%lx, error %d (%s)\n",
+ gpa, -r, kvm_strerror(-r));
+}
+
+static void read_with_invalid_arguments(__u64 gpa, __u64 size, void *p)
+{
+ int r;
+
+ r = cmd_read_page(gpa, size, p);
+ TEST_ASSERT(r == -KVM_EINVAL,
+ "KVMI_VM_READ_PHYSICAL did not failed with EINVAL, gpa 0x%lx, error %d
(%s)\n",
+ gpa, -r, kvm_strerror(-r));
+}
+
+static void read_invalid_guest_page(struct kvm_vm *vm)
+{
+ uint64_t gpa = vm->max_gfn << vm->page_shift;
+ int r;
+
+ r = cmd_read_page(gpa, 1, NULL);
+ TEST_ASSERT(r == -KVM_ENOENT,
+ "KVMI_VM_READ_PHYSICAL did not failed with ENOENT, gpa 0x%lx, error %d
(%s)\n",
+ gpa, -r, kvm_strerror(-r));
+}
+
+static void new_test_write_pattern(struct kvm_vm *vm)
+{
+ uint8_t n;
+
+ do {
+ n = random();
+ } while (!n || n == test_write_pattern);
+
+ test_write_pattern = n;
+ sync_global_to_guest(vm, test_write_pattern);
+}
+
+static void test_memory_access(struct kvm_vm *vm)
+{
+ void *pw, *pr;
+
+ new_test_write_pattern(vm);
+
+ pw = malloc(page_size);
+ TEST_ASSERT(pw, "Insufficient Memory\n");
+
+ memset(pw, test_write_pattern, page_size);
+
+ write_guest_page(test_gpa, pw);
+ TEST_ASSERT(memcmp(pw, test_hva, page_size) == 0,
+ "Write page test failed");
+
+ pr = malloc(page_size);
+ TEST_ASSERT(pr, "Insufficient Memory\n");
+
+ read_guest_page(test_gpa, pr);
+ TEST_ASSERT(memcmp(pw, pr, page_size) == 0,
+ "Read page test failed");
+
+ read_with_invalid_arguments(test_gpa, 0, pr);
+ write_with_invalid_arguments(test_gpa, 0, pw);
+ write_invalid_guest_page(vm, pw);
+
+ free(pw);
+ free(pr);
+
+ read_invalid_guest_page(vm);
+}
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -368,10 +519,23 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_get_vm_info();
test_event_unhook(vm);
test_cmd_vm_control_events();
+ test_memory_access(vm);
unhook_introspection(vm);
}
+static void setup_test_pages(struct kvm_vm *vm)
+{
+ test_gva = vm_vaddr_alloc(vm, page_size, KVM_UTIL_MIN_VADDR, 0, 0);
+
+ sync_global_to_guest(vm, test_gva);
+
+ test_hva = addr_gva2hva(vm, test_gva);
+ memset(test_hva, 0, page_size);
+
+ test_gpa = addr_gva2gpa(vm, test_gva);
+}
+
int main(int argc, char *argv[])
{
struct kvm_vm *vm;
@@ -385,6 +549,9 @@ int main(int argc, char *argv[])
vm = vm_create_default(VCPU_ID, 0, NULL);
vcpu_set_cpuid(vm, VCPU_ID, kvm_get_supported_cpuid());
+ page_size = getpagesize();
+ setup_test_pages(vm);
+
test_introspection(vm);
return 0;
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 9d246152c5e8..9e4e8fb07859 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -5,6 +5,7 @@
* Copyright (C) 2017-2020 Bitdefender S.R.L.
*
*/
+#include <linux/mmu_context.h>
#include "kvmi_int.h"
#include <linux/kthread.h>
@@ -368,3 +369,137 @@ int kvmi_cmd_vm_control_events(struct kvm_introspection
*kvmi,
return 0;
}
+
+unsigned long gfn_to_hva_safe(struct kvm *kvm, gfn_t gfn)
+{
+ unsigned long hva;
+ int srcu_idx;
+
+ srcu_idx = srcu_read_lock(&kvm->srcu);
+ hva = gfn_to_hva(kvm, gfn);
+ srcu_read_unlock(&kvm->srcu, srcu_idx);
+
+ return hva;
+}
+
+static long
+get_user_pages_remote_unlocked(struct mm_struct *mm, unsigned long start,
+ unsigned long nr_pages, unsigned int gup_flags,
+ struct page **pages)
+{
+ struct vm_area_struct **vmas = NULL;
+ struct task_struct *tsk = NULL;
+ int locked = 1;
+ long r;
+
+ down_read(&mm->mmap_sem);
+ r = get_user_pages_remote(tsk, mm, start, nr_pages, gup_flags,
+ pages, vmas, &locked);
+ if (locked)
+ up_read(&mm->mmap_sem);
+
+ return r;
+}
+
+static void *get_page_ptr(struct kvm *kvm, gpa_t gpa, struct page **page,
+ bool write)
+{
+ unsigned int flags = write ? FOLL_WRITE : 0;
+ unsigned long hva;
+
+ *page = NULL;
+
+ hva = gfn_to_hva_safe(kvm, gpa_to_gfn(gpa));
+
+ if (kvm_is_error_hva(hva))
+ return NULL;
+
+ if (get_user_pages_remote_unlocked(kvm->mm, hva, 1, flags, page) != 1)
+ return NULL;
+
+ return write ? kmap_atomic(*page) : kmap(*page);
+}
+
+static void put_page_ptr(void *ptr, struct page *page, bool write)
+{
+ if (ptr) {
+ if (write)
+ kunmap_atomic(ptr);
+ else
+ kunmap(ptr);
+ }
+ if (page)
+ put_page(page);
+}
+
+static int get_first_vcpu(struct kvm *kvm, struct kvm_vcpu **vcpu)
+{
+ struct kvm_vcpu *v;
+
+ if (!atomic_read(&kvm->online_vcpus))
+ return -KVM_EINVAL;
+
+ v = kvm_get_vcpu(kvm, 0);
+ if (!v)
+ return -KVM_EINVAL;
+
+ *vcpu = v;
+
+ return 0;
+}
+
+int kvmi_cmd_read_physical(struct kvm *kvm, u64 gpa, u64 size,
+ int (*send)(struct kvm_introspection *,
+ const struct kvmi_msg_hdr *,
+ int err, const void *buf, size_t),
+ const struct kvmi_msg_hdr *ctx)
+{
+ void *ptr_page = NULL, *ptr = NULL;
+ struct page *page = NULL;
+ struct kvm_vcpu *vcpu;
+ size_t ptr_size = 0;
+ int err, ec;
+
+ ec = get_first_vcpu(kvm, &vcpu);
+
+ if (ec)
+ goto out;
+
+ ptr_page = get_page_ptr(kvm, gpa, &page, false);
+ if (!ptr_page) {
+ ec = -KVM_ENOENT;
+ goto out;
+ }
+
+ ptr = ptr_page + (gpa & ~PAGE_MASK);
+ ptr_size = size;
+
+out:
+ err = send(KVMI(kvm), ctx, ec, ptr, ptr_size);
+
+ put_page_ptr(ptr_page, page, false);
+ return err;
+}
+
+int kvmi_cmd_write_physical(struct kvm *kvm, u64 gpa, u64 size, const void
*buf)
+{
+ struct kvm_vcpu *vcpu;
+ struct page *page;
+ void *ptr;
+ int err;
+
+ err = get_first_vcpu(kvm, &vcpu);
+
+ if (err)
+ return err;
+
+ ptr = get_page_ptr(kvm, gpa, &page, true);
+ if (!ptr)
+ return -KVM_ENOENT;
+
+ memcpy(ptr + (gpa & ~PAGE_MASK), buf, size);
+
+ put_page_ptr(ptr, page, true);
+
+ return 0;
+}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index d1c143334626..3bc598b9b66c 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -31,6 +31,8 @@
| BIT(KVMI_VM_CHECK_EVENT) \
| BIT(KVMI_VM_CONTROL_EVENTS) \
| BIT(KVMI_VM_GET_INFO) \
+ | BIT(KVMI_VM_READ_PHYSICAL) \
+ | BIT(KVMI_VM_WRITE_PHYSICAL) \
)
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
@@ -54,5 +56,12 @@ void *kvmi_msg_alloc_check(size_t size);
void kvmi_msg_free(void *addr);
int kvmi_cmd_vm_control_events(struct kvm_introspection *kvmi,
unsigned int event_id, bool enable);
+int kvmi_cmd_read_physical(struct kvm *kvm, u64 gpa, u64 size,
+ int (*send)(struct kvm_introspection *,
+ const struct kvmi_msg_hdr*,
+ int err, const void *buf, size_t),
+ const struct kvmi_msg_hdr *ctx);
+int kvmi_cmd_write_physical(struct kvm *kvm, u64 gpa, u64 size,
+ const void *buf);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 79b26853b5cb..032b6b5b8000 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -14,6 +14,8 @@ static const char *const msg_IDs[] = {
[KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
[KVMI_VM_CONTROL_EVENTS] = "KVMI_VM_CONTROL_EVENTS",
[KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
+ [KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
+ [KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
};
static bool is_known_message(u16 id)
@@ -207,6 +209,48 @@ static int handle_vm_control_events(struct
kvm_introspection *kvmi,
return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0);
}
+static bool invalid_page_access(u64 gpa, u64 size)
+{
+ u64 off = gpa & ~PAGE_MASK;
+
+ return (size == 0 || size > PAGE_SIZE || off + size > PAGE_SIZE);
+}
+
+static int handle_read_physical(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg,
+ const void *_req)
+{
+ const struct kvmi_vm_read_physical *req = _req;
+
+ if (invalid_page_access(req->gpa, req->size)) {
+ int ec = -KVM_EINVAL;
+
+ return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0);
+ }
+
+ return kvmi_cmd_read_physical(kvmi->kvm, req->gpa, req->size,
+ kvmi_msg_vm_reply, msg);
+}
+
+static int handle_write_physical(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg,
+ const void *_req)
+{
+ const struct kvmi_vm_write_physical *req = _req;
+ int ec;
+
+ if (msg->size < sizeof(*req) + req->size)
+ return -EINVAL;
+
+ if (invalid_page_access(req->gpa, req->size))
+ ec = -KVM_EINVAL;
+ else
+ ec = kvmi_cmd_write_physical(kvmi->kvm, req->gpa,
+ req->size, req->data);
+
+ return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0);
+}
+
/*
* These commands are executed by the receiving thread/worker.
*/
@@ -217,6 +261,8 @@ static int(*const msg_vm[])(struct kvm_introspection *,
[KVMI_VM_CHECK_EVENT] = handle_check_event,
[KVMI_VM_CONTROL_EVENTS] = handle_vm_control_events,
[KVMI_VM_GET_INFO] = handle_get_info,
+ [KVMI_VM_READ_PHYSICAL] = handle_read_physical,
+ [KVMI_VM_WRITE_PHYSICAL] = handle_write_physical,
};
static bool is_vm_message(u16 id)
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 46/78] KVM: introspection: add vCPU related data
From: Mircea C?rjaliu <mcirjaliu at bitdefender.com>
Add an introspection structure to all vCPUs when the VM is hooked.
Signed-off-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvmi_host.h | 3 ++
include/linux/kvm_host.h | 1 +
include/linux/kvmi_host.h | 7 +++++
virt/kvm/introspection/kvmi.c | 49 ++++++++++++++++++++++++++++++++
virt/kvm/kvm_main.c | 1 +
5 files changed, 61 insertions(+)
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
index 38c398262913..360a57dd9019 100644
--- a/arch/x86/include/asm/kvmi_host.h
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -2,6 +2,9 @@
#ifndef _ASM_X86_KVMI_HOST_H
#define _ASM_X86_KVMI_HOST_H
+struct kvm_vcpu_arch_introspection {
+};
+
struct kvm_arch_introspection {
};
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 0104cb2c8ee0..52e98720d0f6 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -323,6 +323,7 @@ struct kvm_vcpu {
bool ready;
struct kvm_vcpu_arch arch;
struct dentry *debugfs_dentry;
+ struct kvm_vcpu_introspection *kvmi;
};
static inline int kvm_vcpu_exiting_guest_mode(struct kvm_vcpu *vcpu)
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 41b22af771fb..ca2db8043a53 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -5,11 +5,16 @@
#include <uapi/linux/kvmi.h>
struct kvm;
+struct kvm_vcpu;
#include <asm/kvmi_host.h>
#define KVMI_NUM_COMMANDS KVMI_NUM_MESSAGES
+struct kvm_vcpu_introspection {
+ struct kvm_vcpu_arch_introspection arch;
+};
+
struct kvm_introspection {
struct kvm_arch_introspection arch;
struct kvm *kvm;
@@ -33,6 +38,7 @@ int kvmi_init(void);
void kvmi_uninit(void);
void kvmi_create_vm(struct kvm *kvm);
void kvmi_destroy_vm(struct kvm *kvm);
+void kvmi_vcpu_uninit(struct kvm_vcpu *vcpu);
int kvmi_ioctl_hook(struct kvm *kvm, void __user *argp);
int kvmi_ioctl_unhook(struct kvm *kvm);
@@ -46,6 +52,7 @@ static inline int kvmi_init(void) { return 0; }
static inline void kvmi_uninit(void) { }
static inline void kvmi_create_vm(struct kvm *kvm) { }
static inline void kvmi_destroy_vm(struct kvm *kvm) { }
+static inline void kvmi_vcpu_uninit(struct kvm_vcpu *vcpu) { }
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 9e4e8fb07859..655170ffb574 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -59,16 +59,56 @@ void kvmi_uninit(void)
kvmi_cache_destroy();
}
+static bool alloc_vcpui(struct kvm_vcpu *vcpu)
+{
+ struct kvm_vcpu_introspection *vcpui;
+
+ vcpui = kzalloc(sizeof(*vcpui), GFP_KERNEL);
+ if (!vcpui)
+ return false;
+
+ vcpu->kvmi = vcpui;
+
+ return true;
+}
+
+static int create_vcpui(struct kvm_vcpu *vcpu)
+{
+ if (!alloc_vcpui(vcpu))
+ return -ENOMEM;
+
+ return 0;
+}
+
+static void free_vcpui(struct kvm_vcpu *vcpu)
+{
+ kfree(vcpu->kvmi);
+ vcpu->kvmi = NULL;
+}
+
static void free_kvmi(struct kvm *kvm)
{
+ struct kvm_vcpu *vcpu;
+ int i;
+
+ kvm_for_each_vcpu(i, vcpu, kvm)
+ free_vcpui(vcpu);
+
kfree(kvm->kvmi);
kvm->kvmi = NULL;
}
+void kvmi_vcpu_uninit(struct kvm_vcpu *vcpu)
+{
+ free_vcpui(vcpu);
+}
+
static struct kvm_introspection *
alloc_kvmi(struct kvm *kvm, const struct kvm_introspection_hook *hook)
{
struct kvm_introspection *kvmi;
+ struct kvm_vcpu *vcpu;
+ int i;
kvmi = kzalloc(sizeof(*kvmi), GFP_KERNEL);
if (!kvmi)
@@ -83,6 +123,15 @@ alloc_kvmi(struct kvm *kvm, const struct
kvm_introspection_hook *hook)
atomic_set(&kvmi->ev_seq, 0);
+ kvm_for_each_vcpu(i, vcpu, kvm) {
+ int err = create_vcpui(vcpu);
+
+ if (err) {
+ free_kvmi(kvm);
+ return NULL;
+ }
+ }
+
kvmi->kvm = kvm;
return kvmi;
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 4f83735f2b74..ef7d14ef8e86 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -373,6 +373,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu)
* descriptors are already gone.
*/
put_pid(rcu_dereference_protected(vcpu->pid, 1));
+ kvmi_vcpu_uninit(vcpu);
kvm_arch_vcpu_uninit(vcpu);
free_page((unsigned long)vcpu->run);
}
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 47/78] KVM: introspection: add a jobs list to every introspected vCPU
Every vCPU has a lock-protected list in which (mostly) the receiving
worker places the jobs that has to be done by the vCPU once it is kicked
(KVM_REQ_INTROSPECTION) out of guest.
A job is defined by a "do" function, a "free" function and a
pointer
(context).
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
include/linux/kvmi_host.h | 10 +++++
virt/kvm/introspection/kvmi.c | 68 ++++++++++++++++++++++++++++++-
virt/kvm/introspection/kvmi_int.h | 1 +
3 files changed, 77 insertions(+), 2 deletions(-)
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index ca2db8043a53..1d80d233fbd5 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -11,8 +11,18 @@ struct kvm_vcpu;
#define KVMI_NUM_COMMANDS KVMI_NUM_MESSAGES
+struct kvmi_job {
+ struct list_head link;
+ void *ctx;
+ void (*fct)(struct kvm_vcpu *vcpu, void *ctx);
+ void (*free_fct)(void *ctx);
+};
+
struct kvm_vcpu_introspection {
struct kvm_vcpu_arch_introspection arch;
+
+ struct list_head job_list;
+ spinlock_t job_lock;
};
struct kvm_introspection {
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 655170ffb574..5149f8e06131 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -10,6 +10,7 @@
#include <linux/kthread.h>
static struct kmem_cache *msg_cache;
+static struct kmem_cache *job_cache;
void *kvmi_msg_alloc(void)
{
@@ -33,14 +34,19 @@ static void kvmi_cache_destroy(void)
{
kmem_cache_destroy(msg_cache);
msg_cache = NULL;
+ kmem_cache_destroy(job_cache);
+ job_cache = NULL;
}
static int kvmi_cache_create(void)
{
msg_cache = kmem_cache_create("kvmi_msg", KVMI_MSG_SIZE_ALLOC,
4096, SLAB_ACCOUNT, NULL);
+ job_cache = kmem_cache_create("kvmi_job",
+ sizeof(struct kvmi_job),
+ 0, SLAB_ACCOUNT, NULL);
- if (!msg_cache) {
+ if (!msg_cache || !job_cache) {
kvmi_cache_destroy();
return -1;
@@ -59,6 +65,48 @@ void kvmi_uninit(void)
kvmi_cache_destroy();
}
+static int __kvmi_add_job(struct kvm_vcpu *vcpu,
+ void (*fct)(struct kvm_vcpu *vcpu, void *ctx),
+ void *ctx, void (*free_fct)(void *ctx))
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+ struct kvmi_job *job;
+
+ job = kmem_cache_zalloc(job_cache, GFP_KERNEL);
+ if (unlikely(!job))
+ return -ENOMEM;
+
+ INIT_LIST_HEAD(&job->link);
+ job->fct = fct;
+ job->ctx = ctx;
+ job->free_fct = free_fct;
+
+ spin_lock(&vcpui->job_lock);
+ list_add_tail(&job->link, &vcpui->job_list);
+ spin_unlock(&vcpui->job_lock);
+
+ return 0;
+}
+
+int kvmi_add_job(struct kvm_vcpu *vcpu,
+ void (*fct)(struct kvm_vcpu *vcpu, void *ctx),
+ void *ctx, void (*free_fct)(void *ctx))
+{
+ int err;
+
+ err = __kvmi_add_job(vcpu, fct, ctx, free_fct);
+
+ return err;
+}
+
+static void kvmi_free_job(struct kvmi_job *job)
+{
+ if (job->free_fct)
+ job->free_fct(job->ctx);
+
+ kmem_cache_free(job_cache, job);
+}
+
static bool alloc_vcpui(struct kvm_vcpu *vcpu)
{
struct kvm_vcpu_introspection *vcpui;
@@ -67,6 +115,9 @@ static bool alloc_vcpui(struct kvm_vcpu *vcpu)
if (!vcpui)
return false;
+ INIT_LIST_HEAD(&vcpui->job_list);
+ spin_lock_init(&vcpui->job_lock);
+
vcpu->kvmi = vcpui;
return true;
@@ -82,7 +133,20 @@ static int create_vcpui(struct kvm_vcpu *vcpu)
static void free_vcpui(struct kvm_vcpu *vcpu)
{
- kfree(vcpu->kvmi);
+ struct kvm_vcpu_introspection *vcpui = vcpu->kvmi;
+ struct kvmi_job *cur, *next;
+
+ if (!vcpui)
+ return;
+
+ spin_lock(&vcpui->job_lock);
+ list_for_each_entry_safe(cur, next, &vcpui->job_list, link) {
+ list_del(&cur->link);
+ kvmi_free_job(cur);
+ }
+ spin_unlock(&vcpui->job_lock);
+
+ kfree(vcpui);
vcpu->kvmi = NULL;
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 3bc598b9b66c..e0d8256162f9 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -36,6 +36,7 @@
)
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
+#define VCPUI(vcpu) ((struct kvm_vcpu_introspection *)((vcpu)->kvmi))
static inline bool is_vm_event_enabled(struct kvm_introspection *kvmi,
int event)
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 48/78] KVM: introspection: handle vCPU introspection requests
From: Mihai Don?u <mdontu at bitdefender.com>
The introspection requests (KVM_REQ_INTROSPECTION) are checked before
entering guest or when the vCPU is halted.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com>
Signed-off-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/x86.c | 3 ++
include/linux/kvm_host.h | 2 +
include/linux/kvmi_host.h | 4 ++
virt/kvm/introspection/kvmi.c | 72 +++++++++++++++++++++++++++++++++
virt/kvm/kvm_main.c | 2 +
6 files changed, 84 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 378a094ceb5b..9cf45ca73af5 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -78,6 +78,7 @@
#define KVM_REQ_HV_STIMER KVM_ARCH_REQ(22)
#define KVM_REQ_LOAD_EOI_EXITMAP KVM_ARCH_REQ(23)
#define KVM_REQ_GET_VMCS12_PAGES KVM_ARCH_REQ(24)
+#define KVM_REQ_INTROSPECTION KVM_ARCH_REQ(25)
#define CR0_RESERVED_BITS \
(~(unsigned long)(X86_CR0_PE | X86_CR0_MP | X86_CR0_EM | X86_CR0_TS \
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 46aeb32cb07f..46a135595893 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -8391,6 +8391,9 @@ static int vcpu_run(struct kvm_vcpu *vcpu)
vcpu->arch.l1tf_flush_l1d = true;
for (;;) {
+ if (kvm_check_request(KVM_REQ_INTROSPECTION, vcpu))
+ kvmi_handle_requests(vcpu);
+
if (kvm_vcpu_running(vcpu)) {
r = vcpu_enter_guest(vcpu);
} else {
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 52e98720d0f6..d2d9b814093e 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -505,6 +505,8 @@ struct kvm {
struct srcu_struct irq_srcu;
pid_t userspace_pid;
struct mutex kvmi_lock;
+ refcount_t kvmi_ref;
+ struct completion kvmi_complete;
struct kvm_introspection *kvmi;
};
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 1d80d233fbd5..6a0fb481b192 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -56,6 +56,8 @@ int kvmi_ioctl_command(struct kvm *kvm, void __user *argp);
int kvmi_ioctl_event(struct kvm *kvm, void __user *argp);
int kvmi_ioctl_preunhook(struct kvm *kvm);
+void kvmi_handle_requests(struct kvm_vcpu *vcpu);
+
#else
static inline int kvmi_init(void) { return 0; }
@@ -64,6 +66,8 @@ static inline void kvmi_create_vm(struct kvm *kvm) { }
static inline void kvmi_destroy_vm(struct kvm *kvm) { }
static inline void kvmi_vcpu_uninit(struct kvm_vcpu *vcpu) { }
+static inline void kvmi_handle_requests(struct kvm_vcpu *vcpu) { }
+
#endif /* CONFIG_KVM_INTROSPECTION */
#endif
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 5149f8e06131..ea86512ca81e 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -65,6 +65,12 @@ void kvmi_uninit(void)
kvmi_cache_destroy();
}
+static void kvmi_make_request(struct kvm_vcpu *vcpu)
+{
+ kvm_make_request(KVM_REQ_INTROSPECTION, vcpu);
+ kvm_vcpu_kick(vcpu);
+}
+
static int __kvmi_add_job(struct kvm_vcpu *vcpu,
void (*fct)(struct kvm_vcpu *vcpu, void *ctx),
void *ctx, void (*free_fct)(void *ctx))
@@ -96,6 +102,9 @@ int kvmi_add_job(struct kvm_vcpu *vcpu,
err = __kvmi_add_job(vcpu, fct, ctx, free_fct);
+ if (!err)
+ kvmi_make_request(vcpu);
+
return err;
}
@@ -217,6 +226,7 @@ static void __kvmi_unhook(struct kvm *kvm)
{
struct kvm_introspection *kvmi = KVMI(kvm);
+ wait_for_completion_killable(&kvm->kvmi_complete);
kvmi_sock_put(kvmi);
}
@@ -242,8 +252,23 @@ int kvmi_ioctl_unhook(struct kvm *kvm)
return 0;
}
+struct kvm_introspection * __must_check kvmi_get(struct kvm *kvm)
+{
+ if (refcount_inc_not_zero(&kvm->kvmi_ref))
+ return kvm->kvmi;
+
+ return NULL;
+}
+
+void kvmi_put(struct kvm *kvm)
+{
+ if (refcount_dec_and_test(&kvm->kvmi_ref))
+ complete(&kvm->kvmi_complete);
+}
+
static int __kvmi_hook(struct kvm *kvm,
const struct kvm_introspection_hook *hook)
+
{
struct kvm_introspection *kvmi = KVMI(kvm);
@@ -266,6 +291,7 @@ static int kvmi_recv_thread(void *arg)
*/
kvmi_sock_shutdown(kvmi);
+ kvmi_put(kvmi->kvm);
return 0;
}
@@ -293,9 +319,18 @@ int kvmi_hook(struct kvm *kvm, const struct
kvm_introspection_hook *hook)
if (err)
goto destroy;
+ init_completion(&kvm->kvmi_complete);
+
+ refcount_set(&kvm->kvmi_ref, 1);
+ /*
+ * Paired with refcount_inc_not_zero() from kvmi_get().
+ */
+ smp_wmb();
+
kvmi->recv = kthread_run(kvmi_recv_thread, kvmi, "kvmi-recv");
if (IS_ERR(kvmi->recv)) {
err = -ENOMEM;
+ kvmi_put(kvm);
goto unhook;
}
@@ -616,3 +651,40 @@ int kvmi_cmd_write_physical(struct kvm *kvm, u64 gpa, u64
size, const void *buf)
return 0;
}
+
+static struct kvmi_job *kvmi_pull_job(struct kvm_vcpu_introspection *vcpui)
+{
+ struct kvmi_job *job = NULL;
+
+ spin_lock(&vcpui->job_lock);
+ job = list_first_entry_or_null(&vcpui->job_list, typeof(*job), link);
+ if (job)
+ list_del(&job->link);
+ spin_unlock(&vcpui->job_lock);
+
+ return job;
+}
+
+void kvmi_run_jobs(struct kvm_vcpu *vcpu)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+ struct kvmi_job *job;
+
+ while ((job = kvmi_pull_job(vcpui))) {
+ job->fct(vcpu, job->ctx);
+ kvmi_free_job(job);
+ }
+}
+
+void kvmi_handle_requests(struct kvm_vcpu *vcpu)
+{
+ struct kvm_introspection *kvmi;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return;
+
+ kvmi_run_jobs(vcpu);
+
+ kvmi_put(vcpu->kvm);
+}
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index ef7d14ef8e86..b701254f1125 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2414,6 +2414,8 @@ static int kvm_vcpu_check_block(struct kvm_vcpu *vcpu)
goto out;
if (signal_pending(current))
goto out;
+ if (kvm_test_request(KVM_REQ_INTROSPECTION, vcpu))
+ goto out;
ret = 0;
out:
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 49/78] KVM: introspection: handle vCPU commands
From: Mihai Don?u <mdontu at bitdefender.com>
Based on the common structure (kvmi_vcpu_hdr) used for all vCPU commands,
the receiving thread validates and dispatches the message to the proper
vCPU (adding the handling function to its jobs list).
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 8 ++
include/uapi/linux/kvmi.h | 6 ++
virt/kvm/introspection/kvmi_int.h | 3 +
virt/kvm/introspection/kvmi_msg.c | 151 +++++++++++++++++++++++++++++-
4 files changed, 166 insertions(+), 2 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 60fa50585c36..38f566b07bb5 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -232,6 +232,14 @@ The following C structures are meant to be used directly
when communicating
over the wire. The peer that detects any size mismatch should simply close
the connection and report the error.
+The commands related to vCPUs start with::
+
+ struct kvmi_vcpu_hdr {
+ __u16 vcpu;
+ __u16 padding1;
+ __u32 padding2;
+ }
+
1. KVMI_GET_VERSION
-------------------
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 3b8590c0fc98..b2cbefdb8b29 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -89,6 +89,12 @@ struct kvmi_vm_write_physical {
__u8 data[0];
};
+struct kvmi_vcpu_hdr {
+ __u16 vcpu;
+ __u16 padding1;
+ __u32 padding2;
+};
+
struct kvmi_event {
__u16 size;
__u16 vcpu;
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index e0d8256162f9..e7ebb4d67dd6 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -55,6 +55,9 @@ int kvmi_msg_send_unhook(struct kvm_introspection *kvmi);
void *kvmi_msg_alloc(void);
void *kvmi_msg_alloc_check(size_t size);
void kvmi_msg_free(void *addr);
+int kvmi_add_job(struct kvm_vcpu *vcpu,
+ void (*fct)(struct kvm_vcpu *vcpu, void *ctx),
+ void *ctx, void (*free_fct)(void *ctx));
int kvmi_cmd_vm_control_events(struct kvm_introspection *kvmi,
unsigned int event_id, bool enable);
int kvmi_cmd_read_physical(struct kvm *kvm, u64 gpa, u64 size,
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 032b6b5b8000..94225153f7cc 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -8,6 +8,14 @@
#include <linux/net.h>
#include "kvmi_int.h"
+struct kvmi_vcpu_cmd_job {
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr cmd;
+ } *msg;
+ struct kvm_vcpu *vcpu;
+};
+
static const char *const msg_IDs[] = {
[KVMI_GET_VERSION] = "KVMI_GET_VERSION",
[KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND",
@@ -123,6 +131,28 @@ static bool is_command_allowed(struct kvm_introspection
*kvmi, int id)
return test_bit(id, kvmi->cmd_allow_mask);
}
+static bool invalid_vcpu_hdr(const struct kvmi_vcpu_hdr *hdr)
+{
+ return hdr->padding1 || hdr->padding2;
+}
+
+static int kvmi_get_vcpu(struct kvm_introspection *kvmi, unsigned int vcpu_idx,
+ struct kvm_vcpu **dest)
+{
+ struct kvm *kvm = kvmi->kvm;
+ struct kvm_vcpu *vcpu;
+
+ if (vcpu_idx >= atomic_read(&kvm->online_vcpus))
+ return -KVM_EINVAL;
+
+ vcpu = kvm_get_vcpu(kvm, vcpu_idx);
+ if (!vcpu)
+ return -KVM_EINVAL;
+
+ *dest = vcpu;
+ return 0;
+}
+
static int handle_get_version(struct kvm_introspection *kvmi,
const struct kvmi_msg_hdr *msg, const void *req)
{
@@ -265,16 +295,67 @@ static int(*const msg_vm[])(struct kvm_introspection *,
[KVMI_VM_WRITE_PHYSICAL] = handle_write_physical,
};
+/*
+ * These commands are executed on the vCPU thread. The receiving thread
+ * passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
+ * and signals the vCPU to handle the command (which includes
+ * sending back the reply).
+ */
+static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job *,
+ const struct kvmi_msg_hdr *, const void *) = {
+};
+
+static void kvmi_job_vcpu_cmd(struct kvm_vcpu *vcpu, void *ctx)
+{
+ struct kvmi_vcpu_cmd_job *job = ctx;
+ size_t id = job->msg->hdr.id;
+ int err;
+
+ job->vcpu = vcpu;
+
+ err = msg_vcpu[id](job, &job->msg->hdr, job->msg + 1);
+
+ if (err) {
+ struct kvm_introspection *kvmi = KVMI(vcpu->kvm);
+
+ kvmi_err(kvmi,
+ "%s: cmd id: %zu (%s), err: %d\n", __func__,
+ id, id2str(id), err);
+ kvmi_sock_shutdown(kvmi);
+ }
+}
+
+static void kvmi_free_ctx(void *_ctx)
+{
+ const struct kvmi_vcpu_cmd_job *ctx = _ctx;
+
+ kvmi_msg_free(ctx->msg);
+ kfree(ctx);
+}
+
+static int kvmi_msg_queue_to_vcpu(struct kvm_vcpu *vcpu,
+ const struct kvmi_vcpu_cmd_job *cmd)
+{
+ return kvmi_add_job(vcpu, kvmi_job_vcpu_cmd, (void *)cmd,
+ kvmi_free_ctx);
+}
+
static bool is_vm_message(u16 id)
{
return id < ARRAY_SIZE(msg_vm) && !!msg_vm[id];
}
+static bool is_vcpu_message(u16 id)
+{
+ return id < ARRAY_SIZE(msg_vcpu) && !!msg_vcpu[id];
+}
+
static bool is_unsupported_message(u16 id)
{
bool supported;
- supported = is_known_message(id) && is_vm_message(id);
+ supported = is_known_message(id) &&
+ (is_vm_message(id) || is_vcpu_message(id));
return !supported;
}
@@ -344,12 +425,78 @@ static int kvmi_msg_dispatch_vm_cmd(struct
kvm_introspection *kvmi,
return msg_vm[msg->id](kvmi, msg, msg + 1);
}
+static bool vcpu_can_handle_commands(struct kvm_vcpu *vcpu)
+{
+ return vcpu->arch.mp_state != KVM_MP_STATE_UNINITIALIZED;
+}
+
+static int kvmi_get_vcpu_if_ready(struct kvm_introspection *kvmi,
+ unsigned int vcpu_idx,
+ struct kvm_vcpu **vcpu)
+{
+ int err;
+
+ err = kvmi_get_vcpu(kvmi, vcpu_idx, vcpu);
+
+ if (!err && !vcpu_can_handle_commands(*vcpu))
+ err = -KVM_EAGAIN;
+
+ return err;
+}
+
+static int kvmi_msg_dispatch_vcpu_job(struct kvm_introspection *kvmi,
+ struct kvmi_vcpu_cmd_job *job,
+ bool *queued)
+{
+ struct kvmi_vcpu_hdr *cmd = &job->msg->cmd;
+ struct kvmi_msg_hdr *hdr = &job->msg->hdr;
+ struct kvm_vcpu *vcpu = NULL;
+ int err;
+
+ if (invalid_vcpu_hdr(cmd))
+ return -KVM_EINVAL;
+
+ err = kvmi_get_vcpu_if_ready(kvmi, cmd->vcpu, &vcpu);
+
+ if (err)
+ return kvmi_msg_vm_reply(kvmi, hdr, err, NULL, 0);
+
+ err = kvmi_msg_queue_to_vcpu(vcpu, job);
+ if (!err)
+ *queued = true;
+ return err;
+}
+
+static int kvmi_msg_dispatch_vcpu_cmd(struct kvm_introspection *kvmi,
+ struct kvmi_msg_hdr *msg,
+ bool *queued)
+{
+ struct kvmi_vcpu_cmd_job *job_cmd;
+ int err;
+
+ job_cmd = kzalloc(sizeof(*job_cmd), GFP_KERNEL);
+ if (!job_cmd)
+ return -KVM_ENOMEM;
+
+ job_cmd->msg = (void *)msg;
+
+ err = kvmi_msg_dispatch_vcpu_job(kvmi, job_cmd, queued);
+
+ if (!*queued)
+ kfree(job_cmd);
+
+ return err;
+}
+
static int kvmi_msg_dispatch(struct kvm_introspection *kvmi,
struct kvmi_msg_hdr *msg, bool *queued)
{
int err;
- err = kvmi_msg_dispatch_vm_cmd(kvmi, msg);
+ if (is_vcpu_message(msg->id))
+ err = kvmi_msg_dispatch_vcpu_cmd(kvmi, msg, queued);
+ else
+ err = kvmi_msg_dispatch_vm_cmd(kvmi, msg);
if (err)
kvmi_err(kvmi, "%s: msg id: %u (%s), err: %d\n", __func__,
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 50/78] KVM: introspection: add KVMI_VCPU_GET_INFO
From: Mihai Don?u <mdontu at bitdefender.com>
For now, this command returns the TSC frequency (in HZ) for the specified
vCPU if available (otherwise it returns zero).
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 29 ++++
arch/x86/include/uapi/asm/kvmi.h | 4 +
arch/x86/kvm/Makefile | 2 +-
arch/x86/kvm/kvmi.c | 19 +++
include/uapi/linux/kvmi.h | 2 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 144 +++++++++++++++++-
virt/kvm/introspection/kvmi_int.h | 5 +
virt/kvm/introspection/kvmi_msg.c | 23 +++
8 files changed, 226 insertions(+), 2 deletions(-)
create mode 100644 arch/x86/kvm/kvmi.c
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 38f566b07bb5..8eb0006349d6 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -436,6 +436,35 @@ one page (offset + size <= PAGE_SIZE).
* -KVM_EINVAL - the specified gpa/size pair is invalid
* -KVM_ENOENT - the guest page doesn't exists
+8. KVMI_VCPU_GET_INFO
+---------------------
+
+:Architectures: all
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+ struct kvmi_vcpu_get_info_reply {
+ __u64 tsc_speed;
+ };
+
+Returns the TSC frequency (in HZ) for the specified vCPU if available
+(otherwise it returns zero).
+
+:Errors:
+
+* -KVM_EINVAL - the selected vCPU is invalid
+* -KVM_EINVAL - padding is not zero
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+
Events
=====
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
index 551f9ed1ed9c..89adf84cefe4 100644
--- a/arch/x86/include/uapi/asm/kvmi.h
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -26,4 +26,8 @@ struct kvmi_event_arch {
} msrs;
};
+struct kvmi_vcpu_get_info_reply {
+ __u64 tsc_speed;
+};
+
#endif /* _UAPI_ASM_X86_KVMI_H */
diff --git a/arch/x86/kvm/Makefile b/arch/x86/kvm/Makefile
index c46ec49dfeb9..fc28f6c75648 100644
--- a/arch/x86/kvm/Makefile
+++ b/arch/x86/kvm/Makefile
@@ -8,7 +8,7 @@ KVMI := $(KVM)/introspection
kvm-y += $(KVM)/kvm_main.o $(KVM)/coalesced_mmio.o \
$(KVM)/eventfd.o $(KVM)/irqchip.o $(KVM)/vfio.o
kvm-$(CONFIG_KVM_ASYNC_PF) += $(KVM)/async_pf.o
-kvm-$(CONFIG_KVM_INTROSPECTION) += $(KVMI)/kvmi.o $(KVMI)/kvmi_msg.o
+kvm-$(CONFIG_KVM_INTROSPECTION) += $(KVMI)/kvmi.o $(KVMI)/kvmi_msg.o kvmi.o
kvm-y += x86.o emulate.o i8259.o irq.o lapic.o \
i8254.o ioapic.o irq_comm.o cpuid.o pmu.o mtrr.o \
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
new file mode 100644
index 000000000000..2afb3abc97fa
--- /dev/null
+++ b/arch/x86/kvm/kvmi.c
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * KVM introspection - x86
+ *
+ * Copyright (C) 2019-2020 Bitdefender S.R.L.
+ */
+
+#include "../../../virt/kvm/introspection/kvmi_int.h"
+
+int kvmi_arch_cmd_vcpu_get_info(struct kvm_vcpu *vcpu,
+ struct kvmi_vcpu_get_info_reply *rpl)
+{
+ if (kvm_has_tsc_control)
+ rpl->tsc_speed = 1000ul * vcpu->arch.virtual_tsc_khz;
+ else
+ rpl->tsc_speed = 0;
+
+ return 0;
+}
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index b2cbefdb8b29..b36ecc0d6513 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -25,6 +25,8 @@ enum {
KVMI_VM_READ_PHYSICAL = 7,
KVMI_VM_WRITE_PHYSICAL = 8,
+ KVMI_VCPU_GET_INFO = 9,
+
KVMI_NUM_MESSAGES
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index b0573d7e2e5b..5c55f4ce5875 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -8,6 +8,7 @@
#define _GNU_SOURCE /* for program_invocation_short_name */
#include <sys/types.h>
#include <sys/socket.h>
+#include <pthread.h>
#include "test_util.h"
@@ -24,6 +25,7 @@ static int socket_pair[2];
#define Kvm_socket socket_pair[0]
#define Userspace_socket socket_pair[1]
+static int test_id;
static vm_vaddr_t test_gva;
static void *test_hva;
static vm_paddr_t test_gpa;
@@ -31,6 +33,39 @@ static vm_paddr_t test_gpa;
static uint8_t test_write_pattern;
static int page_size;
+struct vcpu_worker_data {
+ struct kvm_vm *vm;
+ int vcpu_id;
+ int test_id;
+ bool stop;
+};
+
+enum {
+ GUEST_TEST_NOOP = 0,
+};
+
+#define GUEST_REQUEST_TEST() GUEST_SYNC(0)
+#define GUEST_SIGNAL_TEST_DONE() GUEST_SYNC(1)
+
+#define HOST_SEND_TEST(uc) (uc.cmd == UCALL_SYNC && uc.args[1] ==
0)
+
+static int guest_test_id(void)
+{
+ GUEST_REQUEST_TEST();
+ return READ_ONCE(test_id);
+}
+
+static void guest_code(void)
+{
+ while (true) {
+ switch (guest_test_id()) {
+ case GUEST_TEST_NOOP:
+ break;
+ }
+ GUEST_SIGNAL_TEST_DONE();
+ }
+}
+
void setup_socket(void)
{
int r;
@@ -507,6 +542,112 @@ static void test_memory_access(struct kvm_vm *vm)
read_invalid_guest_page(vm);
}
+
+static void *vcpu_worker(void *data)
+{
+ struct vcpu_worker_data *ctx = data;
+ struct kvm_run *run;
+
+ run = vcpu_state(ctx->vm, ctx->vcpu_id);
+
+ while (!ctx->stop) {
+ struct ucall uc;
+
+ vcpu_run(ctx->vm, ctx->vcpu_id);
+
+ TEST_ASSERT(run->exit_reason == KVM_EXIT_IO,
+ "vcpu_run() failed, test_id %d, exit reason %u (%s)\n",
+ ctx->test_id, run->exit_reason,
+ exit_reason_str(run->exit_reason));
+
+ TEST_ASSERT(get_ucall(ctx->vm, ctx->vcpu_id, &uc),
+ "No guest request\n");
+
+ if (HOST_SEND_TEST(uc)) {
+ test_id = READ_ONCE(ctx->test_id);
+ sync_global_to_guest(ctx->vm, test_id);
+ }
+ }
+
+ return NULL;
+}
+
+static pthread_t start_vcpu_worker(struct vcpu_worker_data *data)
+{
+ pthread_t thread_id;
+
+ pthread_create(&thread_id, NULL, vcpu_worker, data);
+
+ return thread_id;
+}
+
+static void wait_vcpu_worker(pthread_t vcpu_thread)
+{
+ pthread_join(vcpu_thread, NULL);
+}
+
+static void stop_vcpu_worker(pthread_t vcpu_thread,
+ struct vcpu_worker_data *data)
+{
+ data->stop = true;
+
+ wait_vcpu_worker(vcpu_thread);
+}
+
+static int do_vcpu_command(struct kvm_vm *vm, int cmd_id,
+ struct kvmi_msg_hdr *req, size_t req_size,
+ void *rpl, size_t rpl_size)
+{
+ struct vcpu_worker_data data = {.vm = vm, .vcpu_id = VCPU_ID };
+ pthread_t vcpu_thread;
+ int r;
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ send_message(cmd_id, req, req_size);
+ r = receive_cmd_reply(req, rpl, rpl_size);
+
+ stop_vcpu_worker(vcpu_thread, &data);
+ return r;
+}
+
+static int do_vcpu0_command(struct kvm_vm *vm, int cmd_id,
+ struct kvmi_msg_hdr *req, size_t req_size,
+ void *rpl, size_t rpl_size)
+{
+ struct kvmi_vcpu_hdr *vcpu_hdr = (struct kvmi_vcpu_hdr *)req;
+
+ vcpu_hdr->vcpu = 0;
+
+ return do_vcpu_command(vm, cmd_id, req, req_size, rpl, rpl_size);
+}
+
+static void test_vcpu0_command(struct kvm_vm *vm, int cmd_id,
+ struct kvmi_msg_hdr *req, size_t req_size,
+ void *rpl, size_t rpl_size)
+{
+ int r;
+
+ r = do_vcpu0_command(vm, cmd_id, req, req_size, rpl, rpl_size);
+ TEST_ASSERT(r == 0,
+ "Command %d failed, error %d (%s)\n",
+ cmd_id, -r, kvm_strerror(-r));
+}
+
+static void test_cmd_get_vcpu_info(struct kvm_vm *vm)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ } req = {};
+ struct kvmi_vcpu_get_info_reply rpl;
+
+ test_vcpu0_command(vm, KVMI_VCPU_GET_INFO, &req.hdr, sizeof(req),
+ &rpl, sizeof(rpl));
+
+ DEBUG("tsc_speed: %llu HZ\n", rpl.tsc_speed);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -520,6 +661,7 @@ static void test_introspection(struct kvm_vm *vm)
test_event_unhook(vm);
test_cmd_vm_control_events();
test_memory_access(vm);
+ test_cmd_get_vcpu_info(vm);
unhook_introspection(vm);
}
@@ -546,7 +688,7 @@ int main(int argc, char *argv[])
exit(KSFT_SKIP);
}
- vm = vm_create_default(VCPU_ID, 0, NULL);
+ vm = vm_create_default(VCPU_ID, 0, guest_code);
vcpu_set_cpuid(vm, VCPU_ID, kvm_get_supported_cpuid());
page_size = getpagesize();
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index e7ebb4d67dd6..bab73fc232ec 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -33,6 +33,7 @@
| BIT(KVMI_VM_GET_INFO) \
| BIT(KVMI_VM_READ_PHYSICAL) \
| BIT(KVMI_VM_WRITE_PHYSICAL) \
+ | BIT(KVMI_VCPU_GET_INFO) \
)
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
@@ -68,4 +69,8 @@ int kvmi_cmd_read_physical(struct kvm *kvm, u64 gpa, u64 size,
int kvmi_cmd_write_physical(struct kvm *kvm, u64 gpa, u64 size,
const void *buf);
+/* arch */
+int kvmi_arch_cmd_vcpu_get_info(struct kvm_vcpu *vcpu,
+ struct kvmi_vcpu_get_info_reply *rpl);
+
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 94225153f7cc..4e7a2ceb78da 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -24,6 +24,7 @@ static const char *const msg_IDs[] = {
[KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
[KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
[KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
+ [KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
};
static bool is_known_message(u16 id)
@@ -126,6 +127,15 @@ static int kvmi_msg_vm_reply(struct kvm_introspection
*kvmi,
return kvmi_msg_reply(kvmi, msg, err, rpl, rpl_size);
}
+static int kvmi_msg_vcpu_reply(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg, int err,
+ const void *rpl, size_t rpl_size)
+{
+ struct kvm_introspection *kvmi = KVMI(job->vcpu->kvm);
+
+ return kvmi_msg_reply(kvmi, msg, err, rpl, rpl_size);
+}
+
static bool is_command_allowed(struct kvm_introspection *kvmi, int id)
{
return test_bit(id, kvmi->cmd_allow_mask);
@@ -295,6 +305,18 @@ static int(*const msg_vm[])(struct kvm_introspection *,
[KVMI_VM_WRITE_PHYSICAL] = handle_write_physical,
};
+static int handle_get_vcpu_info(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg,
+ const void *req)
+{
+ struct kvmi_vcpu_get_info_reply rpl;
+
+ memset(&rpl, 0, sizeof(rpl));
+ kvmi_arch_cmd_vcpu_get_info(job->vcpu, &rpl);
+
+ return kvmi_msg_vcpu_reply(job, msg, 0, &rpl, sizeof(rpl));
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -303,6 +325,7 @@ static int(*const msg_vm[])(struct kvm_introspection *,
*/
static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job *,
const struct kvmi_msg_hdr *, const void *) = {
+ [KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
};
static void kvmi_job_vcpu_cmd(struct kvm_vcpu *vcpu, void *ctx)
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 51/78] KVM: introspection: add KVMI_VCPU_PAUSE
This is the only vCPU command handled by the receiving thread.
It increments a pause request counter and kicks the vCPU.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 66 ++++++++++++++++++-
include/linux/kvmi_host.h | 2 +
include/uapi/linux/kvmi.h | 11 +++-
.../testing/selftests/kvm/x86_64/kvmi_test.c | 31 +++++++++
virt/kvm/introspection/kvmi.c | 64 ++++++++++++++++--
virt/kvm/introspection/kvmi_int.h | 6 +-
virt/kvm/introspection/kvmi_msg.c | 39 +++++++++++
7 files changed, 212 insertions(+), 7 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 8eb0006349d6..ba01b9a249a2 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -465,12 +465,52 @@ Returns the TSC frequency (in HZ) for the specified vCPU
if available
* -KVM_EINVAL - padding is not zero
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+9. KVMI_VCPU_PAUSE
+------------------
+
+:Architecture: all
+:Versions: >= 1
+:Parameters:
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_vcpu_pause {
+ __u8 wait;
+ __u8 padding1;
+ __u16 padding2;
+ __u32 padding3;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+
+Kicks the vCPU from guest.
+
+If `wait` is 1, the command will wait for vCPU to acknowledge the IPI.
+
+The vCPU will handle the pending commands/events and send the
+*KVMI_EVENT_PAUSE_VCPU* event (one for every successful *KVMI_VCPU_PAUSE*
+command) before returning to guest.
+
+The socket will be closed if the *KVMI_EVENT_PAUSE_VCPU* event is disallowed.
+Use *KVMI_VM_CHECK_EVENT* first.
+
+:Errors:
+
+* -KVM_EINVAL - the selected vCPU is invalid
+* -KVM_EINVAL - padding is not zero
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+* -KVM_EBUSY - the selected vCPU has too many queued *KVMI_EVENT_PAUSE_VCPU*
events
+
+
Events
=====
All introspection events (VM or vCPU related) are sent
using the *KVMI_EVENT* message id. No event will be sent unless
-it is explicitly enabled.
+it is explicitly enabled or requested (eg. *KVMI_EVENT_PAUSE_VCPU*).
The *KVMI_EVENT_UNHOOK* event doesn't have a reply and share the kvmi_event
structure, for consistency with the vCPU events.
@@ -529,3 +569,27 @@ the guest (see **Unhooking**) and the introspection has
been enabled
for this event (see **KVMI_VM_CONTROL_EVENTS**). The introspection tool
has a chance to unhook and close the KVMI channel (signaling that the
operation can proceed).
+
+1. KVMI_EVENT_PAUSE_VCPU
+------------------------
+
+:Architectures: all
+:Versions: >= 1
+:Actions: CONTINUE, CRASH
+:Parameters:
+
+::
+
+ struct kvmi_event;
+
+:Returns:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_event_reply;
+
+This event is sent in response to a *KVMI_VCPU_PAUSE* command.
+
+This event has a low priority. It will be sent after any other vCPU
+introspection event and when no vCPU introspection command is queued.
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 6a0fb481b192..988927c29bf5 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -23,6 +23,8 @@ struct kvm_vcpu_introspection {
struct list_head job_list;
spinlock_t job_lock;
+
+ atomic_t pause_requests;
};
struct kvm_introspection {
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index b36ecc0d6513..54a788c1c204 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -26,12 +26,14 @@ enum {
KVMI_VM_WRITE_PHYSICAL = 8,
KVMI_VCPU_GET_INFO = 9,
+ KVMI_VCPU_PAUSE = 10,
KVMI_NUM_MESSAGES
};
enum {
- KVMI_EVENT_UNHOOK = 0,
+ KVMI_EVENT_UNHOOK = 0,
+ KVMI_EVENT_PAUSE_VCPU = 1,
KVMI_NUM_EVENTS
};
@@ -97,6 +99,13 @@ struct kvmi_vcpu_hdr {
__u32 padding2;
};
+struct kvmi_vcpu_pause {
+ __u8 wait;
+ __u8 padding1;
+ __u16 padding2;
+ __u32 padding3;
+};
+
struct kvmi_event {
__u16 size;
__u16 vcpu;
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 5c55f4ce5875..942601f6177b 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -648,6 +648,36 @@ static void test_cmd_get_vcpu_info(struct kvm_vm *vm)
DEBUG("tsc_speed: %llu HZ\n", rpl.tsc_speed);
}
+static int cmd_pause_vcpu(struct kvm_vm *vm)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ struct kvmi_vcpu_pause cmd;
+ } req = {};
+ __u16 vcpu_index = 0;
+
+ req.vcpu_hdr.vcpu = vcpu_index;
+
+ return do_command(KVMI_VCPU_PAUSE, &req.hdr, sizeof(req),
+ NULL, 0);
+}
+
+static void pause_vcpu(struct kvm_vm *vm)
+{
+ int r;
+
+ r = cmd_pause_vcpu(vm);
+ TEST_ASSERT(r == 0,
+ "KVMI_VCPU_PAUSE failed, error %d(%s)\n",
+ -r, kvm_strerror(-r));
+}
+
+static void test_pause(struct kvm_vm *vm)
+{
+ pause_vcpu(vm);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -662,6 +692,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_vm_control_events();
test_memory_access(vm);
test_cmd_get_vcpu_info(vm);
+ test_pause(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index ea86512ca81e..51c090a56242 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -9,6 +9,10 @@
#include "kvmi_int.h"
#include <linux/kthread.h>
+enum {
+ MAX_PAUSE_REQUESTS = 1001
+};
+
static struct kmem_cache *msg_cache;
static struct kmem_cache *job_cache;
@@ -65,10 +69,14 @@ void kvmi_uninit(void)
kvmi_cache_destroy();
}
-static void kvmi_make_request(struct kvm_vcpu *vcpu)
+static void kvmi_make_request(struct kvm_vcpu *vcpu, bool wait)
{
kvm_make_request(KVM_REQ_INTROSPECTION, vcpu);
- kvm_vcpu_kick(vcpu);
+
+ if (wait)
+ kvm_vcpu_kick_and_wait(vcpu);
+ else
+ kvm_vcpu_kick(vcpu);
}
static int __kvmi_add_job(struct kvm_vcpu *vcpu,
@@ -103,7 +111,7 @@ int kvmi_add_job(struct kvm_vcpu *vcpu,
err = __kvmi_add_job(vcpu, fct, ctx, free_fct);
if (!err)
- kvmi_make_request(vcpu);
+ kvmi_make_request(vcpu, false);
return err;
}
@@ -278,6 +286,22 @@ static int __kvmi_hook(struct kvm *kvm,
return 0;
}
+static void kvmi_job_release_vcpu(struct kvm_vcpu *vcpu, void *ctx)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+
+ atomic_set(&vcpui->pause_requests, 0);
+}
+
+static void kvmi_release_vcpus(struct kvm *kvm)
+{
+ struct kvm_vcpu *vcpu;
+ int i;
+
+ kvm_for_each_vcpu(i, vcpu, kvm)
+ kvmi_add_job(vcpu, kvmi_job_release_vcpu, NULL, NULL);
+}
+
static int kvmi_recv_thread(void *arg)
{
struct kvm_introspection *kvmi = arg;
@@ -291,6 +315,8 @@ static int kvmi_recv_thread(void *arg)
*/
kvmi_sock_shutdown(kvmi);
+ kvmi_release_vcpus(kvmi->kvm);
+
kvmi_put(kvmi->kvm);
return 0;
}
@@ -676,15 +702,45 @@ void kvmi_run_jobs(struct kvm_vcpu *vcpu)
}
}
+static void kvmi_vcpu_pause_event(struct kvm_vcpu *vcpu)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+
+ atomic_dec(&vcpui->pause_requests);
+ /* to be implemented */
+}
+
void kvmi_handle_requests(struct kvm_vcpu *vcpu)
{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
struct kvm_introspection *kvmi;
kvmi = kvmi_get(vcpu->kvm);
if (!kvmi)
return;
- kvmi_run_jobs(vcpu);
+ for (;;) {
+ kvmi_run_jobs(vcpu);
+
+ if (atomic_read(&vcpui->pause_requests))
+ kvmi_vcpu_pause_event(vcpu);
+ else
+ break;
+ }
kvmi_put(vcpu->kvm);
}
+
+int kvmi_cmd_vcpu_pause(struct kvm_vcpu *vcpu, bool wait)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+
+ if (atomic_read(&vcpui->pause_requests) > MAX_PAUSE_REQUESTS)
+ return -KVM_EBUSY;
+
+ atomic_inc(&vcpui->pause_requests);
+
+ kvmi_make_request(vcpu, wait);
+
+ return 0;
+}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index bab73fc232ec..d1d93488af1c 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -21,7 +21,9 @@
#define KVMI_KNOWN_VM_EVENTS ( \
BIT(KVMI_EVENT_UNHOOK) \
)
-#define KVMI_KNOWN_VCPU_EVENTS 0
+#define KVMI_KNOWN_VCPU_EVENTS ( \
+ BIT(KVMI_EVENT_PAUSE_VCPU) \
+ )
#define KVMI_KNOWN_EVENTS (KVMI_KNOWN_VM_EVENTS | KVMI_KNOWN_VCPU_EVENTS)
@@ -34,6 +36,7 @@
| BIT(KVMI_VM_READ_PHYSICAL) \
| BIT(KVMI_VM_WRITE_PHYSICAL) \
| BIT(KVMI_VCPU_GET_INFO) \
+ | BIT(KVMI_VCPU_PAUSE) \
)
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
@@ -68,6 +71,7 @@ int kvmi_cmd_read_physical(struct kvm *kvm, u64 gpa, u64 size,
const struct kvmi_msg_hdr *ctx);
int kvmi_cmd_write_physical(struct kvm *kvm, u64 gpa, u64 size,
const void *buf);
+int kvmi_cmd_vcpu_pause(struct kvm_vcpu *vcpu, bool wait);
/* arch */
int kvmi_arch_cmd_vcpu_get_info(struct kvm_vcpu *vcpu,
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 4e7a2ceb78da..1eae0a9a8e0a 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -25,6 +25,7 @@ static const char *const msg_IDs[] = {
[KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
[KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
[KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
+ [KVMI_VCPU_PAUSE] = "KVMI_VCPU_PAUSE",
};
static bool is_known_message(u16 id)
@@ -291,6 +292,43 @@ static int handle_write_physical(struct kvm_introspection
*kvmi,
return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0);
}
+/*
+ * We handle this vCPU command on the receiving thread to make it easier
+ * for userspace to implement a 'pause VM' command. Usually, this is
done
+ * by sending one 'pause vCPU' command for every vCPU. By handling the
+ * command here, the userspace can consider that the VM has stopped
+ * once it receives the reply for the last 'pause vCPU' command.
+ */
+static int handle_pause_vcpu(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg,
+ const void *_req)
+{
+ const struct kvmi_vcpu_pause *req = _req;
+ const struct kvmi_vcpu_hdr *cmd;
+ struct kvm_vcpu *vcpu = NULL;
+ int err;
+
+ if (req->padding1 || req->padding2 || req->padding3)
+ return -KVM_EINVAL;
+
+ if (!is_event_allowed(kvmi, KVMI_EVENT_PAUSE_VCPU))
+ return -KVM_EPERM;
+
+ cmd = (const struct kvmi_vcpu_hdr *) (msg + 1);
+
+ if (invalid_vcpu_hdr(cmd)) {
+ err = -KVM_EINVAL;
+ goto reply;
+ }
+
+ err = kvmi_get_vcpu(kvmi, cmd->vcpu, &vcpu);
+ if (!err)
+ err = kvmi_cmd_vcpu_pause(vcpu, req->wait == 1);
+
+reply:
+ return kvmi_msg_vm_reply(kvmi, msg, err, NULL, 0);
+}
+
/*
* These commands are executed by the receiving thread/worker.
*/
@@ -303,6 +341,7 @@ static int(*const msg_vm[])(struct kvm_introspection *,
[KVMI_VM_GET_INFO] = handle_get_info,
[KVMI_VM_READ_PHYSICAL] = handle_read_physical,
[KVMI_VM_WRITE_PHYSICAL] = handle_write_physical,
+ [KVMI_VCPU_PAUSE] = handle_pause_vcpu,
};
static int handle_get_vcpu_info(const struct kvmi_vcpu_cmd_job *job,
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 52/78] KVM: introspection: add KVMI_EVENT_PAUSE_VCPU
This event is send by the vCPU thread and has a low priority. It
will be sent after any other vCPU introspection event and when no vCPU
introspection command is queued.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 23 ++-
arch/x86/kvm/kvmi.c | 53 ++++++
include/linux/kvmi_host.h | 11 ++
include/uapi/linux/kvmi.h | 14 ++
.../testing/selftests/kvm/x86_64/kvmi_test.c | 48 +++++-
virt/kvm/introspection/kvmi.c | 49 +++++-
virt/kvm/introspection/kvmi_int.h | 3 +
virt/kvm/introspection/kvmi_msg.c | 153 +++++++++++++++++-
8 files changed, 347 insertions(+), 7 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index ba01b9a249a2..8bf9b8f6dd7c 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -548,6 +548,27 @@ On x86 the structure looks like this::
It contains information about the vCPU state at the time of the event.
+The reply to events uses the *KVMI_EVENT_REPLY* message id and begins
+with two common structures::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_event_reply {
+ __u8 action;
+ __u8 event;
+ __u16 padding1;
+ __u32 padding2;
+ };
+
+All events accept the KVMI_EVENT_ACTION_CRASH action, which stops the
+guest ungracefully, but as soon as possible.
+
+Most of the events accept the KVMI_EVENT_ACTION_CONTINUE action, which
+lets the instruction that caused the event to continue (unless specified
+otherwise).
+
+Some of the events accept the KVMI_EVENT_ACTION_RETRY action, to continue
+by re-entering the guest.
+
Specific data can follow these common structures.
1. KVMI_EVENT_UNHOOK
@@ -570,7 +591,7 @@ for this event (see **KVMI_VM_CONTROL_EVENTS**). The
introspection tool
has a chance to unhook and close the KVMI channel (signaling that the
operation can proceed).
-1. KVMI_EVENT_PAUSE_VCPU
+2. KVMI_EVENT_PAUSE_VCPU
------------------------
:Architectures: all
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index 2afb3abc97fa..842d6abebb41 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -5,8 +5,61 @@
* Copyright (C) 2019-2020 Bitdefender S.R.L.
*/
+#include "linux/kvm_host.h"
+#include "x86.h"
#include "../../../virt/kvm/introspection/kvmi_int.h"
+static unsigned int kvmi_vcpu_mode(const struct kvm_vcpu *vcpu,
+ const struct kvm_sregs *sregs)
+{
+ unsigned int mode = 0;
+
+ if (is_long_mode((struct kvm_vcpu *) vcpu)) {
+ if (sregs->cs.l)
+ mode = 8;
+ else if (!sregs->cs.db)
+ mode = 2;
+ else
+ mode = 4;
+ } else if (sregs->cr0 & X86_CR0_PE) {
+ if (!sregs->cs.db)
+ mode = 2;
+ else
+ mode = 4;
+ } else if (!sregs->cs.db) {
+ mode = 2;
+ } else {
+ mode = 4;
+ }
+
+ return mode;
+}
+
+static void kvmi_get_msrs(struct kvm_vcpu *vcpu, struct kvmi_event_arch *ev)
+{
+ __kvm_get_msr(vcpu, MSR_IA32_SYSENTER_CS, &ev->msrs.sysenter_cs, true);
+ __kvm_get_msr(vcpu, MSR_IA32_SYSENTER_ESP, &ev->msrs.sysenter_esp,
+ true);
+ __kvm_get_msr(vcpu, MSR_IA32_SYSENTER_EIP, &ev->msrs.sysenter_eip,
+ true);
+ __kvm_get_msr(vcpu, MSR_EFER, &ev->msrs.efer, true);
+ __kvm_get_msr(vcpu, MSR_STAR, &ev->msrs.star, true);
+ __kvm_get_msr(vcpu, MSR_LSTAR, &ev->msrs.lstar, true);
+ __kvm_get_msr(vcpu, MSR_CSTAR, &ev->msrs.cstar, true);
+ __kvm_get_msr(vcpu, MSR_IA32_CR_PAT, &ev->msrs.pat, true);
+ __kvm_get_msr(vcpu, MSR_KERNEL_GS_BASE, &ev->msrs.shadow_gs, true);
+}
+
+void kvmi_arch_setup_event(struct kvm_vcpu *vcpu, struct kvmi_event *ev)
+{
+ struct kvmi_event_arch *event = &ev->arch;
+
+ kvm_arch_vcpu_get_regs(vcpu, &event->regs);
+ kvm_arch_vcpu_get_sregs(vcpu, &event->sregs);
+ ev->arch.mode = kvmi_vcpu_mode(vcpu, &event->sregs);
+ kvmi_get_msrs(vcpu, event);
+}
+
int kvmi_arch_cmd_vcpu_get_info(struct kvm_vcpu *vcpu,
struct kvmi_vcpu_get_info_reply *rpl)
{
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 988927c29bf5..49e68777a390 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -11,6 +11,14 @@ struct kvm_vcpu;
#define KVMI_NUM_COMMANDS KVMI_NUM_MESSAGES
+struct kvmi_vcpu_reply {
+ int error;
+ int action;
+ u32 seq;
+ void *data;
+ size_t size;
+};
+
struct kvmi_job {
struct list_head link;
void *ctx;
@@ -25,6 +33,9 @@ struct kvm_vcpu_introspection {
spinlock_t job_lock;
atomic_t pause_requests;
+
+ struct kvmi_vcpu_reply reply;
+ bool waiting_for_reply;
};
struct kvm_introspection {
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 54a788c1c204..2eb1e5b20d53 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -15,6 +15,7 @@ enum {
};
enum {
+ KVMI_EVENT_REPLY = 0,
KVMI_EVENT = 1,
KVMI_GET_VERSION = 2,
@@ -38,6 +39,12 @@ enum {
KVMI_NUM_EVENTS
};
+enum {
+ KVMI_EVENT_ACTION_CONTINUE = 0,
+ KVMI_EVENT_ACTION_RETRY = 1,
+ KVMI_EVENT_ACTION_CRASH = 2,
+};
+
struct kvmi_msg_hdr {
__u16 id;
__u16 size;
@@ -114,4 +121,11 @@ struct kvmi_event {
struct kvmi_event_arch arch;
};
+struct kvmi_event_reply {
+ __u8 action;
+ __u8 event;
+ __u16 padding1;
+ __u32 padding2;
+};
+
#endif /* _UAPI__LINUX_KVMI_H */
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 942601f6177b..27de5fb24580 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -33,6 +33,12 @@ static vm_paddr_t test_gpa;
static uint8_t test_write_pattern;
static int page_size;
+struct vcpu_reply {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ struct kvmi_event_reply reply;
+};
+
struct vcpu_worker_data {
struct kvm_vm *vm;
int vcpu_id;
@@ -550,7 +556,7 @@ static void *vcpu_worker(void *data)
run = vcpu_state(ctx->vm, ctx->vcpu_id);
- while (!ctx->stop) {
+ while (!READ_ONCE(ctx->stop)) {
struct ucall uc;
vcpu_run(ctx->vm, ctx->vcpu_id);
@@ -589,7 +595,7 @@ static void wait_vcpu_worker(pthread_t vcpu_thread)
static void stop_vcpu_worker(pthread_t vcpu_thread,
struct vcpu_worker_data *data)
{
- data->stop = true;
+ WRITE_ONCE(data->stop, true);
wait_vcpu_worker(vcpu_thread);
}
@@ -673,9 +679,47 @@ static void pause_vcpu(struct kvm_vm *vm)
-r, kvm_strerror(-r));
}
+static void reply_to_event(struct kvmi_msg_hdr *ev_hdr, struct kvmi_event *ev,
+ __u8 action, struct vcpu_reply *rpl, size_t rpl_size)
+{
+ ssize_t r;
+
+ rpl->hdr.id = KVMI_EVENT_REPLY;
+ rpl->hdr.seq = ev_hdr->seq;
+ rpl->hdr.size = rpl_size - sizeof(rpl->hdr);
+
+ rpl->vcpu_hdr.vcpu = ev->vcpu;
+
+ rpl->reply.action = action;
+ rpl->reply.event = ev->event;
+
+ r = send(Userspace_socket, rpl, rpl_size, 0);
+ TEST_ASSERT(r == rpl_size,
+ "send() failed, sending %d, result %d, errno %d (%s)\n",
+ rpl_size, r, errno, strerror(errno));
+}
+
static void test_pause(struct kvm_vm *vm)
{
+ struct vcpu_worker_data data = {.vm = vm, .vcpu_id = VCPU_ID};
+ __u16 event_id = KVMI_EVENT_PAUSE_VCPU;
+ struct vcpu_reply rpl = {};
+ struct kvmi_msg_hdr hdr;
+ pthread_t vcpu_thread;
+ struct kvmi_event ev;
+
+ allow_event(vm, event_id);
+
pause_vcpu(vm);
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ receive_event(&hdr, &ev, sizeof(ev), event_id);
+
+ reply_to_event(&hdr, &ev, KVMI_EVENT_ACTION_CONTINUE,
+ &rpl, sizeof(rpl));
+
+ stop_vcpu_worker(vcpu_thread, &data);
}
static void test_introspection(struct kvm_vm *vm)
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 51c090a56242..670c14c9683f 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -291,6 +291,7 @@ static void kvmi_job_release_vcpu(struct kvm_vcpu *vcpu,
void *ctx)
struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
atomic_set(&vcpui->pause_requests, 0);
+ vcpui->waiting_for_reply = false;
}
static void kvmi_release_vcpus(struct kvm *kvm)
@@ -702,12 +703,58 @@ void kvmi_run_jobs(struct kvm_vcpu *vcpu)
}
}
+static int kvmi_vcpu_kill(int sig, struct kvm_vcpu *vcpu)
+{
+ struct kernel_siginfo siginfo[1] = {};
+ int err = -ESRCH;
+ struct pid *pid;
+
+ rcu_read_lock();
+ pid = rcu_dereference(vcpu->pid);
+ if (pid)
+ err = kill_pid_info(sig, siginfo, pid);
+ rcu_read_unlock();
+
+ return err;
+}
+
+static void kvmi_vm_shutdown(struct kvm *kvm)
+{
+ struct kvm_vcpu *vcpu;
+ int i;
+
+ kvm_for_each_vcpu(i, vcpu, kvm)
+ kvmi_vcpu_kill(SIGTERM, vcpu);
+}
+
+void kvmi_handle_common_event_actions(struct kvm *kvm,
+ u32 action, const char *str)
+{
+ switch (action) {
+ case KVMI_EVENT_ACTION_CRASH:
+ kvmi_vm_shutdown(kvm);
+ break;
+
+ default:
+ kvmi_err(KVMI(kvm), "Unsupported action %d for event %s\n",
+ action, str);
+ }
+}
+
static void kvmi_vcpu_pause_event(struct kvm_vcpu *vcpu)
{
struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+ u32 action;
atomic_dec(&vcpui->pause_requests);
- /* to be implemented */
+
+ action = kvmi_msg_send_vcpu_pause(vcpu);
+ switch (action) {
+ case KVMI_EVENT_ACTION_CONTINUE:
+ break;
+ default:
+ kvmi_handle_common_event_actions(vcpu->kvm, action, "PAUSE");
+ }
}
void kvmi_handle_requests(struct kvm_vcpu *vcpu)
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index d1d93488af1c..50b2b98dd99b 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -54,6 +54,7 @@ void kvmi_sock_shutdown(struct kvm_introspection *kvmi);
void kvmi_sock_put(struct kvm_introspection *kvmi);
bool kvmi_msg_process(struct kvm_introspection *kvmi);
int kvmi_msg_send_unhook(struct kvm_introspection *kvmi);
+u32 kvmi_msg_send_vcpu_pause(struct kvm_vcpu *vcpu);
/* kvmi.c */
void *kvmi_msg_alloc(void);
@@ -62,6 +63,7 @@ void kvmi_msg_free(void *addr);
int kvmi_add_job(struct kvm_vcpu *vcpu,
void (*fct)(struct kvm_vcpu *vcpu, void *ctx),
void *ctx, void (*free_fct)(void *ctx));
+void kvmi_run_jobs(struct kvm_vcpu *vcpu);
int kvmi_cmd_vm_control_events(struct kvm_introspection *kvmi,
unsigned int event_id, bool enable);
int kvmi_cmd_read_physical(struct kvm *kvm, u64 gpa, u64 size,
@@ -76,5 +78,6 @@ int kvmi_cmd_vcpu_pause(struct kvm_vcpu *vcpu, bool wait);
/* arch */
int kvmi_arch_cmd_vcpu_get_info(struct kvm_vcpu *vcpu,
struct kvmi_vcpu_get_info_reply *rpl);
+void kvmi_arch_setup_event(struct kvm_vcpu *vcpu, struct kvmi_event *ev);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 1eae0a9a8e0a..69abca999cd2 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -17,6 +17,7 @@ struct kvmi_vcpu_cmd_job {
};
static const char *const msg_IDs[] = {
+ [KVMI_EVENT_REPLY] = "KVMI_EVENT_REPLY",
[KVMI_GET_VERSION] = "KVMI_GET_VERSION",
[KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND",
[KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
@@ -356,6 +357,56 @@ static int handle_get_vcpu_info(const struct
kvmi_vcpu_cmd_job *job,
return kvmi_msg_vcpu_reply(job, msg, 0, &rpl, sizeof(rpl));
}
+static int handle_event_reply(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg, const void *rpl)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(job->vcpu);
+ struct kvm_introspection *kvmi = KVMI(job->vcpu->kvm);
+ struct kvmi_vcpu_reply *expected = &vcpui->reply;
+ const struct kvmi_event_reply *reply = rpl;
+ size_t useful, received, common;
+
+ if (unlikely(msg->seq != expected->seq))
+ goto out_wakeup;
+
+ common = sizeof(struct kvmi_vcpu_hdr) + sizeof(*reply);
+ if (unlikely(msg->size < common))
+ goto out_wakeup;
+
+ if (unlikely(reply->padding1 || reply->padding2))
+ goto out_wakeup;
+
+ received = msg->size - common;
+ /* Don't accept newer/bigger structures */
+ if (unlikely(received > expected->size))
+ goto out_wakeup;
+
+ useful = min(received, expected->size);
+ if (useful)
+ memcpy(expected->data, reply + 1, useful);
+
+ if (useful < expected->size)
+ memset((char *)expected->data + useful, 0,
+ expected->size - useful);
+
+ expected->action = reply->action;
+ expected->error = 0;
+
+out_wakeup:
+
+ if (unlikely(expected->error))
+ kvmi_err(kvmi, "Invalid event %d/%d reply seq %x/%x size %u min %zu
expected %zu padding %u,%u\n",
+ reply->event, reply->action,
+ msg->seq, expected->seq,
+ msg->size, common,
+ common + expected->size,
+ reply->padding1,
+ reply->padding2);
+
+ vcpui->waiting_for_reply = false;
+ return expected->error;
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -364,6 +415,7 @@ static int handle_get_vcpu_info(const struct
kvmi_vcpu_cmd_job *job,
*/
static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job *,
const struct kvmi_msg_hdr *, const void *) = {
+ [KVMI_EVENT_REPLY] = handle_event_reply,
[KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
};
@@ -489,7 +541,8 @@ static int kvmi_msg_dispatch_vm_cmd(struct kvm_introspection
*kvmi,
static bool vcpu_can_handle_commands(struct kvm_vcpu *vcpu)
{
- return vcpu->arch.mp_state != KVM_MP_STATE_UNINITIALIZED;
+ return VCPUI(vcpu)->waiting_for_reply
+ || vcpu->arch.mp_state != KVM_MP_STATE_UNINITIALIZED;
}
static int kvmi_get_vcpu_if_ready(struct kvm_introspection *kvmi,
@@ -569,6 +622,9 @@ static int kvmi_msg_dispatch(struct kvm_introspection *kvmi,
static bool is_message_allowed(struct kvm_introspection *kvmi, __u16 id)
{
+ if (id == KVMI_EVENT_REPLY)
+ return true;
+
if (id >= KVMI_NUM_COMMANDS)
return false;
@@ -616,14 +672,23 @@ static inline u32 new_seq(struct kvm_introspection *kvmi)
return atomic_inc_return(&kvmi->ev_seq);
}
-static void kvmi_setup_event_common(struct kvmi_event *ev, u32 ev_id)
+static void kvmi_setup_event_common(struct kvmi_event *ev, u32 ev_id,
+ unsigned short vcpu_idx)
{
memset(ev, 0, sizeof(*ev));
+ ev->vcpu = vcpu_idx;
ev->event = ev_id;
ev->size = sizeof(*ev);
}
+static void kvmi_setup_event(struct kvm_vcpu *vcpu, struct kvmi_event *ev,
+ u32 ev_id)
+{
+ kvmi_setup_event_common(ev, ev_id, kvm_vcpu_get_idx(vcpu));
+ kvmi_arch_setup_event(vcpu, ev);
+}
+
int kvmi_msg_send_unhook(struct kvm_introspection *kvmi)
{
struct kvmi_msg_hdr hdr;
@@ -640,7 +705,89 @@ int kvmi_msg_send_unhook(struct kvm_introspection *kvmi)
hdr.seq = new_seq(kvmi);
hdr.size = msg_size - sizeof(hdr);
- kvmi_setup_event_common(&common, KVMI_EVENT_UNHOOK);
+ kvmi_setup_event_common(&common, KVMI_EVENT_UNHOOK, 0);
return kvmi_sock_write(kvmi, vec, n, msg_size);
}
+
+static int kvmi_wait_for_reply(struct kvm_vcpu *vcpu)
+{
+ struct swait_queue_head *wq = kvm_arch_vcpu_wq(vcpu);
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+ int err = 0;
+
+ vcpui->waiting_for_reply = true;
+
+ while (vcpui->waiting_for_reply && !err) {
+ kvmi_run_jobs(vcpu);
+
+ err = swait_event_killable_exclusive(*wq,
+ !vcpui->waiting_for_reply ||
+ !list_empty(&vcpui->job_list));
+ }
+
+ return err;
+}
+
+static int kvmi_send_event(struct kvm_vcpu *vcpu, u32 ev_id,
+ void *ev, size_t ev_size,
+ void *rpl, size_t rpl_size, int *action)
+{
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_event common;
+ struct kvec vec[] = {
+ {.iov_base = &hdr, .iov_len = sizeof(hdr) },
+ {.iov_base = &common, .iov_len = sizeof(common)},
+ {.iov_base = ev, .iov_len = ev_size },
+ };
+ size_t msg_size = sizeof(hdr) + sizeof(common) + ev_size;
+ size_t n = ev_size ? ARRAY_SIZE(vec) : ARRAY_SIZE(vec)-1;
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+ struct kvm_introspection *kvmi = KVMI(vcpu->kvm);
+ int err;
+
+ memset(&hdr, 0, sizeof(hdr));
+ hdr.id = KVMI_EVENT;
+ hdr.seq = new_seq(kvmi);
+ hdr.size = msg_size - sizeof(hdr);
+
+ kvmi_setup_event(vcpu, &common, ev_id);
+
+ memset(&vcpui->reply, 0, sizeof(vcpui->reply));
+
+ vcpui->reply.seq = hdr.seq;
+ vcpui->reply.data = rpl;
+ vcpui->reply.size = rpl_size;
+ vcpui->reply.error = -EINTR;
+
+ err = kvmi_sock_write(kvmi, vec, n, msg_size);
+ if (err)
+ goto out;
+
+ err = kvmi_wait_for_reply(vcpu);
+ if (err)
+ goto out;
+
+ err = vcpui->reply.error;
+ if (err)
+ goto out;
+
+ *action = vcpui->reply.action;
+
+out:
+ if (err)
+ kvmi_sock_shutdown(kvmi);
+ return err;
+}
+
+u32 kvmi_msg_send_vcpu_pause(struct kvm_vcpu *vcpu)
+{
+ int err, action;
+
+ err = kvmi_send_event(vcpu, KVMI_EVENT_PAUSE_VCPU, NULL, 0,
+ NULL, 0, &action);
+ if (err)
+ return KVMI_EVENT_ACTION_CONTINUE;
+
+ return action;
+}
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 53/78] KVM: introspection: add KVMI_VCPU_CONTROL_EVENTS
From: Mihai Don?u <mdontu at bitdefender.com>
This command enables/disables vCPU introspection events.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 45 +++++++++-
include/linux/kvmi_host.h | 2 +
include/uapi/linux/kvmi.h | 28 ++++---
.../testing/selftests/kvm/x86_64/kvmi_test.c | 82 +++++++++++++++++++
virt/kvm/introspection/kvmi.c | 13 +++
virt/kvm/introspection/kvmi_int.h | 3 +
virt/kvm/introspection/kvmi_msg.c | 52 +++++++++---
7 files changed, 202 insertions(+), 23 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 8bf9b8f6dd7c..c48abc8f5c97 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -504,13 +504,56 @@ Use *KVMI_VM_CHECK_EVENT* first.
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
* -KVM_EBUSY - the selected vCPU has too many queued *KVMI_EVENT_PAUSE_VCPU*
events
+10. KVMI_VCPU_CONTROL_EVENTS
+----------------------------
+
+:Architectures: all
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_vcpu_control_events {
+ __u16 event_id;
+ __u8 enable;
+ __u8 padding1;
+ __u32 padding2;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code
+
+Enables/disables vCPU introspection events.
+
+When an event is enabled, the introspection tool is notified and it
+must reply with: continue, retry, crash, etc. (see **Events** below).
+
+The *KVMI_EVENT_PAUSE_VCPU* event is always allowed,
+because it is triggered by the *KVMI_VCPU_PAUSE* command.
+
+The *KVMI_EVENT_UNHOOK* event is controlled
+by the *KVMI_VM_CONTROL_EVENTS* command.
+
+:Errors:
+
+* -KVM_EINVAL - the selected vCPU is invalid
+* -KVM_EINVAL - the event ID is invalid/unknown (use *KVMI_VM_CHECK_EVENT*
first)
+* -KVM_EINVAL - padding is not zero
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+* -KVM_EPERM - the access is restricted by the host
+* -KVM_EOPNOTSUPP - one the events can't be intercepted in the current
setup
Events
=====
All introspection events (VM or vCPU related) are sent
using the *KVMI_EVENT* message id. No event will be sent unless
-it is explicitly enabled or requested (eg. *KVMI_EVENT_PAUSE_VCPU*).
+it is explicitly enabled (see *KVMI_VM_CONTROL_EVENTS* and
*KVMI_VCPU_CONTROL_EVENTS*)
+or requested (eg. *KVMI_EVENT_PAUSE_VCPU*).
The *KVMI_EVENT_UNHOOK* event doesn't have a reply and share the kvmi_event
structure, for consistency with the vCPU events.
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 49e68777a390..da621d83cd94 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -36,6 +36,8 @@ struct kvm_vcpu_introspection {
struct kvmi_vcpu_reply reply;
bool waiting_for_reply;
+
+ DECLARE_BITMAP(ev_mask, KVMI_NUM_EVENTS);
};
struct kvm_introspection {
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 2eb1e5b20d53..745503fb7378 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -18,16 +18,17 @@ enum {
KVMI_EVENT_REPLY = 0,
KVMI_EVENT = 1,
- KVMI_GET_VERSION = 2,
- KVMI_VM_CHECK_COMMAND = 3,
- KVMI_VM_CHECK_EVENT = 4,
- KVMI_VM_GET_INFO = 5,
- KVMI_VM_CONTROL_EVENTS = 6,
- KVMI_VM_READ_PHYSICAL = 7,
- KVMI_VM_WRITE_PHYSICAL = 8,
-
- KVMI_VCPU_GET_INFO = 9,
- KVMI_VCPU_PAUSE = 10,
+ KVMI_GET_VERSION = 2,
+ KVMI_VM_CHECK_COMMAND = 3,
+ KVMI_VM_CHECK_EVENT = 4,
+ KVMI_VM_GET_INFO = 5,
+ KVMI_VM_CONTROL_EVENTS = 6,
+ KVMI_VM_READ_PHYSICAL = 7,
+ KVMI_VM_WRITE_PHYSICAL = 8,
+
+ KVMI_VCPU_GET_INFO = 9,
+ KVMI_VCPU_PAUSE = 10,
+ KVMI_VCPU_CONTROL_EVENTS = 11,
KVMI_NUM_MESSAGES
};
@@ -113,6 +114,13 @@ struct kvmi_vcpu_pause {
__u32 padding3;
};
+struct kvmi_vcpu_control_events {
+ __u16 event_id;
+ __u8 enable;
+ __u8 padding1;
+ __u32 padding2;
+};
+
struct kvmi_event {
__u16 size;
__u16 vcpu;
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 27de5fb24580..830b64cae20b 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -96,6 +96,11 @@ static void toggle_event_permission(struct kvm_vm *vm, __s32
id, bool allow)
id, errno, strerror(errno));
}
+static void disallow_event(struct kvm_vm *vm, __s32 event_id)
+{
+ toggle_event_permission(vm, event_id, false);
+}
+
static void allow_event(struct kvm_vm *vm, __s32 event_id)
{
toggle_event_permission(vm, event_id, true);
@@ -722,6 +727,82 @@ static void test_pause(struct kvm_vm *vm)
stop_vcpu_worker(vcpu_thread, &data);
}
+static int cmd_vcpu_control_event(struct kvm_vm *vm, __u16 event_id,
+ bool enable)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ struct kvmi_vcpu_control_events cmd;
+ } req = {};
+
+ req.cmd.event_id = event_id;
+ req.cmd.enable = enable ? 1 : 0;
+
+ return do_vcpu0_command(vm, KVMI_VCPU_CONTROL_EVENTS,
+ &req.hdr, sizeof(req), NULL, 0);
+}
+
+static void enable_vcpu_event(struct kvm_vm *vm, __u16 event_id)
+{
+ int r;
+
+ r = cmd_vcpu_control_event(vm, event_id, true);
+ TEST_ASSERT(r == 0,
+ "KVMI_VCPU_CONTROL_EVENTS failed to enable vCPU event %d, error
%d(%s)\n",
+ event_id, -r, kvm_strerror(-r));
+}
+
+static void disable_vcpu_event(struct kvm_vm *vm, __u16 event_id)
+{
+ int r;
+
+ r = cmd_vcpu_control_event(vm, event_id, false);
+ TEST_ASSERT(r == 0,
+ "KVMI_VCPU_CONTROL_EVENTS failed to disable vCPU event %d, error
%d(%s)\n",
+ event_id, -r, kvm_strerror(-r));
+}
+
+static void test_disallowed_vcpu_event(struct kvm_vm *vm, __u16 event_id)
+{
+ bool enable = true;
+ int r;
+
+ disallow_event(vm, event_id);
+
+ r = cmd_vcpu_control_event(vm, event_id, enable);
+ TEST_ASSERT(r == -KVM_EPERM,
+ "KVMI_VCPU_CONTROL_EVENTS didn't failed with KVM_EPERM, id %d, error
%d (%s)\n",
+ event_id, -r, kvm_strerror(-r));
+
+ allow_event(vm, event_id);
+}
+
+static void test_invalid_vcpu_event(struct kvm_vm *vm, __u16 event_id)
+{
+ bool enable = true;
+ int r;
+
+ r = cmd_vcpu_control_event(vm, event_id, enable);
+ TEST_ASSERT(r == -KVM_EINVAL,
+ "cmd_vcpu_control_event didn't failed with KVM_EINVAL, id %d, error
%d (%s)\n",
+ event_id, -r, kvm_strerror(-r));
+}
+
+static void test_cmd_vcpu_control_events(struct kvm_vm *vm)
+{
+ __u16 valid_id = KVMI_EVENT_PAUSE_VCPU;
+ __u16 invalid_id = 0xffff;
+
+ test_disallowed_vcpu_event(vm, valid_id);
+
+ enable_vcpu_event(vm, valid_id);
+
+ disable_vcpu_event(vm, valid_id);
+
+ test_invalid_vcpu_event(vm, invalid_id);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -737,6 +818,7 @@ static void test_introspection(struct kvm_vm *vm)
test_memory_access(vm);
test_cmd_get_vcpu_info(vm);
test_pause(vm);
+ test_cmd_vcpu_control_events(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 670c14c9683f..f4ff9968bd58 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -545,6 +545,19 @@ int kvmi_cmd_vm_control_events(struct kvm_introspection
*kvmi,
return 0;
}
+int kvmi_cmd_vcpu_control_events(struct kvm_vcpu *vcpu,
+ unsigned int event_id, bool enable)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+
+ if (enable)
+ set_bit(event_id, vcpui->ev_mask);
+ else
+ clear_bit(event_id, vcpui->ev_mask);
+
+ return 0;
+}
+
unsigned long gfn_to_hva_safe(struct kvm *kvm, gfn_t gfn)
{
unsigned long hva;
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 50b2b98dd99b..fe59696b0826 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -37,6 +37,7 @@
| BIT(KVMI_VM_WRITE_PHYSICAL) \
| BIT(KVMI_VCPU_GET_INFO) \
| BIT(KVMI_VCPU_PAUSE) \
+ | BIT(KVMI_VCPU_CONTROL_EVENTS) \
)
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
@@ -66,6 +67,8 @@ int kvmi_add_job(struct kvm_vcpu *vcpu,
void kvmi_run_jobs(struct kvm_vcpu *vcpu);
int kvmi_cmd_vm_control_events(struct kvm_introspection *kvmi,
unsigned int event_id, bool enable);
+int kvmi_cmd_vcpu_control_events(struct kvm_vcpu *vcpu,
+ unsigned int event_id, bool enable);
int kvmi_cmd_read_physical(struct kvm *kvm, u64 gpa, u64 size,
int (*send)(struct kvm_introspection *,
const struct kvmi_msg_hdr*,
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 69abca999cd2..1995a63f4e99 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -17,16 +17,17 @@ struct kvmi_vcpu_cmd_job {
};
static const char *const msg_IDs[] = {
- [KVMI_EVENT_REPLY] = "KVMI_EVENT_REPLY",
- [KVMI_GET_VERSION] = "KVMI_GET_VERSION",
- [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND",
- [KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
- [KVMI_VM_CONTROL_EVENTS] = "KVMI_VM_CONTROL_EVENTS",
- [KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
- [KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
- [KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
- [KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
- [KVMI_VCPU_PAUSE] = "KVMI_VCPU_PAUSE",
+ [KVMI_EVENT_REPLY] = "KVMI_EVENT_REPLY",
+ [KVMI_GET_VERSION] = "KVMI_GET_VERSION",
+ [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND",
+ [KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
+ [KVMI_VM_CONTROL_EVENTS] = "KVMI_VM_CONTROL_EVENTS",
+ [KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
+ [KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
+ [KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
+ [KVMI_VCPU_CONTROL_EVENTS] = "KVMI_VCPU_CONTROL_EVENTS",
+ [KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
+ [KVMI_VCPU_PAUSE] = "KVMI_VCPU_PAUSE",
};
static bool is_known_message(u16 id)
@@ -407,6 +408,32 @@ static int handle_event_reply(const struct
kvmi_vcpu_cmd_job *job,
return expected->error;
}
+static int handle_vcpu_control_events(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg,
+ const void *_req)
+{
+ struct kvm_introspection *kvmi = KVMI(job->vcpu->kvm);
+ const struct kvmi_vcpu_control_events *req = _req;
+ DECLARE_BITMAP(known_events, KVMI_NUM_EVENTS);
+ int ec;
+
+ bitmap_from_u64(known_events, KVMI_KNOWN_VCPU_EVENTS);
+
+ if (req->padding1 || req->padding2)
+ ec = -KVM_EINVAL;
+ else if (req->event_id >= KVMI_NUM_EVENTS)
+ ec = -KVM_EINVAL;
+ else if (!test_bit(req->event_id, known_events))
+ ec = -KVM_EINVAL;
+ else if (!is_event_allowed(kvmi, req->event_id))
+ ec = -KVM_EPERM;
+ else
+ ec = kvmi_cmd_vcpu_control_events(job->vcpu, req->event_id,
+ req->enable);
+
+ return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -415,8 +442,9 @@ static int handle_event_reply(const struct kvmi_vcpu_cmd_job
*job,
*/
static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job *,
const struct kvmi_msg_hdr *, const void *) = {
- [KVMI_EVENT_REPLY] = handle_event_reply,
- [KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
+ [KVMI_EVENT_REPLY] = handle_event_reply,
+ [KVMI_VCPU_CONTROL_EVENTS] = handle_vcpu_control_events,
+ [KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
};
static void kvmi_job_vcpu_cmd(struct kvm_vcpu *vcpu, void *ctx)
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 54/78] KVM: introspection: add KVMI_VCPU_GET_REGISTERS
From: Mihai Don?u <mdontu at bitdefender.com>
This command is used to get kvm_regs and kvm_sregs structures,
plus the list of struct kvm_msrs.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 42 +++++++++++
arch/x86/include/uapi/asm/kvmi.h | 15 ++++
arch/x86/kvm/kvmi.c | 70 +++++++++++++++++++
include/uapi/linux/kvmi.h | 1 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 26 +++++++
virt/kvm/introspection/kvmi_int.h | 6 ++
virt/kvm/introspection/kvmi_msg.c | 18 +++++
7 files changed, 178 insertions(+)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index c48abc8f5c97..5c366bcd3112 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -547,6 +547,48 @@ by the *KVMI_VM_CONTROL_EVENTS* command.
* -KVM_EPERM - the access is restricted by the host
* -KVM_EOPNOTSUPP - one the events can't be intercepted in the current
setup
+11. KVMI_VCPU_GET_REGISTERS
+---------------------------
+
+:Architectures: x86
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_vcpu_get_registers {
+ __u16 nmsrs;
+ __u16 padding1;
+ __u32 padding2;
+ __u32 msrs_idx[0];
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+ struct kvmi_vcpu_get_registers_reply {
+ __u32 mode;
+ __u32 padding;
+ struct kvm_regs regs;
+ struct kvm_sregs sregs;
+ struct kvm_msrs msrs;
+ };
+
+For the given vCPU and the ``nmsrs`` sized array of MSRs registers,
+returns the current vCPU mode (in bytes: 2, 4 or 8), the general purpose
+registers, the special registers and the requested set of MSRs.
+
+:Errors:
+
+* -KVM_EINVAL - the selected vCPU is invalid
+* -KVM_EINVAL - one of the indicated MSRs is invalid
+* -KVM_EINVAL - padding is not zero
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+* -KVM_ENOMEM - not enough memory to allocate the reply
+
Events
=====
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
index 89adf84cefe4..f14674c3c109 100644
--- a/arch/x86/include/uapi/asm/kvmi.h
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -30,4 +30,19 @@ struct kvmi_vcpu_get_info_reply {
__u64 tsc_speed;
};
+struct kvmi_vcpu_get_registers {
+ __u16 nmsrs;
+ __u16 padding1;
+ __u32 padding2;
+ __u32 msrs_idx[0];
+};
+
+struct kvmi_vcpu_get_registers_reply {
+ __u32 mode;
+ __u32 padding;
+ struct kvm_regs regs;
+ struct kvm_sregs sregs;
+ struct kvm_msrs msrs;
+};
+
#endif /* _UAPI_ASM_X86_KVMI_H */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index 842d6abebb41..67cf2d19ba0f 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -70,3 +70,73 @@ int kvmi_arch_cmd_vcpu_get_info(struct kvm_vcpu *vcpu,
return 0;
}
+
+static void *
+alloc_get_registers_reply(const struct kvmi_msg_hdr *msg,
+ const struct kvmi_vcpu_get_registers *req,
+ size_t *rpl_size)
+{
+ struct kvmi_vcpu_get_registers_reply *rpl;
+ u16 k, n = req->nmsrs;
+
+ *rpl_size = struct_size(rpl, msrs.entries, n);
+ rpl = kvmi_msg_alloc_check(*rpl_size);
+ if (rpl) {
+ rpl->msrs.nmsrs = n;
+
+ for (k = 0; k < n; k++)
+ rpl->msrs.entries[k].index = req->msrs_idx[k];
+ }
+
+ return rpl;
+}
+
+static int kvmi_get_registers(struct kvm_vcpu *vcpu, u32 *mode,
+ struct kvm_regs *regs,
+ struct kvm_sregs *sregs,
+ struct kvm_msrs *msrs)
+{
+ struct kvm_msr_entry *msr = msrs->entries;
+ struct kvm_msr_entry *end = msrs->entries + msrs->nmsrs;
+ int err = 0;
+
+ kvm_arch_vcpu_get_regs(vcpu, regs);
+ kvm_arch_vcpu_get_sregs(vcpu, sregs);
+ *mode = kvmi_vcpu_mode(vcpu, sregs);
+
+ for (; msr < end && !err; msr++)
+ err = __kvm_get_msr(vcpu, msr->index, &msr->data, true);
+
+ return err ? -KVM_EINVAL : 0;
+}
+
+int kvmi_arch_cmd_vcpu_get_registers(struct kvm_vcpu *vcpu,
+ const struct kvmi_msg_hdr *msg,
+ const struct kvmi_vcpu_get_registers *req,
+ struct kvmi_vcpu_get_registers_reply **dest,
+ size_t *dest_size)
+{
+ struct kvmi_vcpu_get_registers_reply *rpl;
+ size_t rpl_size = 0;
+ int err;
+
+ if (req->padding1 || req->padding2)
+ return -KVM_EINVAL;
+
+ if (msg->size < sizeof(struct kvmi_vcpu_hdr)
+ + struct_size(req, msrs_idx, req->nmsrs))
+ return -KVM_EINVAL;
+
+ rpl = alloc_get_registers_reply(msg, req, &rpl_size);
+ if (!rpl)
+ return -KVM_ENOMEM;
+
+ err = kvmi_get_registers(vcpu, &rpl->mode, &rpl->regs,
+ &rpl->sregs, &rpl->msrs);
+
+ *dest = rpl;
+ *dest_size = rpl_size;
+
+ return err;
+
+}
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 745503fb7378..bdb5f977c240 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -29,6 +29,7 @@ enum {
KVMI_VCPU_GET_INFO = 9,
KVMI_VCPU_PAUSE = 10,
KVMI_VCPU_CONTROL_EVENTS = 11,
+ KVMI_VCPU_GET_REGISTERS = 12,
KVMI_NUM_MESSAGES
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 830b64cae20b..5d76d49bc277 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -803,6 +803,31 @@ static void test_cmd_vcpu_control_events(struct kvm_vm *vm)
test_invalid_vcpu_event(vm, invalid_id);
}
+static void get_vcpu_registers(struct kvm_vm *vm,
+ struct kvm_regs *regs)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ struct kvmi_vcpu_get_registers cmd;
+ } req = {};
+ struct kvmi_vcpu_get_registers_reply rpl;
+
+ test_vcpu0_command(vm, KVMI_VCPU_GET_REGISTERS, &req.hdr, sizeof(req),
+ &rpl, sizeof(rpl));
+
+ memcpy(regs, &rpl.regs, sizeof(*regs));
+}
+
+static void test_cmd_vcpu_get_registers(struct kvm_vm *vm)
+{
+ struct kvm_regs regs = {};
+
+ get_vcpu_registers(vm, ®s);
+
+ DEBUG("get_registers rip 0x%llx\n", regs.rip);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -819,6 +844,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_get_vcpu_info(vm);
test_pause(vm);
test_cmd_vcpu_control_events(vm);
+ test_cmd_vcpu_get_registers(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index fe59696b0826..5c9ba4b1107e 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -38,6 +38,7 @@
| BIT(KVMI_VCPU_GET_INFO) \
| BIT(KVMI_VCPU_PAUSE) \
| BIT(KVMI_VCPU_CONTROL_EVENTS) \
+ | BIT(KVMI_VCPU_GET_REGISTERS) \
)
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
@@ -82,5 +83,10 @@ int kvmi_cmd_vcpu_pause(struct kvm_vcpu *vcpu, bool wait);
int kvmi_arch_cmd_vcpu_get_info(struct kvm_vcpu *vcpu,
struct kvmi_vcpu_get_info_reply *rpl);
void kvmi_arch_setup_event(struct kvm_vcpu *vcpu, struct kvmi_event *ev);
+int kvmi_arch_cmd_vcpu_get_registers(struct kvm_vcpu *vcpu,
+ const struct kvmi_msg_hdr *msg,
+ const struct kvmi_vcpu_get_registers *req,
+ struct kvmi_vcpu_get_registers_reply **dest,
+ size_t *dest_size);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 1995a63f4e99..4a7c831183bb 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -27,6 +27,7 @@ static const char *const msg_IDs[] = {
[KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
[KVMI_VCPU_CONTROL_EVENTS] = "KVMI_VCPU_CONTROL_EVENTS",
[KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
+ [KVMI_VCPU_GET_REGISTERS] = "KVMI_VCPU_GET_REGISTERS",
[KVMI_VCPU_PAUSE] = "KVMI_VCPU_PAUSE",
};
@@ -434,6 +435,22 @@ static int handle_vcpu_control_events(const struct
kvmi_vcpu_cmd_job *job,
return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
}
+static int handle_get_registers(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg,
+ const void *req)
+{
+ struct kvmi_vcpu_get_registers_reply *rpl = NULL;
+ size_t rpl_size = 0;
+ int err, ec;
+
+ ec = kvmi_arch_cmd_vcpu_get_registers(job->vcpu, msg, req,
+ &rpl, &rpl_size);
+
+ err = kvmi_msg_vcpu_reply(job, msg, ec, rpl, rpl_size);
+ kvmi_msg_free(rpl);
+ return err;
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -445,6 +462,7 @@ static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job
*,
[KVMI_EVENT_REPLY] = handle_event_reply,
[KVMI_VCPU_CONTROL_EVENTS] = handle_vcpu_control_events,
[KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
+ [KVMI_VCPU_GET_REGISTERS] = handle_get_registers,
};
static void kvmi_job_vcpu_cmd(struct kvm_vcpu *vcpu, void *ctx)
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 55/78] KVM: introspection: add KVMI_VCPU_SET_REGISTERS
From: Mihai Don?u <mdontu at bitdefender.com>
This command is allowed only during a vCPU event (an event has been sent
and the vCPU is waiting for the reply). The registers will be set only
when the reply has been received.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com>
Signed-off-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 29 +++++++
include/linux/kvmi_host.h | 3 +
include/uapi/linux/kvmi.h | 1 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 82 +++++++++++++++++++
virt/kvm/introspection/kvmi.c | 24 ++++++
virt/kvm/introspection/kvmi_int.h | 4 +
virt/kvm/introspection/kvmi_msg.c | 15 ++++
7 files changed, 158 insertions(+)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 5c366bcd3112..ff1fe5ec2e18 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -589,6 +589,35 @@ registers, the special registers and the requested set of
MSRs.
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
* -KVM_ENOMEM - not enough memory to allocate the reply
+12. KVMI_VCPU_SET_REGISTERS
+---------------------------
+
+:Architectures: x86
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvm_regs;
+
+:Returns:
+
+::
+
+ struct kvmi_error_code
+
+Sets the general purpose registers for the given vCPU. The changes become
+visible to other threads accessing the KVM vCPU structure after the event
+currently being handled is replied to.
+
+:Errors:
+
+* -KVM_EINVAL - the selected vCPU is invalid
+* -KVM_EINVAL - padding is not zero
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+* -KVM_EOPNOTSUPP - the command hasn't been received during an
introspection event
+
Events
=====
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index da621d83cd94..68c76db83973 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -38,6 +38,9 @@ struct kvm_vcpu_introspection {
bool waiting_for_reply;
DECLARE_BITMAP(ev_mask, KVMI_NUM_EVENTS);
+
+ struct kvm_regs delayed_regs;
+ bool have_delayed_regs;
};
struct kvm_introspection {
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index bdb5f977c240..4d5f6317db03 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -30,6 +30,7 @@ enum {
KVMI_VCPU_PAUSE = 10,
KVMI_VCPU_CONTROL_EVENTS = 11,
KVMI_VCPU_GET_REGISTERS = 12,
+ KVMI_VCPU_SET_REGISTERS = 13,
KVMI_NUM_MESSAGES
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 5d76d49bc277..6e4490340b36 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -828,6 +828,87 @@ static void test_cmd_vcpu_get_registers(struct kvm_vm *vm)
DEBUG("get_registers rip 0x%llx\n", regs.rip);
}
+static int __cmd_set_registers(struct kvm_vm *vm,
+ struct kvm_regs *regs)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ struct kvm_regs regs;
+ } req = {};
+ __u16 vcpu_index = 0;
+
+ req.vcpu_hdr.vcpu = vcpu_index;
+
+ memcpy(&req.regs, regs, sizeof(req.regs));
+
+ return do_command(KVMI_VCPU_SET_REGISTERS,
+ &req.hdr, sizeof(req), NULL, 0);
+}
+
+static int cmd_set_registers(struct kvm_vm *vm,
+ struct kvm_regs *regs)
+{
+ struct vcpu_worker_data data = {.vm = vm, .vcpu_id = VCPU_ID};
+ pthread_t vcpu_thread;
+ int r;
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ r = __cmd_set_registers(vm, regs);
+
+ stop_vcpu_worker(vcpu_thread, &data);
+
+ return r;
+}
+
+static void __set_registers(struct kvm_vm *vm,
+ struct kvm_regs *regs)
+{
+ int r;
+
+ r = __cmd_set_registers(vm, regs);
+ TEST_ASSERT(r == 0,
+ "KVMI_VCPU_SET_REGISTERS failed, error %d(%s)\n",
+ -r, kvm_strerror(-r));
+}
+
+static void test_cmd_vcpu_set_registers(struct kvm_vm *vm)
+{
+ struct vcpu_worker_data data = {.vm = vm, .vcpu_id = VCPU_ID};
+ __u16 event_id = KVMI_EVENT_PAUSE_VCPU;
+ struct kvmi_msg_hdr hdr;
+ pthread_t vcpu_thread;
+ struct kvmi_event ev;
+ struct vcpu_reply rpl = {};
+ struct kvm_regs regs = {};
+ int r;
+
+ get_vcpu_registers(vm, ®s);
+
+ r = cmd_set_registers(vm, ®s);
+ TEST_ASSERT(r == -KVM_EOPNOTSUPP,
+ "KVMI_VCPU_SET_REGISTERS didn't failed with KVM_EOPNOTSUPP, error
%d(%s)\n",
+ -r, kvm_strerror(-r));
+
+ enable_vcpu_event(vm, event_id);
+
+ pause_vcpu(vm);
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ receive_event(&hdr, &ev, sizeof(ev), event_id);
+
+ __set_registers(vm, &ev.arch.regs);
+
+ reply_to_event(&hdr, &ev, KVMI_EVENT_ACTION_CONTINUE,
+ &rpl, sizeof(rpl));
+
+ stop_vcpu_worker(vcpu_thread, &data);
+
+ disable_vcpu_event(vm, event_id);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -845,6 +926,7 @@ static void test_introspection(struct kvm_vm *vm)
test_pause(vm);
test_cmd_vcpu_control_events(vm);
test_cmd_vcpu_get_registers(vm);
+ test_cmd_vcpu_set_registers(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index f4ff9968bd58..8ffbf46bc17d 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -804,3 +804,27 @@ int kvmi_cmd_vcpu_pause(struct kvm_vcpu *vcpu, bool wait)
return 0;
}
+
+int kvmi_cmd_vcpu_set_registers(struct kvm_vcpu *vcpu,
+ const struct kvm_regs *regs)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+
+ if (!vcpui->waiting_for_reply)
+ return -KVM_EOPNOTSUPP;
+
+ memcpy(&vcpui->delayed_regs, regs, sizeof(vcpui->delayed_regs));
+ vcpui->have_delayed_regs = true;
+
+ return 0;
+}
+
+void kvmi_post_reply(struct kvm_vcpu *vcpu)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+
+ if (vcpui->have_delayed_regs) {
+ kvm_arch_vcpu_set_regs(vcpu, &vcpui->delayed_regs, false);
+ vcpui->have_delayed_regs = false;
+ }
+}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 5c9ba4b1107e..a736f364f5be 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -39,6 +39,7 @@
| BIT(KVMI_VCPU_PAUSE) \
| BIT(KVMI_VCPU_CONTROL_EVENTS) \
| BIT(KVMI_VCPU_GET_REGISTERS) \
+ | BIT(KVMI_VCPU_SET_REGISTERS) \
)
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
@@ -66,6 +67,7 @@ int kvmi_add_job(struct kvm_vcpu *vcpu,
void (*fct)(struct kvm_vcpu *vcpu, void *ctx),
void *ctx, void (*free_fct)(void *ctx));
void kvmi_run_jobs(struct kvm_vcpu *vcpu);
+void kvmi_post_reply(struct kvm_vcpu *vcpu);
int kvmi_cmd_vm_control_events(struct kvm_introspection *kvmi,
unsigned int event_id, bool enable);
int kvmi_cmd_vcpu_control_events(struct kvm_vcpu *vcpu,
@@ -78,6 +80,8 @@ int kvmi_cmd_read_physical(struct kvm *kvm, u64 gpa, u64 size,
int kvmi_cmd_write_physical(struct kvm *kvm, u64 gpa, u64 size,
const void *buf);
int kvmi_cmd_vcpu_pause(struct kvm_vcpu *vcpu, bool wait);
+int kvmi_cmd_vcpu_set_registers(struct kvm_vcpu *vcpu,
+ const struct kvm_regs *regs);
/* arch */
int kvmi_arch_cmd_vcpu_get_info(struct kvm_vcpu *vcpu,
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 4a7c831183bb..11e0171076c7 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -29,6 +29,7 @@ static const char *const msg_IDs[] = {
[KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
[KVMI_VCPU_GET_REGISTERS] = "KVMI_VCPU_GET_REGISTERS",
[KVMI_VCPU_PAUSE] = "KVMI_VCPU_PAUSE",
+ [KVMI_VCPU_SET_REGISTERS] = "KVMI_VCPU_SET_REGISTERS",
};
static bool is_known_message(u16 id)
@@ -451,6 +452,18 @@ static int handle_get_registers(const struct
kvmi_vcpu_cmd_job *job,
return err;
}
+static int handle_set_registers(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg,
+ const void *_req)
+{
+ const struct kvm_regs *regs = _req;
+ int ec;
+
+ ec = kvmi_cmd_vcpu_set_registers(job->vcpu, regs);
+
+ return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -463,6 +476,7 @@ static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job
*,
[KVMI_VCPU_CONTROL_EVENTS] = handle_vcpu_control_events,
[KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
[KVMI_VCPU_GET_REGISTERS] = handle_get_registers,
+ [KVMI_VCPU_SET_REGISTERS] = handle_set_registers,
};
static void kvmi_job_vcpu_cmd(struct kvm_vcpu *vcpu, void *ctx)
@@ -818,6 +832,7 @@ static int kvmi_send_event(struct kvm_vcpu *vcpu, u32 ev_id,
if (err)
goto out;
+ kvmi_post_reply(vcpu);
*action = vcpui->reply.action;
out:
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 56/78] KVM: introspection: add KVMI_VCPU_GET_CPUID
From: Marian Rotariu <marian.c.rotariu at gmail.com>
This command returns a CPUID leaf (as seen by the guest OS).
Signed-off-by: Marian Rotariu <marian.c.rotariu at gmail.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 36 +++++++++++++++++++
arch/x86/include/uapi/asm/kvmi.h | 12 +++++++
arch/x86/kvm/kvmi.c | 19 ++++++++++
include/uapi/linux/kvmi.h | 1 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 34 ++++++++++++++++++
virt/kvm/introspection/kvmi_int.h | 4 +++
virt/kvm/introspection/kvmi_msg.c | 16 +++++++++
7 files changed, 122 insertions(+)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index ff1fe5ec2e18..f9f961509c61 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -618,6 +618,42 @@ currently being handled is replied to.
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
* -KVM_EOPNOTSUPP - the command hasn't been received during an
introspection event
+13. KVMI_VCPU_GET_CPUID
+-----------------------
+
+:Architectures: x86
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_vcpu_get_cpuid {
+ __u32 function;
+ __u32 index;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+ struct kvmi_vcpu_get_cpuid_reply {
+ __u32 eax;
+ __u32 ebx;
+ __u32 ecx;
+ __u32 edx;
+ };
+
+Returns a CPUID leaf (as seen by the guest OS).
+
+:Errors:
+
+* -KVM_EINVAL - the selected vCPU is invalid
+* -KVM_EINVAL - padding is not zero
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+* -KVM_ENOENT - the selected leaf is not present or is invalid
+
Events
=====
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
index f14674c3c109..57c48ace417f 100644
--- a/arch/x86/include/uapi/asm/kvmi.h
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -45,4 +45,16 @@ struct kvmi_vcpu_get_registers_reply {
struct kvm_msrs msrs;
};
+struct kvmi_vcpu_get_cpuid {
+ __u32 function;
+ __u32 index;
+};
+
+struct kvmi_vcpu_get_cpuid_reply {
+ __u32 eax;
+ __u32 ebx;
+ __u32 ecx;
+ __u32 edx;
+};
+
#endif /* _UAPI_ASM_X86_KVMI_H */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index 67cf2d19ba0f..bba85f333639 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -7,6 +7,7 @@
#include "linux/kvm_host.h"
#include "x86.h"
+#include "cpuid.h"
#include "../../../virt/kvm/introspection/kvmi_int.h"
static unsigned int kvmi_vcpu_mode(const struct kvm_vcpu *vcpu,
@@ -140,3 +141,21 @@ int kvmi_arch_cmd_vcpu_get_registers(struct kvm_vcpu *vcpu,
return err;
}
+
+int kvmi_arch_cmd_vcpu_get_cpuid(struct kvm_vcpu *vcpu,
+ const struct kvmi_vcpu_get_cpuid *req,
+ struct kvmi_vcpu_get_cpuid_reply *rpl)
+{
+ struct kvm_cpuid_entry2 *e;
+
+ e = kvm_find_cpuid_entry(vcpu, req->function, req->index);
+ if (!e)
+ return -KVM_ENOENT;
+
+ rpl->eax = e->eax;
+ rpl->ebx = e->ebx;
+ rpl->ecx = e->ecx;
+ rpl->edx = e->edx;
+
+ return 0;
+}
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 4d5f6317db03..05535a7d9313 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -31,6 +31,7 @@ enum {
KVMI_VCPU_CONTROL_EVENTS = 11,
KVMI_VCPU_GET_REGISTERS = 12,
KVMI_VCPU_SET_REGISTERS = 13,
+ KVMI_VCPU_GET_CPUID = 14,
KVMI_NUM_MESSAGES
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 6e4490340b36..fa23ca0ed0d7 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -909,6 +909,39 @@ static void test_cmd_vcpu_set_registers(struct kvm_vm *vm)
disable_vcpu_event(vm, event_id);
}
+static int cmd_get_cpuid(struct kvm_vm *vm,
+ __u32 function, __u32 index,
+ struct kvmi_vcpu_get_cpuid_reply *rpl)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ struct kvmi_vcpu_get_cpuid cmd;
+ } req = {};
+
+ req.cmd.function = function;
+ req.cmd.index = index;
+
+ return do_vcpu0_command(vm, KVMI_VCPU_GET_CPUID, &req.hdr, sizeof(req),
+ rpl, sizeof(*rpl));
+}
+
+static void test_cmd_vcpu_get_cpuid(struct kvm_vm *vm)
+{
+ struct kvmi_vcpu_get_cpuid_reply rpl = {};
+ __u32 function = 0;
+ __u32 index = 0;
+ int r;
+
+ r = cmd_get_cpuid(vm, function, index, &rpl);
+ TEST_ASSERT(r == 0,
+ "KVMI_VCPU_GET_CPUID failed, error %d(%s)\n",
+ -r, kvm_strerror(-r));
+
+ DEBUG("cpuid(%u, %u) => eax 0x%.8x, ebx 0x%.8x, ecx 0x%.8x, edx
0x%.8x\n",
+ function, index, rpl.eax, rpl.ebx, rpl.ecx, rpl.edx);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -927,6 +960,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_vcpu_control_events(vm);
test_cmd_vcpu_get_registers(vm);
test_cmd_vcpu_set_registers(vm);
+ test_cmd_vcpu_get_cpuid(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index a736f364f5be..1b3d8958e6c8 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -38,6 +38,7 @@
| BIT(KVMI_VCPU_GET_INFO) \
| BIT(KVMI_VCPU_PAUSE) \
| BIT(KVMI_VCPU_CONTROL_EVENTS) \
+ | BIT(KVMI_VCPU_GET_CPUID) \
| BIT(KVMI_VCPU_GET_REGISTERS) \
| BIT(KVMI_VCPU_SET_REGISTERS) \
)
@@ -92,5 +93,8 @@ int kvmi_arch_cmd_vcpu_get_registers(struct kvm_vcpu *vcpu,
const struct kvmi_vcpu_get_registers *req,
struct kvmi_vcpu_get_registers_reply **dest,
size_t *dest_size);
+int kvmi_arch_cmd_vcpu_get_cpuid(struct kvm_vcpu *vcpu,
+ const struct kvmi_vcpu_get_cpuid *req,
+ struct kvmi_vcpu_get_cpuid_reply *rpl);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 11e0171076c7..11873cb3c23b 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -26,6 +26,7 @@ static const char *const msg_IDs[] = {
[KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
[KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
[KVMI_VCPU_CONTROL_EVENTS] = "KVMI_VCPU_CONTROL_EVENTS",
+ [KVMI_VCPU_GET_CPUID] = "KVMI_VCPU_GET_CPUID",
[KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
[KVMI_VCPU_GET_REGISTERS] = "KVMI_VCPU_GET_REGISTERS",
[KVMI_VCPU_PAUSE] = "KVMI_VCPU_PAUSE",
@@ -464,6 +465,20 @@ static int handle_set_registers(const struct
kvmi_vcpu_cmd_job *job,
return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
}
+static int handle_get_cpuid(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg,
+ const void *req)
+{
+ struct kvmi_vcpu_get_cpuid_reply rpl;
+ int ec;
+
+ memset(&rpl, 0, sizeof(rpl));
+
+ ec = kvmi_arch_cmd_vcpu_get_cpuid(job->vcpu, req, &rpl);
+
+ return kvmi_msg_vcpu_reply(job, msg, ec, &rpl, sizeof(rpl));
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -474,6 +489,7 @@ static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job
*,
const struct kvmi_msg_hdr *, const void *) = {
[KVMI_EVENT_REPLY] = handle_event_reply,
[KVMI_VCPU_CONTROL_EVENTS] = handle_vcpu_control_events,
+ [KVMI_VCPU_GET_CPUID] = handle_get_cpuid,
[KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
[KVMI_VCPU_GET_REGISTERS] = handle_get_registers,
[KVMI_VCPU_SET_REGISTERS] = handle_set_registers,
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 57/78] KVM: introspection: add KVMI_EVENT_HYPERCALL
From: Mihai Don?u <mdontu at bitdefender.com>
This event is sent on a specific user hypercall.
It is used by the code residing inside the introspected guest to call the
introspection tool and to report certain details about its operation.
For example, a classic antimalware remediation tool can report
what it has found during a scan.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/hypercalls.txt | 32 ++++++++++++++
Documentation/virt/kvm/kvmi.rst | 36 +++++++++++++++-
arch/x86/include/uapi/asm/kvmi.h | 2 +
arch/x86/kvm/kvmi.c | 33 ++++++++++++++
arch/x86/kvm/x86.c | 16 +++++--
include/linux/kvmi_host.h | 2 +
include/uapi/linux/kvm_para.h | 1 +
include/uapi/linux/kvmi.h | 1 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 43 +++++++++++++++++++
virt/kvm/introspection/kvmi.c | 22 ++++++++++
virt/kvm/introspection/kvmi_int.h | 13 +++++-
virt/kvm/introspection/kvmi_msg.c | 12 ++++++
12 files changed, 208 insertions(+), 5 deletions(-)
diff --git a/Documentation/virt/kvm/hypercalls.txt
b/Documentation/virt/kvm/hypercalls.txt
index aff272bede08..c4f6cce1e4d3 100644
--- a/Documentation/virt/kvm/hypercalls.txt
+++ b/Documentation/virt/kvm/hypercalls.txt
@@ -152,3 +152,35 @@ a0: destination APIC ID
Usage example: When sending a call-function IPI-many to vCPUs, yield if
any of the IPI target vCPUs was preempted.
+
+9. KVM_HC_XEN_HVM_OP
+--------------------
+
+Architecture: x86
+Status: active
+Purpose: To enable communication between a guest agent and a VMI application
+Usage:
+
+An event will be sent to the VMI application (see kvmi.rst) if the following
+registers, which differ between 32bit and 64bit, have the following values:
+
+ 32bit 64bit value
+ ---------------------------
+ ebx (a0) rdi KVM_HC_XEN_HVM_OP_GUEST_REQUEST_VM_EVENT
+ ecx (a1) rsi 0
+
+This specification copies Xen's { __HYPERVISOR_hvm_op,
+HVMOP_guest_request_vm_event } hypercall and can originate from kernel or
+userspace.
+
+It returns 0 if successful, or a negative POSIX.1 error code if it fails. The
+absence of an active VMI application is not signaled in any way.
+
+The following registers are clobbered:
+
+ * 32bit: edx, esi, edi, ebp
+ * 64bit: rdx, r10, r8, r9
+
+In particular, for KVM_HC_XEN_HVM_OP_GUEST_REQUEST_VM_EVENT, the last two
+registers can be poisoned deliberately and cannot be used for passing
+information.
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index f9f961509c61..90256141a15d 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -527,7 +527,10 @@ Use *KVMI_VM_CHECK_EVENT* first.
struct kvmi_error_code
-Enables/disables vCPU introspection events.
+Enables/disables vCPU introspection events. This command can be used with
+the following events::
+
+ KVMI_EVENT_HYPERCALL
When an event is enabled, the introspection tool is notified and it
must reply with: continue, retry, crash, etc. (see **Events** below).
@@ -764,3 +767,34 @@ This event is sent in response to a *KVMI_VCPU_PAUSE*
command.
This event has a low priority. It will be sent after any other vCPU
introspection event and when no vCPU introspection command is queued.
+
+3. KVMI_EVENT_HYPERCALL
+-----------------------
+
+:Architectures: x86
+:Versions: >= 1
+:Actions: CONTINUE, CRASH
+:Parameters:
+
+::
+
+ struct kvmi_event;
+
+:Returns:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_event_reply;
+
+This event is sent on a specific user hypercall when the introspection has
+been enabled for this event (see *KVMI_VCPU_CONTROL_EVENTS*).
+
+The hypercall number must be ``KVM_HC_XEN_HVM_OP`` with the
+``KVM_HC_XEN_HVM_OP_GUEST_REQUEST_VM_EVENT`` sub-function
+(see hypercalls.txt).
+
+It is used by the code residing inside the introspected guest to call the
+introspection tool and to report certain details about its operation. For
+example, a classic antimalware remediation tool can report what it has
+found during a scan.
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
index 57c48ace417f..9882e68cab75 100644
--- a/arch/x86/include/uapi/asm/kvmi.h
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -8,6 +8,8 @@
#include <asm/kvm.h>
+#define KVM_HC_XEN_HVM_OP_GUEST_REQUEST_VM_EVENT 24
+
struct kvmi_event_arch {
__u8 mode; /* 2, 4 or 8 */
__u8 padding[7];
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index bba85f333639..f597b3c1cba0 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -159,3 +159,36 @@ int kvmi_arch_cmd_vcpu_get_cpuid(struct kvm_vcpu *vcpu,
return 0;
}
+
+bool kvmi_arch_is_agent_hypercall(struct kvm_vcpu *vcpu)
+{
+ unsigned long subfunc1, subfunc2;
+ bool longmode = is_64_bit_mode(vcpu);
+
+ if (longmode) {
+ subfunc1 = kvm_rdi_read(vcpu);
+ subfunc2 = kvm_rsi_read(vcpu);
+ } else {
+ subfunc1 = kvm_rbx_read(vcpu);
+ subfunc1 &= 0xFFFFFFFF;
+ subfunc2 = kvm_rcx_read(vcpu);
+ subfunc2 &= 0xFFFFFFFF;
+ }
+
+ return (subfunc1 == KVM_HC_XEN_HVM_OP_GUEST_REQUEST_VM_EVENT
+ && subfunc2 == 0);
+}
+
+void kvmi_arch_hypercall_event(struct kvm_vcpu *vcpu)
+{
+ u32 action;
+
+ action = kvmi_msg_send_hypercall(vcpu);
+ switch (action) {
+ case KVMI_EVENT_ACTION_CONTINUE:
+ break;
+ default:
+ kvmi_handle_common_event_actions(vcpu->kvm, action,
+ "HYPERCALL");
+ }
+}
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 46a135595893..b4a7805ce9e4 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7433,11 +7433,14 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
{
unsigned long nr, a0, a1, a2, a3, ret;
int op_64_bit;
+ bool kvmi_hc;
- if (kvm_hv_hypercall_enabled(vcpu->kvm))
+ nr = kvm_rax_read(vcpu);
+ kvmi_hc = (u32)nr == KVM_HC_XEN_HVM_OP;
+
+ if (kvm_hv_hypercall_enabled(vcpu->kvm) && !kvmi_hc)
return kvm_hv_hypercall(vcpu);
- nr = kvm_rax_read(vcpu);
a0 = kvm_rbx_read(vcpu);
a1 = kvm_rcx_read(vcpu);
a2 = kvm_rdx_read(vcpu);
@@ -7454,7 +7457,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
a3 &= 0xFFFFFFFF;
}
- if (kvm_x86_ops->get_cpl(vcpu) != 0) {
+ if (kvm_x86_ops->get_cpl(vcpu) != 0 && !kvmi_hc) {
ret = -KVM_EPERM;
goto out;
}
@@ -7480,6 +7483,13 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
kvm_sched_yield(vcpu->kvm, a0);
ret = 0;
break;
+#ifdef CONFIG_KVM_INTROSPECTION
+ case KVM_HC_XEN_HVM_OP:
+ ret = 0;
+ if (!kvmi_hypercall_event(vcpu))
+ ret = -KVM_ENOSYS;
+ break;
+#endif /* CONFIG_KVM_INTROSPECTION */
default:
ret = -KVM_ENOSYS;
break;
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 68c76db83973..0a85bfbd0c0c 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -75,6 +75,7 @@ int kvmi_ioctl_event(struct kvm *kvm, void __user *argp);
int kvmi_ioctl_preunhook(struct kvm *kvm);
void kvmi_handle_requests(struct kvm_vcpu *vcpu);
+bool kvmi_hypercall_event(struct kvm_vcpu *vcpu);
#else
@@ -85,6 +86,7 @@ static inline void kvmi_destroy_vm(struct kvm *kvm) { }
static inline void kvmi_vcpu_uninit(struct kvm_vcpu *vcpu) { }
static inline void kvmi_handle_requests(struct kvm_vcpu *vcpu) { }
+static inline bool kvmi_hypercall_event(struct kvm_vcpu *vcpu) { return false;
}
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/include/uapi/linux/kvm_para.h b/include/uapi/linux/kvm_para.h
index 3ce388249682..53cebbe22099 100644
--- a/include/uapi/linux/kvm_para.h
+++ b/include/uapi/linux/kvm_para.h
@@ -33,6 +33,7 @@
#define KVM_HC_CLOCK_PAIRING 9
#define KVM_HC_SEND_IPI 10
#define KVM_HC_SCHED_YIELD 11
+#define KVM_HC_XEN_HVM_OP 34 /* Xen's __HYPERVISOR_hvm_op */
/*
* hypercalls use architecture specific
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 05535a7d9313..20e2f154ab88 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -39,6 +39,7 @@ enum {
enum {
KVMI_EVENT_UNHOOK = 0,
KVMI_EVENT_PAUSE_VCPU = 1,
+ KVMI_EVENT_HYPERCALL = 2,
KVMI_NUM_EVENTS
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index fa23ca0ed0d7..ef4e33e92fff 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -48,6 +48,7 @@ struct vcpu_worker_data {
enum {
GUEST_TEST_NOOP = 0,
+ GUEST_TEST_HYPERCALL,
};
#define GUEST_REQUEST_TEST() GUEST_SYNC(0)
@@ -61,12 +62,23 @@ static int guest_test_id(void)
return READ_ONCE(test_id);
}
+static void guest_hypercall_test(void)
+{
+ asm volatile("mov $34, %rax");
+ asm volatile("mov $24, %rdi");
+ asm volatile("mov $0, %rsi");
+ asm volatile(".byte 0x0f,0x01,0xc1");
+}
+
static void guest_code(void)
{
while (true) {
switch (guest_test_id()) {
case GUEST_TEST_NOOP:
break;
+ case GUEST_TEST_HYPERCALL:
+ guest_hypercall_test();
+ break;
}
GUEST_SIGNAL_TEST_DONE();
}
@@ -942,6 +954,36 @@ static void test_cmd_vcpu_get_cpuid(struct kvm_vm *vm)
function, index, rpl.eax, rpl.ebx, rpl.ecx, rpl.edx);
}
+static void test_event_hypercall(struct kvm_vm *vm)
+{
+ struct vcpu_worker_data data = {
+ .vm = vm,
+ .vcpu_id = VCPU_ID,
+ .test_id = GUEST_TEST_HYPERCALL,
+ };
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_event ev;
+ struct vcpu_reply rpl = {};
+ __u16 event_id = KVMI_EVENT_HYPERCALL;
+ pthread_t vcpu_thread;
+
+ enable_vcpu_event(vm, event_id);
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ receive_event(&hdr, &ev, sizeof(ev), event_id);
+
+ DEBUG("Hypercall event, rip 0x%llx\n",
+ ev.arch.regs.rip);
+
+ reply_to_event(&hdr, &ev, KVMI_EVENT_ACTION_CONTINUE,
+ &rpl, sizeof(rpl));
+
+ stop_vcpu_worker(vcpu_thread, &data);
+
+ disable_vcpu_event(vm, event_id);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -961,6 +1003,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_vcpu_get_registers(vm);
test_cmd_vcpu_set_registers(vm);
test_cmd_vcpu_get_cpuid(vm);
+ test_event_hypercall(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 8ffbf46bc17d..a1c059489dea 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -828,3 +828,25 @@ void kvmi_post_reply(struct kvm_vcpu *vcpu)
vcpui->have_delayed_regs = false;
}
}
+
+bool kvmi_hypercall_event(struct kvm_vcpu *vcpu)
+{
+ struct kvm_introspection *kvmi;
+ bool ret = false;
+
+ if (!kvmi_arch_is_agent_hypercall(vcpu))
+ return ret;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return ret;
+
+ if (is_event_enabled(vcpu, KVMI_EVENT_HYPERCALL)) {
+ kvmi_arch_hypercall_event(vcpu);
+ ret = true;
+ }
+
+ kvmi_put(vcpu->kvm);
+
+ return ret;
+}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 1b3d8958e6c8..3dbcf944a606 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -22,7 +22,8 @@
BIT(KVMI_EVENT_UNHOOK) \
)
#define KVMI_KNOWN_VCPU_EVENTS ( \
- BIT(KVMI_EVENT_PAUSE_VCPU) \
+ BIT(KVMI_EVENT_HYPERCALL) \
+ | BIT(KVMI_EVENT_PAUSE_VCPU) \
)
#define KVMI_KNOWN_EVENTS (KVMI_KNOWN_VM_EVENTS | KVMI_KNOWN_VCPU_EVENTS)
@@ -52,6 +53,11 @@ static inline bool is_vm_event_enabled(struct
kvm_introspection *kvmi,
return test_bit(event, kvmi->vm_event_enable_mask);
}
+static inline bool is_event_enabled(struct kvm_vcpu *vcpu, int event)
+{
+ return test_bit(event, VCPUI(vcpu)->ev_mask);
+}
+
/* kvmi_msg.c */
bool kvmi_sock_get(struct kvm_introspection *kvmi, int fd);
void kvmi_sock_shutdown(struct kvm_introspection *kvmi);
@@ -59,6 +65,7 @@ void kvmi_sock_put(struct kvm_introspection *kvmi);
bool kvmi_msg_process(struct kvm_introspection *kvmi);
int kvmi_msg_send_unhook(struct kvm_introspection *kvmi);
u32 kvmi_msg_send_vcpu_pause(struct kvm_vcpu *vcpu);
+u32 kvmi_msg_send_hypercall(struct kvm_vcpu *vcpu);
/* kvmi.c */
void *kvmi_msg_alloc(void);
@@ -69,6 +76,8 @@ int kvmi_add_job(struct kvm_vcpu *vcpu,
void *ctx, void (*free_fct)(void *ctx));
void kvmi_run_jobs(struct kvm_vcpu *vcpu);
void kvmi_post_reply(struct kvm_vcpu *vcpu);
+void kvmi_handle_common_event_actions(struct kvm *kvm,
+ u32 action, const char *str);
int kvmi_cmd_vm_control_events(struct kvm_introspection *kvmi,
unsigned int event_id, bool enable);
int kvmi_cmd_vcpu_control_events(struct kvm_vcpu *vcpu,
@@ -96,5 +105,7 @@ int kvmi_arch_cmd_vcpu_get_registers(struct kvm_vcpu *vcpu,
int kvmi_arch_cmd_vcpu_get_cpuid(struct kvm_vcpu *vcpu,
const struct kvmi_vcpu_get_cpuid *req,
struct kvmi_vcpu_get_cpuid_reply *rpl);
+bool kvmi_arch_is_agent_hypercall(struct kvm_vcpu *vcpu);
+void kvmi_arch_hypercall_event(struct kvm_vcpu *vcpu);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 11873cb3c23b..bcdf104eaa43 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -868,3 +868,15 @@ u32 kvmi_msg_send_vcpu_pause(struct kvm_vcpu *vcpu)
return action;
}
+
+u32 kvmi_msg_send_hypercall(struct kvm_vcpu *vcpu)
+{
+ int err, action;
+
+ err = kvmi_send_event(vcpu, KVMI_EVENT_HYPERCALL, NULL, 0,
+ NULL, 0, &action);
+ if (err)
+ return KVMI_EVENT_ACTION_CONTINUE;
+
+ return action;
+}
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 58/78] KVM: introspection: add KVMI_EVENT_BREAKPOINT
From: Mihai Don?u <mdontu at bitdefender.com>
This event is sent when a breakpoint was reached. It has to
be enabled with the KVMI_VCPU_CONTROL_EVENTS command first.
The introspection tool can place breakpoints and use them as notification
for when the OS or an application has reached a certain state or is
trying to perform a certain operation (like creating a process).
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 37 +++++++++++++
arch/x86/include/uapi/asm/kvmi.h | 6 +++
arch/x86/kvm/kvmi.c | 52 +++++++++++++++++++
arch/x86/kvm/svm.c | 32 ++++++++++++
arch/x86/kvm/vmx/vmx.c | 16 ++++--
include/linux/kvmi_host.h | 4 ++
include/uapi/linux/kvmi.h | 1 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 46 ++++++++++++++++
virt/kvm/introspection/kvmi.c | 29 ++++++++++-
virt/kvm/introspection/kvmi_int.h | 8 ++-
virt/kvm/introspection/kvmi_msg.c | 22 +++++++-
11 files changed, 245 insertions(+), 8 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 90256141a15d..470407f309d9 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -530,6 +530,7 @@ Use *KVMI_VM_CHECK_EVENT* first.
Enables/disables vCPU introspection events. This command can be used with
the following events::
+ KVMI_EVENT_BREAKPOINT
KVMI_EVENT_HYPERCALL
When an event is enabled, the introspection tool is notified and it
@@ -798,3 +799,39 @@ It is used by the code residing inside the introspected
guest to call the
introspection tool and to report certain details about its operation. For
example, a classic antimalware remediation tool can report what it has
found during a scan.
+
+4. KVMI_EVENT_BREAKPOINT
+------------------------
+
+:Architectures: x86
+:Versions: >= 1
+:Actions: CONTINUE, CRASH, RETRY
+:Parameters:
+
+::
+
+ struct kvmi_event;
+ struct kvmi_event_breakpoint {
+ __u64 gpa;
+ __u8 insn_len;
+ __u8 padding[7];
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_event_reply;
+
+This event is sent when a breakpoint was reached and the introspection has
+been enabled for this event (see *KVMI_VCPU_CONTROL_EVENTS*).
+
+Some of these breakpoints could have been injected by the introspection tool,
+placed in the slack space of various functions and used as notification
+for when the OS or an application has reached a certain state or is
+trying to perform a certain operation (like creating a process).
+
+``kvmi_event`` and the guest physical address are sent to the introspection
tool.
+
+The *RETRY* action is used by the introspection tool for its own breakpoints.
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
index 9882e68cab75..1605777256a3 100644
--- a/arch/x86/include/uapi/asm/kvmi.h
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -59,4 +59,10 @@ struct kvmi_vcpu_get_cpuid_reply {
__u32 edx;
};
+struct kvmi_event_breakpoint {
+ __u64 gpa;
+ __u8 insn_len;
+ __u8 padding[7];
+};
+
#endif /* _UAPI_ASM_X86_KVMI_H */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index f597b3c1cba0..2c8c062a4b11 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -192,3 +192,55 @@ void kvmi_arch_hypercall_event(struct kvm_vcpu *vcpu)
"HYPERCALL");
}
}
+
+static int kvmi_control_bp_intercept(struct kvm_vcpu *vcpu, bool enable)
+{
+ struct kvm_guest_debug dbg = {};
+ int err = 0;
+
+ if (enable)
+ dbg.control = KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP;
+ err = kvm_arch_vcpu_set_guest_debug(vcpu, &dbg);
+
+ return err;
+}
+
+int kvmi_arch_cmd_control_intercept(struct kvm_vcpu *vcpu,
+ unsigned int event_id, bool enable)
+{
+ int err = 0;
+
+ switch (event_id) {
+ case KVMI_EVENT_BREAKPOINT:
+ err = kvmi_control_bp_intercept(vcpu, enable);
+ break;
+ default:
+ break;
+ }
+
+ return err;
+}
+
+void kvmi_arch_breakpoint_event(struct kvm_vcpu *vcpu, u64 gva, u8 insn_len)
+{
+ u32 action;
+ u64 gpa;
+
+ gpa = kvm_mmu_gva_to_gpa_system(vcpu, gva, 0, NULL);
+
+ action = kvmi_msg_send_bp(vcpu, gpa, insn_len);
+ switch (action) {
+ case KVMI_EVENT_ACTION_CONTINUE:
+ kvm_queue_exception(vcpu, BP_VECTOR);
+ break;
+ case KVMI_EVENT_ACTION_RETRY:
+ /* rip was most likely adjusted past the INT 3 instruction */
+ break;
+ default:
+ kvmi_handle_common_event_actions(vcpu->kvm, action, "BP");
+ }
+}
+
+void kvmi_arch_restore_interception(struct kvm_vcpu *vcpu)
+{
+}
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 38ecd86c1d58..37b018988d7d 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -2788,10 +2788,42 @@ static int db_interception(struct vcpu_svm *svm)
return 1;
}
+static unsigned svm_get_instruction_len(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_svm *svm = to_svm(vcpu);
+ unsigned long next_rip = 0, rip = kvm_rip_read(vcpu);
+ unsigned insn_len;
+
+ if (static_cpu_has(X86_FEATURE_NRIPS))
+ next_rip = svm->vmcb->control.next_rip;
+
+ if (!next_rip) {
+ if (!kvm_emulate_instruction(vcpu, EMULTYPE_SKIP))
+ return 0;
+
+ next_rip = kvm_rip_read(vcpu);
+ kvm_rip_write(vcpu, rip);
+ }
+
+ insn_len = next_rip - rip;
+ if (insn_len > MAX_INST_SIZE) {
+ pr_err("%s: ip 0x%lx next 0x%lx\n",
+ __func__, rip, next_rip);
+ return 0;
+ }
+
+ return insn_len;
+}
+
static int bp_interception(struct vcpu_svm *svm)
{
struct kvm_run *kvm_run = svm->vcpu.run;
+ if (!kvmi_breakpoint_event(&svm->vcpu, svm->vmcb->save.cs.base +
+ svm->vmcb->save.rip,
+ svm_get_instruction_len(&svm->vcpu)))
+ return 1;
+
kvm_run->exit_reason = KVM_EXIT_DEBUG;
kvm_run->debug.arch.pc = svm->vmcb->save.cs.base +
svm->vmcb->save.rip;
kvm_run->debug.arch.exception = BP_VECTOR;
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 475f5eb6c4c2..d231ff25f467 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -4620,7 +4620,7 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
struct vcpu_vmx *vmx = to_vmx(vcpu);
struct kvm_run *kvm_run = vcpu->run;
u32 intr_info, ex_no, error_code;
- unsigned long cr2, rip, dr6;
+ unsigned long cr2, dr6;
u32 vect_info;
vect_info = vmx->idt_vectoring_info;
@@ -4698,7 +4698,10 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
kvm_run->debug.arch.dr6 = dr6 | DR6_FIXED_1;
kvm_run->debug.arch.dr7 = vmcs_readl(GUEST_DR7);
/* fall through */
- case BP_VECTOR:
+ case BP_VECTOR: {
+ unsigned long gva = vmcs_readl(GUEST_CS_BASE) +
+ kvm_rip_read(vcpu);
+
/*
* Update instruction length as we may reinject #BP from
* user space while in guest debugging mode. Reading it for
@@ -4706,11 +4709,16 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
*/
vmx->vcpu.arch.event_exit_inst_len
vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
+
+ if (!kvmi_breakpoint_event(vcpu, gva,
+ vmx->vcpu.arch.event_exit_inst_len))
+ return 1;
+
kvm_run->exit_reason = KVM_EXIT_DEBUG;
- rip = kvm_rip_read(vcpu);
- kvm_run->debug.arch.pc = vmcs_readl(GUEST_CS_BASE) + rip;
+ kvm_run->debug.arch.pc = gva;
kvm_run->debug.arch.exception = ex_no;
break;
+ }
default:
kvm_run->exit_reason = KVM_EXIT_EXCEPTION;
kvm_run->ex.exception = ex_no;
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 0a85bfbd0c0c..57e91c8659a3 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -76,6 +76,7 @@ int kvmi_ioctl_preunhook(struct kvm *kvm);
void kvmi_handle_requests(struct kvm_vcpu *vcpu);
bool kvmi_hypercall_event(struct kvm_vcpu *vcpu);
+bool kvmi_breakpoint_event(struct kvm_vcpu *vcpu, u64 gva, u8 insn_len);
#else
@@ -87,6 +88,9 @@ static inline void kvmi_vcpu_uninit(struct kvm_vcpu *vcpu) { }
static inline void kvmi_handle_requests(struct kvm_vcpu *vcpu) { }
static inline bool kvmi_hypercall_event(struct kvm_vcpu *vcpu) { return false;
}
+static inline bool kvmi_breakpoint_event(struct kvm_vcpu *vcpu, u64 gva,
+ u8 insn_len)
+ { return true; }
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 20e2f154ab88..eec33e85b0c7 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -40,6 +40,7 @@ enum {
KVMI_EVENT_UNHOOK = 0,
KVMI_EVENT_PAUSE_VCPU = 1,
KVMI_EVENT_HYPERCALL = 2,
+ KVMI_EVENT_BREAKPOINT = 3,
KVMI_NUM_EVENTS
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index ef4e33e92fff..33164ac75ca9 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -48,6 +48,7 @@ struct vcpu_worker_data {
enum {
GUEST_TEST_NOOP = 0,
+ GUEST_TEST_BP,
GUEST_TEST_HYPERCALL,
};
@@ -62,6 +63,11 @@ static int guest_test_id(void)
return READ_ONCE(test_id);
}
+static void guest_bp_test(void)
+{
+ asm volatile("int3");
+}
+
static void guest_hypercall_test(void)
{
asm volatile("mov $34, %rax");
@@ -76,6 +82,9 @@ static void guest_code(void)
switch (guest_test_id()) {
case GUEST_TEST_NOOP:
break;
+ case GUEST_TEST_BP:
+ guest_bp_test();
+ break;
case GUEST_TEST_HYPERCALL:
guest_hypercall_test();
break;
@@ -984,6 +993,42 @@ static void test_event_hypercall(struct kvm_vm *vm)
disable_vcpu_event(vm, event_id);
}
+static void test_event_breakpoint(struct kvm_vm *vm)
+{
+ struct vcpu_worker_data data = {
+ .vm = vm,
+ .vcpu_id = VCPU_ID,
+ .test_id = GUEST_TEST_BP,
+ };
+ struct kvmi_msg_hdr hdr;
+ struct {
+ struct kvmi_event common;
+ struct kvmi_event_breakpoint bp;
+ } ev;
+ struct vcpu_reply rpl = {};
+ __u16 event_id = KVMI_EVENT_BREAKPOINT;
+ pthread_t vcpu_thread;
+
+ enable_vcpu_event(vm, event_id);
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ receive_event(&hdr, &ev.common, sizeof(ev), event_id);
+
+ DEBUG("Breakpoint event, rip 0x%llx, len %u\n",
+ ev.common.arch.regs.rip, ev.bp.insn_len);
+
+ ev.common.arch.regs.rip += ev.bp.insn_len;
+ __set_registers(vm, &ev.common.arch.regs);
+
+ reply_to_event(&hdr, &ev.common, KVMI_EVENT_ACTION_RETRY,
+ &rpl, sizeof(rpl));
+
+ stop_vcpu_worker(vcpu_thread, &data);
+
+ disable_vcpu_event(vm, event_id);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1004,6 +1049,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_vcpu_set_registers(vm);
test_cmd_vcpu_get_cpuid(vm);
test_event_hypercall(vm);
+ test_event_breakpoint(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index a1c059489dea..19ea94dc0e1d 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -165,6 +165,8 @@ static void free_vcpui(struct kvm_vcpu *vcpu)
kfree(vcpui);
vcpu->kvmi = NULL;
+
+ kvmi_make_request(vcpu, false);
}
static void free_kvmi(struct kvm *kvm)
@@ -555,7 +557,7 @@ int kvmi_cmd_vcpu_control_events(struct kvm_vcpu *vcpu,
else
clear_bit(event_id, vcpui->ev_mask);
- return 0;
+ return kvmi_arch_cmd_control_intercept(vcpu, event_id, enable);
}
unsigned long gfn_to_hva_safe(struct kvm *kvm, gfn_t gfn)
@@ -777,7 +779,7 @@ void kvmi_handle_requests(struct kvm_vcpu *vcpu)
kvmi = kvmi_get(vcpu->kvm);
if (!kvmi)
- return;
+ goto out;
for (;;) {
kvmi_run_jobs(vcpu);
@@ -789,6 +791,9 @@ void kvmi_handle_requests(struct kvm_vcpu *vcpu)
}
kvmi_put(vcpu->kvm);
+
+out:
+ kvmi_arch_restore_interception(vcpu);
}
int kvmi_cmd_vcpu_pause(struct kvm_vcpu *vcpu, bool wait)
@@ -850,3 +855,23 @@ bool kvmi_hypercall_event(struct kvm_vcpu *vcpu)
return ret;
}
+
+bool kvmi_breakpoint_event(struct kvm_vcpu *vcpu, u64 gva, u8 insn_len)
+{
+ struct kvm_introspection *kvmi;
+ bool ret = false;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return true;
+
+ if (is_event_enabled(vcpu, KVMI_EVENT_BREAKPOINT))
+ kvmi_arch_breakpoint_event(vcpu, gva, insn_len);
+ else
+ ret = true;
+
+ kvmi_put(vcpu->kvm);
+
+ return ret;
+}
+EXPORT_SYMBOL(kvmi_breakpoint_event);
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 3dbcf944a606..06f2c5b6857a 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -22,7 +22,8 @@
BIT(KVMI_EVENT_UNHOOK) \
)
#define KVMI_KNOWN_VCPU_EVENTS ( \
- BIT(KVMI_EVENT_HYPERCALL) \
+ BIT(KVMI_EVENT_BREAKPOINT) \
+ | BIT(KVMI_EVENT_HYPERCALL) \
| BIT(KVMI_EVENT_PAUSE_VCPU) \
)
@@ -66,6 +67,7 @@ bool kvmi_msg_process(struct kvm_introspection *kvmi);
int kvmi_msg_send_unhook(struct kvm_introspection *kvmi);
u32 kvmi_msg_send_vcpu_pause(struct kvm_vcpu *vcpu);
u32 kvmi_msg_send_hypercall(struct kvm_vcpu *vcpu);
+u32 kvmi_msg_send_bp(struct kvm_vcpu *vcpu, u64 gpa, u8 insn_len);
/* kvmi.c */
void *kvmi_msg_alloc(void);
@@ -94,6 +96,7 @@ int kvmi_cmd_vcpu_set_registers(struct kvm_vcpu *vcpu,
const struct kvm_regs *regs);
/* arch */
+void kvmi_arch_restore_interception(struct kvm_vcpu *vcpu);
int kvmi_arch_cmd_vcpu_get_info(struct kvm_vcpu *vcpu,
struct kvmi_vcpu_get_info_reply *rpl);
void kvmi_arch_setup_event(struct kvm_vcpu *vcpu, struct kvmi_event *ev);
@@ -107,5 +110,8 @@ int kvmi_arch_cmd_vcpu_get_cpuid(struct kvm_vcpu *vcpu,
struct kvmi_vcpu_get_cpuid_reply *rpl);
bool kvmi_arch_is_agent_hypercall(struct kvm_vcpu *vcpu);
void kvmi_arch_hypercall_event(struct kvm_vcpu *vcpu);
+void kvmi_arch_breakpoint_event(struct kvm_vcpu *vcpu, u64 gva, u8 insn_len);
+int kvmi_arch_cmd_control_intercept(struct kvm_vcpu *vcpu,
+ unsigned int event_id, bool enable);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index bcdf104eaa43..67762baa281a 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -430,9 +430,12 @@ static int handle_vcpu_control_events(const struct
kvmi_vcpu_cmd_job *job,
ec = -KVM_EINVAL;
else if (!is_event_allowed(kvmi, req->event_id))
ec = -KVM_EPERM;
- else
+ else {
ec = kvmi_cmd_vcpu_control_events(job->vcpu, req->event_id,
req->enable);
+ if (ec)
+ ec = -KVM_EOPNOTSUPP;
+ }
return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
}
@@ -880,3 +883,20 @@ u32 kvmi_msg_send_hypercall(struct kvm_vcpu *vcpu)
return action;
}
+
+u32 kvmi_msg_send_bp(struct kvm_vcpu *vcpu, u64 gpa, u8 insn_len)
+{
+ struct kvmi_event_breakpoint e;
+ int err, action;
+
+ memset(&e, 0, sizeof(e));
+ e.gpa = gpa;
+ e.insn_len = insn_len;
+
+ err = kvmi_send_event(vcpu, KVMI_EVENT_BREAKPOINT, &e, sizeof(e),
+ NULL, 0, &action);
+ if (err)
+ return KVMI_EVENT_ACTION_CONTINUE;
+
+ return action;
+}
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 59/78] KVM: introspection: restore the state of #BP interception on unhook
From: Nicu?or C??u <ncitu at bitdefender.com>
This commit also ensures that only the userspace or the introspection
tool can control the #BP interception exclusively at one time.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 3 +
arch/x86/include/asm/kvmi_host.h | 22 +++++++
arch/x86/kvm/kvmi.c | 99 ++++++++++++++++++++++++++++++-
arch/x86/kvm/x86.c | 5 ++
virt/kvm/introspection/kvmi.c | 27 ++++++++-
virt/kvm/introspection/kvmi_int.h | 6 +-
6 files changed, 157 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 9cf45ca73af5..fbd9ecc41177 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -815,6 +815,9 @@ struct kvm_vcpu_arch {
/* #PF translated error code from EPT/NPT exit reason */
u64 error_code;
+
+ /* Control the interception for KVM Introspection */
+ struct kvmi_interception *kvmi;
};
struct kvm_lpage_info {
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
index 360a57dd9019..c8b793915b84 100644
--- a/arch/x86/include/asm/kvmi_host.h
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -2,10 +2,32 @@
#ifndef _ASM_X86_KVMI_HOST_H
#define _ASM_X86_KVMI_HOST_H
+struct kvmi_monitor_interception {
+ bool kvmi_intercepted;
+ bool kvm_intercepted;
+ bool (*monitor_fct)(struct kvm_vcpu *vcpu, bool enable);
+};
+
+struct kvmi_interception {
+ bool restore_interception;
+ struct kvmi_monitor_interception breakpoint;
+};
+
struct kvm_vcpu_arch_introspection {
};
struct kvm_arch_introspection {
};
+#ifdef CONFIG_KVM_INTROSPECTION
+
+bool kvmi_monitor_bp_intercept(struct kvm_vcpu *vcpu, u32 dbg);
+
+#else /* CONFIG_KVM_INTROSPECTION */
+
+static inline bool kvmi_monitor_bp_intercept(struct kvm_vcpu *vcpu, u32 dbg)
+ { return false; }
+
+#endif /* CONFIG_KVM_INTROSPECTION */
+
#endif /* _ASM_X86_KVMI_HOST_H */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index 2c8c062a4b11..54abaf416ff3 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -193,18 +193,71 @@ void kvmi_arch_hypercall_event(struct kvm_vcpu *vcpu)
}
}
+/*
+ * Returns true if one side (kvm or kvmi) tries to enable/disable the
breakpoint
+ * interception while the other side is still tracking it.
+ */
+bool kvmi_monitor_bp_intercept(struct kvm_vcpu *vcpu, u32 dbg)
+{
+ u32 bp_mask = KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP;
+ struct kvmi_interception *arch_vcpui = READ_ONCE(vcpu->arch.kvmi);
+ bool enable = false;
+
+ if ((dbg & bp_mask) == bp_mask)
+ enable = true;
+
+ return (arch_vcpui && arch_vcpui->breakpoint.monitor_fct(vcpu,
enable));
+}
+EXPORT_SYMBOL(kvmi_monitor_bp_intercept);
+
+static bool monitor_bp_fct_kvmi(struct kvm_vcpu *vcpu, bool enable)
+{
+ if (enable) {
+ if (kvm_x86_ops->bp_intercepted(vcpu))
+ return true;
+ } else if (!vcpu->arch.kvmi->breakpoint.kvmi_intercepted)
+ return true;
+
+ vcpu->arch.kvmi->breakpoint.kvmi_intercepted = enable;
+
+ return false;
+}
+
+static bool monitor_bp_fct_kvm(struct kvm_vcpu *vcpu, bool enable)
+{
+ if (enable) {
+ if (kvm_x86_ops->bp_intercepted(vcpu))
+ return true;
+ } else if (!vcpu->arch.kvmi->breakpoint.kvm_intercepted)
+ return true;
+
+ vcpu->arch.kvmi->breakpoint.kvm_intercepted = enable;
+
+ return false;
+}
+
static int kvmi_control_bp_intercept(struct kvm_vcpu *vcpu, bool enable)
{
struct kvm_guest_debug dbg = {};
int err = 0;
+ vcpu->arch.kvmi->breakpoint.monitor_fct = monitor_bp_fct_kvmi;
if (enable)
dbg.control = KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP;
err = kvm_arch_vcpu_set_guest_debug(vcpu, &dbg);
+ vcpu->arch.kvmi->breakpoint.monitor_fct = monitor_bp_fct_kvm;
return err;
}
+static void kvmi_arch_disable_bp_intercept(struct kvm_vcpu *vcpu)
+{
+ kvmi_control_bp_intercept(vcpu, false);
+
+ vcpu->arch.kvmi->breakpoint.kvmi_intercepted = false;
+ vcpu->arch.kvmi->breakpoint.kvm_intercepted = false;
+}
+
int kvmi_arch_cmd_control_intercept(struct kvm_vcpu *vcpu,
unsigned int event_id, bool enable)
{
@@ -241,6 +294,50 @@ void kvmi_arch_breakpoint_event(struct kvm_vcpu *vcpu, u64
gva, u8 insn_len)
}
}
-void kvmi_arch_restore_interception(struct kvm_vcpu *vcpu)
+bool kvmi_arch_restore_interception(struct kvm_vcpu *vcpu)
{
+ struct kvmi_interception *arch_vcpui = vcpu->arch.kvmi;
+
+ if (!arch_vcpui || !arch_vcpui->restore_interception)
+ return false;
+
+ kvmi_arch_disable_bp_intercept(vcpu);
+
+ return true;
+}
+
+bool kvmi_arch_vcpu_alloc(struct kvm_vcpu *vcpu)
+{
+ struct kvmi_interception *arch_vcpui;
+
+ arch_vcpui = kzalloc(sizeof(*arch_vcpui), GFP_KERNEL);
+ if (!arch_vcpui)
+ return false;
+
+ arch_vcpui->breakpoint.monitor_fct = monitor_bp_fct_kvm;
+
+ /* pair with kvmi_monitor_bp_intercept() */
+ smp_wmb();
+ WRITE_ONCE(vcpu->arch.kvmi, arch_vcpui);
+
+ return true;
+}
+
+void kvmi_arch_vcpu_free(struct kvm_vcpu *vcpu)
+{
+ kfree(vcpu->arch.kvmi);
+ WRITE_ONCE(vcpu->arch.kvmi, NULL);
+}
+
+bool kvmi_arch_vcpu_introspected(struct kvm_vcpu *vcpu)
+{
+ return !!READ_ONCE(vcpu->arch.kvmi);
+}
+
+void kvmi_arch_request_restore_interception(struct kvm_vcpu *vcpu)
+{
+ struct kvmi_interception *arch_vcpui = READ_ONCE(vcpu->arch.kvmi);
+
+ if (arch_vcpui)
+ arch_vcpui->restore_interception = true;
}
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index b4a7805ce9e4..a3afbbb7199f 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -8993,6 +8993,11 @@ int kvm_arch_vcpu_set_guest_debug(struct kvm_vcpu *vcpu,
kvm_queue_exception(vcpu, BP_VECTOR);
}
+ if (kvmi_monitor_bp_intercept(vcpu, dbg->control)) {
+ r = -EBUSY;
+ goto out;
+ }
+
/*
* Read rflags as long as potentially injected trace flags are still
* filtered out.
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 19ea94dc0e1d..f369856f91b1 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -137,7 +137,7 @@ static bool alloc_vcpui(struct kvm_vcpu *vcpu)
vcpu->kvmi = vcpui;
- return true;
+ return kvmi_arch_vcpu_alloc(vcpu);
}
static int create_vcpui(struct kvm_vcpu *vcpu)
@@ -166,6 +166,7 @@ static void free_vcpui(struct kvm_vcpu *vcpu)
kfree(vcpui);
vcpu->kvmi = NULL;
+ kvmi_arch_request_restore_interception(vcpu);
kvmi_make_request(vcpu, false);
}
@@ -184,6 +185,7 @@ static void free_kvmi(struct kvm *kvm)
void kvmi_vcpu_uninit(struct kvm_vcpu *vcpu)
{
free_vcpui(vcpu);
+ kvmi_arch_vcpu_free(vcpu);
}
static struct kvm_introspection *
@@ -324,6 +326,21 @@ static int kvmi_recv_thread(void *arg)
return 0;
}
+static bool ready_to_hook(struct kvm *kvm)
+{
+ struct kvm_vcpu *vcpu;
+ int i;
+
+ if (kvm->kvmi)
+ return false;
+
+ kvm_for_each_vcpu(i, vcpu, kvm)
+ if (kvmi_arch_vcpu_introspected(vcpu))
+ return false;
+
+ return true;
+}
+
int kvmi_hook(struct kvm *kvm, const struct kvm_introspection_hook *hook)
{
struct kvm_introspection *kvmi;
@@ -331,7 +348,7 @@ int kvmi_hook(struct kvm *kvm, const struct
kvm_introspection_hook *hook)
mutex_lock(&kvm->kvmi_lock);
- if (kvm->kvmi) {
+ if (!ready_to_hook(kvm)) {
err = -EEXIST;
goto out;
}
@@ -793,7 +810,11 @@ void kvmi_handle_requests(struct kvm_vcpu *vcpu)
kvmi_put(vcpu->kvm);
out:
- kvmi_arch_restore_interception(vcpu);
+ if (kvmi_arch_restore_interception(vcpu)) {
+ mutex_lock(&vcpu->kvm->kvmi_lock);
+ kvmi_arch_vcpu_free(vcpu);
+ mutex_unlock(&vcpu->kvm->kvmi_lock);
+ }
}
int kvmi_cmd_vcpu_pause(struct kvm_vcpu *vcpu, bool wait)
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 06f2c5b6857a..06792c0ba6e6 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -96,7 +96,11 @@ int kvmi_cmd_vcpu_set_registers(struct kvm_vcpu *vcpu,
const struct kvm_regs *regs);
/* arch */
-void kvmi_arch_restore_interception(struct kvm_vcpu *vcpu);
+bool kvmi_arch_vcpu_alloc(struct kvm_vcpu *vcpu);
+void kvmi_arch_vcpu_free(struct kvm_vcpu *vcpu);
+bool kvmi_arch_vcpu_introspected(struct kvm_vcpu *vcpu);
+bool kvmi_arch_restore_interception(struct kvm_vcpu *vcpu);
+void kvmi_arch_request_restore_interception(struct kvm_vcpu *vcpu);
int kvmi_arch_cmd_vcpu_get_info(struct kvm_vcpu *vcpu,
struct kvmi_vcpu_get_info_reply *rpl);
void kvmi_arch_setup_event(struct kvm_vcpu *vcpu, struct kvmi_event *ev);
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 60/78] KVM: introspection: add KVMI_VCPU_CONTROL_CR and KVMI_EVENT_CR
From: Mihai Don?u <mdontu at bitdefender.com>
Using the KVMI_VCPU_CONTROL_CR command, the introspection tool subscribes
to KVMI_EVENT_CR events that will be sent when CR{0,3,4} is going to
be changed.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 71 +++++++++++
arch/x86/include/asm/kvmi_host.h | 10 ++
arch/x86/include/uapi/asm/kvmi.h | 18 +++
arch/x86/kvm/kvmi.c | 112 ++++++++++++++++++
arch/x86/kvm/vmx/vmx.c | 6 +-
arch/x86/kvm/x86.c | 12 +-
include/uapi/linux/kvmi.h | 2 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 98 +++++++++++++++
virt/kvm/introspection/kvmi_int.h | 9 ++
virt/kvm/introspection/kvmi_msg.c | 19 ++-
10 files changed, 351 insertions(+), 6 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 470407f309d9..17a7cc50aedc 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -531,6 +531,7 @@ Enables/disables vCPU introspection events. This command can
be used with
the following events::
KVMI_EVENT_BREAKPOINT
+ KVMI_EVENT_CR
KVMI_EVENT_HYPERCALL
When an event is enabled, the introspection tool is notified and it
@@ -658,6 +659,41 @@ Returns a CPUID leaf (as seen by the guest OS).
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
* -KVM_ENOENT - the selected leaf is not present or is invalid
+14. KVMI_VCPU_CONTROL_CR
+------------------------
+
+:Architectures: x86
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_vcpu_control_cr {
+ __u8 enable;
+ __u8 padding1;
+ __u16 padding2;
+ __u32 cr;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code
+
+Enables/disables introspection for a specific control register and must
+be used in addition to *KVMI_VCPU_CONTROL_EVENTS* with the *KVMI_EVENT_CR*
+ID set.
+
+:Errors:
+
+* -KVM_EINVAL - the selected vCPU is invalid
+* -KVM_EINVAL - the specified control register is not part of the CR0, CR3
+ or CR4 set
+* -KVM_EINVAL - padding is not zero
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+
Events
=====
@@ -835,3 +871,38 @@ trying to perform a certain operation (like creating a
process).
``kvmi_event`` and the guest physical address are sent to the introspection
tool.
The *RETRY* action is used by the introspection tool for its own breakpoints.
+
+5. KVMI_EVENT_CR
+----------------
+
+:Architectures: x86
+:Versions: >= 1
+:Actions: CONTINUE, CRASH
+:Parameters:
+
+::
+
+ struct kvmi_event;
+ struct kvmi_event_cr {
+ __u16 cr;
+ __u16 padding[3];
+ __u64 old_value;
+ __u64 new_value;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_event_reply;
+ struct kvmi_event_cr_reply {
+ __u64 new_val;
+ };
+
+This event is sent when a control register is going to be changed and the
+introspection has been enabled for this event and for this specific
+register (see **KVMI_VCPU_CONTROL_EVENTS**).
+
+``kvmi_event``, the control register number, the old value and the new value
+are sent to the introspection tool. The *CONTINUE* action will set the
``new_val``.
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
index c8b793915b84..4ac209cb4ebf 100644
--- a/arch/x86/include/asm/kvmi_host.h
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -2,6 +2,8 @@
#ifndef _ASM_X86_KVMI_HOST_H
#define _ASM_X86_KVMI_HOST_H
+#define KVMI_NUM_CR 5
+
struct kvmi_monitor_interception {
bool kvmi_intercepted;
bool kvm_intercepted;
@@ -14,6 +16,7 @@ struct kvmi_interception {
};
struct kvm_vcpu_arch_introspection {
+ DECLARE_BITMAP(cr_mask, KVMI_NUM_CR);
};
struct kvm_arch_introspection {
@@ -22,11 +25,18 @@ struct kvm_arch_introspection {
#ifdef CONFIG_KVM_INTROSPECTION
bool kvmi_monitor_bp_intercept(struct kvm_vcpu *vcpu, u32 dbg);
+bool kvmi_cr_event(struct kvm_vcpu *vcpu, unsigned int cr,
+ unsigned long old_value, unsigned long *new_value);
+bool kvmi_cr3_intercepted(struct kvm_vcpu *vcpu);
#else /* CONFIG_KVM_INTROSPECTION */
static inline bool kvmi_monitor_bp_intercept(struct kvm_vcpu *vcpu, u32 dbg)
{ return false; }
+static inline bool kvmi_cr_event(struct kvm_vcpu *vcpu, unsigned int cr,
+ unsigned long old_value,
+ unsigned long *new_value) { return true; }
+static inline bool kvmi_cr3_intercepted(struct kvm_vcpu *vcpu) { return false;
}
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
index 1605777256a3..d1a0be0499d4 100644
--- a/arch/x86/include/uapi/asm/kvmi.h
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -65,4 +65,22 @@ struct kvmi_event_breakpoint {
__u8 padding[7];
};
+struct kvmi_vcpu_control_cr {
+ __u8 enable;
+ __u8 padding1;
+ __u16 padding2;
+ __u32 cr;
+};
+
+struct kvmi_event_cr {
+ __u16 cr;
+ __u16 padding[3];
+ __u64 old_value;
+ __u64 new_value;
+};
+
+struct kvmi_event_cr_reply {
+ __u64 new_val;
+};
+
#endif /* _UAPI_ASM_X86_KVMI_H */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index 54abaf416ff3..9917295e9a56 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -341,3 +341,115 @@ void kvmi_arch_request_restore_interception(struct
kvm_vcpu *vcpu)
if (arch_vcpui)
arch_vcpui->restore_interception = true;
}
+
+int kvmi_arch_cmd_vcpu_control_cr(struct kvm_vcpu *vcpu,
+ const struct kvmi_vcpu_control_cr *req)
+{
+ u32 cr = req->cr;
+
+ if (req->padding1 || req->padding2 || cr >= KVMI_NUM_CR)
+ return -KVM_EINVAL;
+
+ switch (cr) {
+ case 0:
+ break;
+ case 3:
+ kvm_x86_ops->control_cr3_intercept(vcpu, CR_TYPE_W,
+ req->enable);
+ break;
+ case 4:
+ break;
+ default:
+ return -KVM_EINVAL;
+ }
+
+ if (req->enable)
+ set_bit(cr, VCPUI(vcpu)->arch.cr_mask);
+ else
+ clear_bit(cr, VCPUI(vcpu)->arch.cr_mask);
+
+ return 0;
+}
+
+static u32 kvmi_send_cr(struct kvm_vcpu *vcpu, u32 cr, u64 old_value,
+ u64 new_value, u64 *ret_value)
+{
+ struct kvmi_event_cr e = {
+ .cr = cr,
+ .old_value = old_value,
+ .new_value = new_value
+ };
+ struct kvmi_event_cr_reply r;
+ int err, action;
+
+ err = kvmi_send_event(vcpu, KVMI_EVENT_CR, &e, sizeof(e),
+ &r, sizeof(r), &action);
+ if (err) {
+ *ret_value = new_value;
+ return KVMI_EVENT_ACTION_CONTINUE;
+ }
+
+ *ret_value = r.new_val;
+ return action;
+}
+
+static bool __kvmi_cr_event(struct kvm_vcpu *vcpu, unsigned int cr,
+ unsigned long old_value, unsigned long *new_value)
+{
+ u64 ret_value;
+ u32 action;
+ bool ret = false;
+
+ if (!test_bit(cr, VCPUI(vcpu)->arch.cr_mask))
+ return true;
+
+ action = kvmi_send_cr(vcpu, cr, old_value, *new_value, &ret_value);
+ switch (action) {
+ case KVMI_EVENT_ACTION_CONTINUE:
+ *new_value = ret_value;
+ ret = true;
+ break;
+ default:
+ kvmi_handle_common_event_actions(vcpu->kvm, action, "CR");
+ }
+
+ return ret;
+}
+
+bool kvmi_cr_event(struct kvm_vcpu *vcpu, unsigned int cr,
+ unsigned long old_value, unsigned long *new_value)
+{
+ struct kvm_introspection *kvmi;
+ bool ret = true;
+
+ if (old_value == *new_value)
+ return true;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return true;
+
+ if (is_event_enabled(vcpu, KVMI_EVENT_CR))
+ ret = __kvmi_cr_event(vcpu, cr, old_value, new_value);
+
+ kvmi_put(vcpu->kvm);
+
+ return ret;
+}
+
+bool kvmi_cr3_intercepted(struct kvm_vcpu *vcpu)
+{
+ struct kvm_introspection *kvmi;
+ bool ret;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return false;
+
+ ret = test_bit(3, VCPUI(vcpu)->arch.cr_mask);
+
+ kvmi_put(vcpu->kvm);
+
+ return ret;
+}
+EXPORT_SYMBOL(kvmi_cr3_intercepted);
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index d231ff25f467..d3d7908995b5 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -4850,7 +4850,8 @@ static int handle_cr(struct kvm_vcpu *vcpu)
err = handle_set_cr0(vcpu, val);
return kvm_complete_insn_gp(vcpu, err);
case 3:
- WARN_ON_ONCE(enable_unrestricted_guest);
+ WARN_ON_ONCE(enable_unrestricted_guest &&
+ !kvmi_cr3_intercepted(vcpu));
err = kvm_set_cr3(vcpu, val);
return kvm_complete_insn_gp(vcpu, err);
case 4:
@@ -4883,7 +4884,8 @@ static int handle_cr(struct kvm_vcpu *vcpu)
case 1: /*mov from cr*/
switch (cr) {
case 3:
- WARN_ON_ONCE(enable_unrestricted_guest);
+ WARN_ON_ONCE(enable_unrestricted_guest &&
+ !kvmi_cr3_intercepted(vcpu));
val = kvm_read_cr3(vcpu);
kvm_register_write(vcpu, reg, val);
trace_kvm_cr_read(cr, val);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index a3afbbb7199f..e0376d0b7408 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -774,6 +774,9 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
if (!(cr0 & X86_CR0_PG) && kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE))
return 1;
+ if (!kvmi_cr_event(vcpu, 0, old_cr0, &cr0))
+ return 1;
+
kvm_x86_ops->set_cr0(vcpu, cr0);
if ((cr0 ^ old_cr0) & X86_CR0_PG) {
@@ -935,6 +938,9 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
return 1;
}
+ if (!kvmi_cr_event(vcpu, 4, old_cr4, &cr4))
+ return 1;
+
if (kvm_x86_ops->set_cr4(vcpu, cr4))
return 1;
@@ -951,6 +957,7 @@ EXPORT_SYMBOL_GPL(kvm_set_cr4);
int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
{
+ unsigned long old_cr3 = kvm_read_cr3(vcpu);
bool skip_tlb_flush = false;
#ifdef CONFIG_X86_64
bool pcid_enabled = kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE);
@@ -961,7 +968,7 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
}
#endif
- if (cr3 == kvm_read_cr3(vcpu) && !pdptrs_changed(vcpu)) {
+ if (cr3 == old_cr3 && !pdptrs_changed(vcpu)) {
if (!skip_tlb_flush) {
kvm_mmu_sync_roots(vcpu);
kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu);
@@ -976,6 +983,9 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
!load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3))
return 1;
+ if (!kvmi_cr_event(vcpu, 3, old_cr3, &cr3))
+ return 1;
+
kvm_mmu_new_cr3(vcpu, cr3, skip_tlb_flush);
vcpu->arch.cr3 = cr3;
kvm_register_mark_available(vcpu, VCPU_EXREG_CR3);
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index eec33e85b0c7..7be58dcf194f 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -32,6 +32,7 @@ enum {
KVMI_VCPU_GET_REGISTERS = 12,
KVMI_VCPU_SET_REGISTERS = 13,
KVMI_VCPU_GET_CPUID = 14,
+ KVMI_VCPU_CONTROL_CR = 15,
KVMI_NUM_MESSAGES
};
@@ -41,6 +42,7 @@ enum {
KVMI_EVENT_PAUSE_VCPU = 1,
KVMI_EVENT_HYPERCALL = 2,
KVMI_EVENT_BREAKPOINT = 3,
+ KVMI_EVENT_CR = 4,
KVMI_NUM_EVENTS
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 33164ac75ca9..a6e565b05947 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -49,6 +49,7 @@ struct vcpu_worker_data {
enum {
GUEST_TEST_NOOP = 0,
GUEST_TEST_BP,
+ GUEST_TEST_CR,
GUEST_TEST_HYPERCALL,
};
@@ -68,6 +69,11 @@ static void guest_bp_test(void)
asm volatile("int3");
}
+static void guest_cr_test(void)
+{
+ set_cr4(get_cr4() | X86_CR4_OSXSAVE);
+}
+
static void guest_hypercall_test(void)
{
asm volatile("mov $34, %rax");
@@ -85,6 +91,9 @@ static void guest_code(void)
case GUEST_TEST_BP:
guest_bp_test();
break;
+ case GUEST_TEST_CR:
+ guest_cr_test();
+ break;
case GUEST_TEST_HYPERCALL:
guest_hypercall_test();
break;
@@ -1029,6 +1038,94 @@ static void test_event_breakpoint(struct kvm_vm *vm)
disable_vcpu_event(vm, event_id);
}
+static int cmd_control_cr(struct kvm_vm *vm, __u32 cr, bool enable)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ struct kvmi_vcpu_control_cr cmd;
+ } req = {};
+
+ req.cmd.cr = cr;
+ req.cmd.enable = enable ? 1 : 0;
+
+ return do_vcpu0_command(vm, KVMI_VCPU_CONTROL_CR, &req.hdr, sizeof(req),
+ NULL, 0);
+}
+
+static void enable_cr_events(struct kvm_vm *vm, __u32 cr)
+{
+ int r;
+
+ enable_vcpu_event(vm, KVMI_EVENT_CR);
+
+ r = cmd_control_cr(vm, cr, true);
+ TEST_ASSERT(r == 0,
+ "KVMI_VCPU_CONTROL_CR failed, error %d(%s)\n",
+ -r, kvm_strerror(-r));
+}
+
+static void disable_cr_events(struct kvm_vm *vm, __u32 cr)
+{
+ int r;
+
+ r = cmd_control_cr(vm, cr, false);
+ TEST_ASSERT(r == 0,
+ "KVMI_VCPU_CONTROL_CR failed, error %d(%s)\n",
+ -r, kvm_strerror(-r));
+
+ disable_vcpu_event(vm, KVMI_EVENT_CR);
+}
+
+static void test_cmd_vcpu_control_cr(struct kvm_vm *vm)
+{
+ struct vcpu_worker_data data = {
+ .vm = vm,
+ .vcpu_id = VCPU_ID,
+ .test_id = GUEST_TEST_CR,
+ };
+ struct kvmi_msg_hdr hdr;
+ struct {
+ struct kvmi_event common;
+ struct kvmi_event_cr cr;
+ } ev;
+ struct {
+ struct vcpu_reply common;
+ struct kvmi_event_cr_reply cr;
+ } rpl = {};
+ __u16 event_id = KVMI_EVENT_CR;
+ __u32 cr_no = 4;
+ struct kvm_sregs sregs;
+ pthread_t vcpu_thread;
+
+ enable_cr_events(vm, cr_no);
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ receive_event(&hdr, &ev.common, sizeof(ev), event_id);
+
+ DEBUG("CR%u, old 0x%llx, new 0x%llx\n",
+ ev.cr.cr, ev.cr.old_value, ev.cr.new_value);
+
+ TEST_ASSERT(ev.cr.cr == cr_no,
+ "Unexpected CR event, received CR%u, expected CR%u",
+ ev.cr.cr, cr_no);
+
+ rpl.cr.new_val = ev.cr.old_value;
+
+ reply_to_event(&hdr, &ev.common, KVMI_EVENT_ACTION_CONTINUE,
+ &rpl.common, sizeof(rpl));
+
+ stop_vcpu_worker(vcpu_thread, &data);
+
+ disable_cr_events(vm, cr_no);
+
+ vcpu_sregs_get(vm, VCPU_ID, &sregs);
+ TEST_ASSERT(sregs.cr4 == ev.cr.old_value,
+ "Failed to block CR4 update, CR4 0x%x, expected 0x%x",
+ sregs.cr4, ev.cr.old_value);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1050,6 +1147,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_vcpu_get_cpuid(vm);
test_event_hypercall(vm);
test_event_breakpoint(vm);
+ test_cmd_vcpu_control_cr(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 06792c0ba6e6..c2f613e5304e 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -23,6 +23,7 @@
)
#define KVMI_KNOWN_VCPU_EVENTS ( \
BIT(KVMI_EVENT_BREAKPOINT) \
+ | BIT(KVMI_EVENT_CR) \
| BIT(KVMI_EVENT_HYPERCALL) \
| BIT(KVMI_EVENT_PAUSE_VCPU) \
)
@@ -39,6 +40,7 @@
| BIT(KVMI_VM_WRITE_PHYSICAL) \
| BIT(KVMI_VCPU_GET_INFO) \
| BIT(KVMI_VCPU_PAUSE) \
+ | BIT(KVMI_VCPU_CONTROL_CR) \
| BIT(KVMI_VCPU_CONTROL_EVENTS) \
| BIT(KVMI_VCPU_GET_CPUID) \
| BIT(KVMI_VCPU_GET_REGISTERS) \
@@ -64,6 +66,9 @@ bool kvmi_sock_get(struct kvm_introspection *kvmi, int fd);
void kvmi_sock_shutdown(struct kvm_introspection *kvmi);
void kvmi_sock_put(struct kvm_introspection *kvmi);
bool kvmi_msg_process(struct kvm_introspection *kvmi);
+int kvmi_send_event(struct kvm_vcpu *vcpu, u32 ev_id,
+ void *ev, size_t ev_size,
+ void *rpl, size_t rpl_size, int *action);
int kvmi_msg_send_unhook(struct kvm_introspection *kvmi);
u32 kvmi_msg_send_vcpu_pause(struct kvm_vcpu *vcpu);
u32 kvmi_msg_send_hypercall(struct kvm_vcpu *vcpu);
@@ -80,6 +85,8 @@ void kvmi_run_jobs(struct kvm_vcpu *vcpu);
void kvmi_post_reply(struct kvm_vcpu *vcpu);
void kvmi_handle_common_event_actions(struct kvm *kvm,
u32 action, const char *str);
+struct kvm_introspection * __must_check kvmi_get(struct kvm *kvm);
+void kvmi_put(struct kvm *kvm);
int kvmi_cmd_vm_control_events(struct kvm_introspection *kvmi,
unsigned int event_id, bool enable);
int kvmi_cmd_vcpu_control_events(struct kvm_vcpu *vcpu,
@@ -117,5 +124,7 @@ void kvmi_arch_hypercall_event(struct kvm_vcpu *vcpu);
void kvmi_arch_breakpoint_event(struct kvm_vcpu *vcpu, u64 gva, u8 insn_len);
int kvmi_arch_cmd_control_intercept(struct kvm_vcpu *vcpu,
unsigned int event_id, bool enable);
+int kvmi_arch_cmd_vcpu_control_cr(struct kvm_vcpu *vcpu,
+ const struct kvmi_vcpu_control_cr *req);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 67762baa281a..3f7be92502cf 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -25,6 +25,7 @@ static const char *const msg_IDs[] = {
[KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
[KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
[KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
+ [KVMI_VCPU_CONTROL_CR] = "KVMI_VCPU_CONTROL_CR",
[KVMI_VCPU_CONTROL_EVENTS] = "KVMI_VCPU_CONTROL_EVENTS",
[KVMI_VCPU_GET_CPUID] = "KVMI_VCPU_GET_CPUID",
[KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
@@ -482,6 +483,17 @@ static int handle_get_cpuid(const struct kvmi_vcpu_cmd_job
*job,
return kvmi_msg_vcpu_reply(job, msg, ec, &rpl, sizeof(rpl));
}
+static int handle_vcpu_control_cr(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg,
+ const void *req)
+{
+ int ec;
+
+ ec = kvmi_arch_cmd_vcpu_control_cr(job->vcpu, req);
+
+ return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -491,6 +503,7 @@ static int handle_get_cpuid(const struct kvmi_vcpu_cmd_job
*job,
static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job *,
const struct kvmi_msg_hdr *, const void *) = {
[KVMI_EVENT_REPLY] = handle_event_reply,
+ [KVMI_VCPU_CONTROL_CR] = handle_vcpu_control_cr,
[KVMI_VCPU_CONTROL_EVENTS] = handle_vcpu_control_events,
[KVMI_VCPU_GET_CPUID] = handle_get_cpuid,
[KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
@@ -808,9 +821,9 @@ static int kvmi_wait_for_reply(struct kvm_vcpu *vcpu)
return err;
}
-static int kvmi_send_event(struct kvm_vcpu *vcpu, u32 ev_id,
- void *ev, size_t ev_size,
- void *rpl, size_t rpl_size, int *action)
+int kvmi_send_event(struct kvm_vcpu *vcpu, u32 ev_id,
+ void *ev, size_t ev_size,
+ void *rpl, size_t rpl_size, int *action)
{
struct kvmi_msg_hdr hdr;
struct kvmi_event common;
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 61/78] KVM: introspection: restore the state of CR3 interception on unhook
From: Nicu?or C??u <ncitu at bitdefender.com>
This commit also ensures that the introspection tool and the userspace
do not disable each other the CR3-write VM-exit.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvmi_host.h | 4 ++
arch/x86/kvm/kvmi.c | 64 ++++++++++++++++++++++++++++++--
arch/x86/kvm/svm.c | 5 +++
arch/x86/kvm/vmx/vmx.c | 5 +++
4 files changed, 75 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
index 4ac209cb4ebf..24f3f8fdee62 100644
--- a/arch/x86/include/asm/kvmi_host.h
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -13,6 +13,7 @@ struct kvmi_monitor_interception {
struct kvmi_interception {
bool restore_interception;
struct kvmi_monitor_interception breakpoint;
+ struct kvmi_monitor_interception cr3w;
};
struct kvm_vcpu_arch_introspection {
@@ -28,6 +29,7 @@ bool kvmi_monitor_bp_intercept(struct kvm_vcpu *vcpu, u32
dbg);
bool kvmi_cr_event(struct kvm_vcpu *vcpu, unsigned int cr,
unsigned long old_value, unsigned long *new_value);
bool kvmi_cr3_intercepted(struct kvm_vcpu *vcpu);
+bool kvmi_monitor_cr3w_intercept(struct kvm_vcpu *vcpu, bool enable);
#else /* CONFIG_KVM_INTROSPECTION */
@@ -37,6 +39,8 @@ static inline bool kvmi_cr_event(struct kvm_vcpu *vcpu,
unsigned int cr,
unsigned long old_value,
unsigned long *new_value) { return true; }
static inline bool kvmi_cr3_intercepted(struct kvm_vcpu *vcpu) { return false;
}
+static inline bool kvmi_monitor_cr3w_intercept(struct kvm_vcpu *vcpu,
+ bool enable) { return false; }
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index 9917295e9a56..a522d4b1fa09 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -258,6 +258,59 @@ static void kvmi_arch_disable_bp_intercept(struct kvm_vcpu
*vcpu)
vcpu->arch.kvmi->breakpoint.kvm_intercepted = false;
}
+static bool monitor_cr3w_fct_kvmi(struct kvm_vcpu *vcpu, bool enable)
+{
+ vcpu->arch.kvmi->cr3w.kvmi_intercepted = enable;
+
+ if (enable)
+ vcpu->arch.kvmi->cr3w.kvm_intercepted +
kvm_x86_ops->cr3_write_intercepted(vcpu);
+ else if (vcpu->arch.kvmi->cr3w.kvm_intercepted)
+ return true;
+
+ return false;
+}
+
+static bool monitor_cr3w_fct_kvm(struct kvm_vcpu *vcpu, bool enable)
+{
+ if (!vcpu->arch.kvmi->cr3w.kvmi_intercepted)
+ return false;
+
+ vcpu->arch.kvmi->cr3w.kvm_intercepted = enable;
+
+ if (!enable)
+ return true;
+
+ return false;
+}
+
+/*
+ * Returns true if one side (kvm or kvmi) tries to disable the CR3 write
+ * interception while the other side is still tracking it.
+ */
+bool kvmi_monitor_cr3w_intercept(struct kvm_vcpu *vcpu, bool enable)
+{
+ struct kvmi_interception *arch_vcpui = READ_ONCE(vcpu->arch.kvmi);
+
+ return (arch_vcpui && arch_vcpui->cr3w.monitor_fct(vcpu, enable));
+}
+EXPORT_SYMBOL(kvmi_monitor_cr3w_intercept);
+
+static void kvmi_control_cr3w_intercept(struct kvm_vcpu *vcpu, bool enable)
+{
+ vcpu->arch.kvmi->cr3w.monitor_fct = monitor_cr3w_fct_kvmi;
+ kvm_x86_ops->control_cr3_intercept(vcpu, CR_TYPE_W, enable);
+ vcpu->arch.kvmi->cr3w.monitor_fct = monitor_cr3w_fct_kvm;
+}
+
+static void kvmi_arch_disable_cr3w_intercept(struct kvm_vcpu *vcpu)
+{
+ kvmi_control_cr3w_intercept(vcpu, false);
+
+ vcpu->arch.kvmi->cr3w.kvmi_intercepted = false;
+ vcpu->arch.kvmi->cr3w.kvm_intercepted = false;
+}
+
int kvmi_arch_cmd_control_intercept(struct kvm_vcpu *vcpu,
unsigned int event_id, bool enable)
{
@@ -302,6 +355,7 @@ bool kvmi_arch_restore_interception(struct kvm_vcpu *vcpu)
return false;
kvmi_arch_disable_bp_intercept(vcpu);
+ kvmi_arch_disable_cr3w_intercept(vcpu);
return true;
}
@@ -315,8 +369,13 @@ bool kvmi_arch_vcpu_alloc(struct kvm_vcpu *vcpu)
return false;
arch_vcpui->breakpoint.monitor_fct = monitor_bp_fct_kvm;
+ arch_vcpui->cr3w.monitor_fct = monitor_cr3w_fct_kvm;
- /* pair with kvmi_monitor_bp_intercept() */
+ /*
+ * paired with:
+ * - kvmi_monitor_bp_intercept()
+ * - kvmi_monitor_cr3w_intercept()
+ */
smp_wmb();
WRITE_ONCE(vcpu->arch.kvmi, arch_vcpui);
@@ -354,8 +413,7 @@ int kvmi_arch_cmd_vcpu_control_cr(struct kvm_vcpu *vcpu,
case 0:
break;
case 3:
- kvm_x86_ops->control_cr3_intercept(vcpu, CR_TYPE_W,
- req->enable);
+ kvmi_control_cr3w_intercept(vcpu, req->enable);
break;
case 4:
break;
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 37b018988d7d..909308711bb7 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -7326,6 +7326,11 @@ static void svm_control_cr3_intercept(struct kvm_vcpu
*vcpu, int type,
{
struct vcpu_svm *svm = to_svm(vcpu);
+#ifdef CONFIG_KVM_INTROSPECTION
+ if ((type & CR_TYPE_W) && kvmi_monitor_cr3w_intercept(vcpu,
enable))
+ type &= ~CR_TYPE_W;
+#endif /* CONFIG_KVM_INTROSPECTION */
+
if (type & CR_TYPE_R)
enable ? set_cr_intercept(svm, INTERCEPT_CR3_READ) :
clr_cr_intercept(svm, INTERCEPT_CR3_READ);
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index d3d7908995b5..157dfc3f756a 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -2907,6 +2907,11 @@ static void vmx_control_cr3_intercept(struct kvm_vcpu
*vcpu, int type,
struct vcpu_vmx *vmx = to_vmx(vcpu);
u32 cr3_exec_control = 0;
+#ifdef CONFIG_KVM_INTROSPECTION
+ if ((type & CR_TYPE_W) && kvmi_monitor_cr3w_intercept(vcpu,
enable))
+ type &= ~CR_TYPE_W;
+#endif /* CONFIG_KVM_INTROSPECTION */
+
if (type & CR_TYPE_R)
cr3_exec_control |= CPU_BASED_CR3_STORE_EXITING;
if (type & CR_TYPE_W)
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 62/78] KVM: introspection: add KVMI_VCPU_INJECT_EXCEPTION + KVMI_EVENT_TRAP
From: Mihai Don?u <mdontu at bitdefender.com>
The KVMI_VCPU_INJECT_EXCEPTION command is used by the introspection tool
to inject exceptions (eg. get a page from swap). The exception is queued
right before entering the guest. If there is already an event pending
(exception, interrupt or NMI) we notify the introspection tool with the
KVMI_EVENT_TRAP event and abort the injection. The introspecion tool is
expected to try again at a later time.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 73 ++++++++++++
arch/x86/include/uapi/asm/kvmi.h | 14 +++
arch/x86/kvm/kvmi.c | 105 +++++++++++++++++
arch/x86/kvm/x86.c | 3 +
include/linux/kvmi_host.h | 12 ++
include/uapi/linux/kvmi.h | 16 +--
.../testing/selftests/kvm/x86_64/kvmi_test.c | 106 +++++++++++++++++-
virt/kvm/introspection/kvmi.c | 48 ++++++++
virt/kvm/introspection/kvmi_int.h | 7 ++
virt/kvm/introspection/kvmi_msg.c | 79 ++++++++-----
10 files changed, 430 insertions(+), 33 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 17a7cc50aedc..9a902a94ed28 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -533,6 +533,7 @@ the following events::
KVMI_EVENT_BREAKPOINT
KVMI_EVENT_CR
KVMI_EVENT_HYPERCALL
+ KVMI_EVENT_TRAP
When an event is enabled, the introspection tool is notified and it
must reply with: continue, retry, crash, etc. (see **Events** below).
@@ -694,6 +695,46 @@ ID set.
* -KVM_EINVAL - padding is not zero
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+15. KVMI_VCPU_INJECT_EXCEPTION
+------------------------------
+
+:Architectures: x86
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_vcpu_inject_exception {
+ __u8 nr;
+ __u8 padding1;
+ __u16 padding2;
+ __u32 error_code;
+ __u64 address;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code
+
+Injects a vCPU exception with or without an error code. In case of page fault
+exception, the guest virtual address has to be specified.
+
+The introspection tool should enable the *KVMI_EVENT_TRAP* event in
+order to be notified about the effective injected expection.
+
+:Errors:
+
+* -KVM_EINVAL - the selected vCPU is invalid
+* -KVM_EINVAL - the specified exception number is invalid
+* -KVM_EINVAL - the specified address is invalid
+* -KVM_EINVAL - padding is not zero
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+* -KVM_EBUSY - another *KVMI_VCPU_INJECT_EXCEPTION* command was issued and no
+ corresponding *KVMI_EVENT_TRAP* (if enabled) has been provided yet.
+
Events
=====
@@ -906,3 +947,35 @@ register (see **KVMI_VCPU_CONTROL_EVENTS**).
``kvmi_event``, the control register number, the old value and the new value
are sent to the introspection tool. The *CONTINUE* action will set the
``new_val``.
+
+6. KVMI_EVENT_TRAP
+------------------
+
+:Architectures: x86
+:Versions: >= 1
+:Actions: CONTINUE, CRASH
+:Parameters:
+
+::
+
+ struct kvmi_event;
+ struct kvmi_event_trap {
+ __u32 vector;
+ __u32 error_code;
+ __u64 cr2;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_event_reply;
+
+This event is sent if a previous *KVMI_VCPU_INJECT_EXCEPTION* command
+took place and the introspection has been enabled for this event
+(see *KVMI_VCPU_CONTROL_EVENTS*).
+
+``kvmi_event``, exception/interrupt number (vector), exception code
+(``error_code``) and CR2 are sent to the introspection tool,
+which should check if its exception has been injected or overridden.
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
index d1a0be0499d4..06f69cfa3d79 100644
--- a/arch/x86/include/uapi/asm/kvmi.h
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -83,4 +83,18 @@ struct kvmi_event_cr_reply {
__u64 new_val;
};
+struct kvmi_event_trap {
+ __u32 vector;
+ __u32 error_code;
+ __u64 cr2;
+};
+
+struct kvmi_vcpu_inject_exception {
+ __u8 nr;
+ __u8 padding1;
+ __u16 padding2;
+ __u32 error_code;
+ __u64 address;
+};
+
#endif /* _UAPI_ASM_X86_KVMI_H */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index a522d4b1fa09..ac493fcebb5b 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -511,3 +511,108 @@ bool kvmi_cr3_intercepted(struct kvm_vcpu *vcpu)
return ret;
}
EXPORT_SYMBOL(kvmi_cr3_intercepted);
+
+int kvmi_arch_cmd_vcpu_inject_exception(struct kvm_vcpu *vcpu, u8 vector,
+ u32 error_code, u64 address)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+
+ if (vcpui->exception.pending || vcpui->exception.send_event)
+ return -KVM_EBUSY;
+
+ vcpui->exception.pending = true;
+
+ vcpui->exception.nr = vector;
+ vcpui->exception.error_code = x86_exception_has_error_code(vector) ?
+ error_code : 0;
+ vcpui->exception.error_code_valid + x86_exception_has_error_code(vector);
+ vcpui->exception.address = address;
+
+ return 0;
+}
+
+static bool kvmi_arch_queue_exception(struct kvm_vcpu *vcpu)
+{
+ if (!kvm_event_needs_reinjection(vcpu)) {
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+ struct x86_exception e = {
+ .vector = vcpui->exception.nr,
+ .error_code_valid = vcpui->exception.error_code_valid,
+ .error_code = vcpui->exception.error_code,
+ .address = vcpui->exception.address,
+ };
+
+ if (e.vector == PF_VECTOR)
+ kvm_inject_page_fault(vcpu, &e);
+ else if (e.error_code_valid)
+ kvm_queue_exception_e(vcpu, e.vector, e.error_code);
+ else
+ kvm_queue_exception(vcpu, e.vector);
+
+ return true;
+ }
+
+ return false;
+}
+
+static u32 kvmi_send_trap(struct kvm_vcpu *vcpu, u8 vector,
+ u32 error_code, u64 cr2)
+{
+ struct kvmi_event_trap e = {
+ .vector = vector,
+ .error_code = error_code,
+ .cr2 = cr2
+ };
+ int err, action;
+
+ err = kvmi_send_event(vcpu, KVMI_EVENT_TRAP, &e, sizeof(e),
+ NULL, 0, &action);
+ if (err)
+ return KVMI_EVENT_ACTION_CONTINUE;
+
+ return action;
+}
+
+void kvmi_arch_trap_event(struct kvm_vcpu *vcpu)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+ u32 action;
+
+ action = kvmi_send_trap(vcpu, vcpui->exception.nr,
+ vcpui->exception.error_code,
+ vcpui->exception.address);
+
+ switch (action) {
+ case KVMI_EVENT_ACTION_CONTINUE:
+ break;
+ default:
+ kvmi_handle_common_event_actions(vcpu->kvm, action, "TRAP");
+ }
+}
+
+static void kvmi_save_injected_event(struct kvm_vcpu *vcpu)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+
+ vcpui->exception.error_code = 0;
+ vcpui->exception.error_code_valid = false;
+
+ vcpui->exception.address = vcpu->arch.cr2;
+ if (vcpu->arch.exception.injected) {
+ vcpui->exception.nr = vcpu->arch.exception.nr;
+ vcpui->exception.error_code_valid +
x86_exception_has_error_code(vcpu->arch.exception.nr);
+ vcpui->exception.error_code = vcpu->arch.exception.error_code;
+ } else if (vcpu->arch.interrupt.injected) {
+ vcpui->exception.nr = vcpu->arch.interrupt.nr;
+ }
+}
+
+void kvmi_arch_inject_pending_exception(struct kvm_vcpu *vcpu)
+{
+ if (kvmi_arch_queue_exception(vcpu))
+ kvm_inject_pending_exception(vcpu);
+
+ kvmi_save_injected_event(vcpu);
+}
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index e0376d0b7408..ff61123ce4bd 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -8251,6 +8251,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
goto cancel_injection;
}
+ if (!kvmi_enter_guest(vcpu))
+ req_immediate_exit = true;
+
if (req_immediate_exit) {
kvm_make_request(KVM_REQ_EVENT, vcpu);
kvm_x86_ops->request_immediate_exit(vcpu);
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 57e91c8659a3..b738f15cd826 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -41,6 +41,15 @@ struct kvm_vcpu_introspection {
struct kvm_regs delayed_regs;
bool have_delayed_regs;
+
+ struct {
+ u8 nr;
+ u32 error_code;
+ bool error_code_valid;
+ u64 address;
+ bool pending;
+ bool send_event;
+ } exception;
};
struct kvm_introspection {
@@ -77,6 +86,7 @@ int kvmi_ioctl_preunhook(struct kvm *kvm);
void kvmi_handle_requests(struct kvm_vcpu *vcpu);
bool kvmi_hypercall_event(struct kvm_vcpu *vcpu);
bool kvmi_breakpoint_event(struct kvm_vcpu *vcpu, u64 gva, u8 insn_len);
+bool kvmi_enter_guest(struct kvm_vcpu *vcpu);
#else
@@ -91,6 +101,8 @@ static inline bool kvmi_hypercall_event(struct kvm_vcpu
*vcpu) { return false; }
static inline bool kvmi_breakpoint_event(struct kvm_vcpu *vcpu, u64 gva,
u8 insn_len)
{ return true; }
+static inline bool kvmi_enter_guest(struct kvm_vcpu *vcpu)
+ { return true; }
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 7be58dcf194f..fcbb19020c70 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -26,13 +26,14 @@ enum {
KVMI_VM_READ_PHYSICAL = 7,
KVMI_VM_WRITE_PHYSICAL = 8,
- KVMI_VCPU_GET_INFO = 9,
- KVMI_VCPU_PAUSE = 10,
- KVMI_VCPU_CONTROL_EVENTS = 11,
- KVMI_VCPU_GET_REGISTERS = 12,
- KVMI_VCPU_SET_REGISTERS = 13,
- KVMI_VCPU_GET_CPUID = 14,
- KVMI_VCPU_CONTROL_CR = 15,
+ KVMI_VCPU_GET_INFO = 9,
+ KVMI_VCPU_PAUSE = 10,
+ KVMI_VCPU_CONTROL_EVENTS = 11,
+ KVMI_VCPU_GET_REGISTERS = 12,
+ KVMI_VCPU_SET_REGISTERS = 13,
+ KVMI_VCPU_GET_CPUID = 14,
+ KVMI_VCPU_CONTROL_CR = 15,
+ KVMI_VCPU_INJECT_EXCEPTION = 16,
KVMI_NUM_MESSAGES
};
@@ -43,6 +44,7 @@ enum {
KVMI_EVENT_HYPERCALL = 2,
KVMI_EVENT_BREAKPOINT = 3,
KVMI_EVENT_CR = 4,
+ KVMI_EVENT_TRAP = 5,
KVMI_NUM_EVENTS
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index a6e565b05947..6c9d1f3f927c 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -44,6 +44,8 @@ struct vcpu_worker_data {
int vcpu_id;
int test_id;
bool stop;
+ bool shutdown;
+ bool restart_on_shutdown;
};
enum {
@@ -596,11 +598,19 @@ static void *vcpu_worker(void *data)
vcpu_run(ctx->vm, ctx->vcpu_id);
- TEST_ASSERT(run->exit_reason == KVM_EXIT_IO,
+ TEST_ASSERT(run->exit_reason == KVM_EXIT_IO
+ || (run->exit_reason == KVM_EXIT_SHUTDOWN
+ && ctx->shutdown),
"vcpu_run() failed, test_id %d, exit reason %u (%s)\n",
ctx->test_id, run->exit_reason,
exit_reason_str(run->exit_reason));
+ if (run->exit_reason == KVM_EXIT_SHUTDOWN) {
+ if (ctx->restart_on_shutdown)
+ continue;
+ break;
+ }
+
TEST_ASSERT(get_ucall(ctx->vm, ctx->vcpu_id, &uc),
"No guest request\n");
@@ -1126,6 +1136,99 @@ static void test_cmd_vcpu_control_cr(struct kvm_vm *vm)
sregs.cr4, ev.cr.old_value);
}
+static void __inject_exception(struct kvm_vm *vm, int vector)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ struct kvmi_vcpu_inject_exception cmd;
+ } req = {};
+ __u16 vcpu_index = 0;
+ int r;
+
+ req.vcpu_hdr.vcpu = vcpu_index;
+ req.cmd.nr = vector;
+
+ r = do_command(KVMI_VCPU_INJECT_EXCEPTION,
+ &req.hdr, sizeof(req), NULL, 0);
+ TEST_ASSERT(r == 0,
+ "KVMI_VCPU_INJECT_EXCEPTION failed, error %d(%s)\n",
+ -r, kvm_strerror(-r));
+}
+
+static void receive_exception_event(struct kvm_vm *vm, int vector)
+{
+ struct kvmi_msg_hdr hdr;
+ struct {
+ struct kvmi_event common;
+ struct kvmi_event_trap trap;
+ } ev;
+ struct vcpu_reply rpl = {};
+
+ receive_event(&hdr, &ev.common, sizeof(ev), KVMI_EVENT_TRAP);
+
+ DEBUG("Exception event: vector %u, error_code 0x%x, cr2 0x%llx\n",
+ ev.trap.vector, ev.trap.error_code, ev.trap.cr2);
+
+ TEST_ASSERT(ev.trap.vector == vector,
+ "Injected exception %u instead of %u\n",
+ ev.trap.vector, vector);
+
+ reply_to_event(&hdr, &ev.common, KVMI_EVENT_ACTION_CONTINUE,
+ &rpl, sizeof(rpl));
+}
+
+static void test_cmd_vcpu_inject_exception(struct kvm_vm *vm)
+{
+ struct vcpu_worker_data data = {
+ .vm = vm,
+ .vcpu_id = VCPU_ID,
+ .shutdown = true,
+ .restart_on_shutdown = true,
+ };
+ struct kvmi_msg_hdr hdr;
+ struct {
+ struct kvmi_event common;
+ struct kvmi_event_breakpoint bp;
+ } ev;
+ struct vcpu_reply rpl = {};
+ pthread_t vcpu_thread;
+ __u8 ud_vector = 6;
+ __u8 bp_vector = 3;
+
+ enable_vcpu_event(vm, KVMI_EVENT_BREAKPOINT);
+ enable_vcpu_event(vm, KVMI_EVENT_TRAP);
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ __inject_exception(vm, ud_vector);
+
+ /* confirm that our exception has been injected */
+ receive_exception_event(vm, ud_vector);
+
+ WRITE_ONCE(data.test_id, GUEST_TEST_BP);
+
+ receive_event(&hdr, &ev.common, sizeof(ev), KVMI_EVENT_BREAKPOINT);
+
+ __inject_exception(vm, ud_vector);
+
+ /* skip the breakpoint instruction, next time guest_bp_test() runs */
+ ev.common.arch.regs.rip += ev.bp.insn_len;
+ __set_registers(vm, &ev.common.arch.regs);
+
+ /* reinject the #BP exception */
+ reply_to_event(&hdr, &ev.common, KVMI_EVENT_ACTION_CONTINUE,
+ &rpl, sizeof(rpl));
+
+ /* confirm that our injection didn't override the #BP exception */
+ receive_exception_event(vm, bp_vector);
+
+ stop_vcpu_worker(vcpu_thread, &data);
+
+ disable_vcpu_event(vm, KVMI_EVENT_TRAP);
+ disable_vcpu_event(vm, KVMI_EVENT_BREAKPOINT);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1148,6 +1251,7 @@ static void test_introspection(struct kvm_vm *vm)
test_event_hypercall(vm);
test_event_breakpoint(vm);
test_cmd_vcpu_control_cr(vm);
+ test_cmd_vcpu_inject_exception(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index f369856f91b1..92d1719f4941 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -789,6 +789,16 @@ static void kvmi_vcpu_pause_event(struct kvm_vcpu *vcpu)
}
}
+void kvmi_send_pending_event(struct kvm_vcpu *vcpu)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+
+ if (vcpui->exception.send_event) {
+ vcpui->exception.send_event = false;
+ kvmi_arch_trap_event(vcpu);
+ }
+}
+
void kvmi_handle_requests(struct kvm_vcpu *vcpu)
{
struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
@@ -798,6 +808,8 @@ void kvmi_handle_requests(struct kvm_vcpu *vcpu)
if (!kvmi)
goto out;
+ kvmi_send_pending_event(vcpu);
+
for (;;) {
kvmi_run_jobs(vcpu);
@@ -896,3 +908,39 @@ bool kvmi_breakpoint_event(struct kvm_vcpu *vcpu, u64 gva,
u8 insn_len)
return ret;
}
EXPORT_SYMBOL(kvmi_breakpoint_event);
+
+static bool kvmi_inject_pending_exception(struct kvm_vcpu *vcpu)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+
+ if (!vcpui->exception.pending)
+ return false;
+
+ kvmi_arch_inject_pending_exception(vcpu);
+
+ vcpui->exception.pending = false;
+
+ if (!is_event_enabled(vcpu, KVMI_EVENT_TRAP))
+ return false;
+
+ kvm_make_request(KVM_REQ_INTROSPECTION, vcpu);
+ vcpui->exception.send_event = true;
+
+ return true;
+}
+
+bool kvmi_enter_guest(struct kvm_vcpu *vcpu)
+{
+ struct kvm_introspection *kvmi;
+ bool r = true;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return true;
+
+ if (kvmi_inject_pending_exception(vcpu))
+ r = false;
+
+ kvmi_put(vcpu->kvm);
+ return r;
+}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index c2f613e5304e..9784477db46c 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -25,6 +25,7 @@
BIT(KVMI_EVENT_BREAKPOINT) \
| BIT(KVMI_EVENT_CR) \
| BIT(KVMI_EVENT_HYPERCALL) \
+ | BIT(KVMI_EVENT_TRAP) \
| BIT(KVMI_EVENT_PAUSE_VCPU) \
)
@@ -44,6 +45,7 @@
| BIT(KVMI_VCPU_CONTROL_EVENTS) \
| BIT(KVMI_VCPU_GET_CPUID) \
| BIT(KVMI_VCPU_GET_REGISTERS) \
+ | BIT(KVMI_VCPU_INJECT_EXCEPTION) \
| BIT(KVMI_VCPU_SET_REGISTERS) \
)
@@ -87,6 +89,7 @@ void kvmi_handle_common_event_actions(struct kvm *kvm,
u32 action, const char *str);
struct kvm_introspection * __must_check kvmi_get(struct kvm *kvm);
void kvmi_put(struct kvm *kvm);
+void kvmi_send_pending_event(struct kvm_vcpu *vcpu);
int kvmi_cmd_vm_control_events(struct kvm_introspection *kvmi,
unsigned int event_id, bool enable);
int kvmi_cmd_vcpu_control_events(struct kvm_vcpu *vcpu,
@@ -126,5 +129,9 @@ int kvmi_arch_cmd_control_intercept(struct kvm_vcpu *vcpu,
unsigned int event_id, bool enable);
int kvmi_arch_cmd_vcpu_control_cr(struct kvm_vcpu *vcpu,
const struct kvmi_vcpu_control_cr *req);
+int kvmi_arch_cmd_vcpu_inject_exception(struct kvm_vcpu *vcpu, u8 vector,
+ u32 error_code, u64 address);
+void kvmi_arch_trap_event(struct kvm_vcpu *vcpu);
+void kvmi_arch_inject_pending_exception(struct kvm_vcpu *vcpu);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 3f7be92502cf..8d77e6a7794d 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -17,21 +17,22 @@ struct kvmi_vcpu_cmd_job {
};
static const char *const msg_IDs[] = {
- [KVMI_EVENT_REPLY] = "KVMI_EVENT_REPLY",
- [KVMI_GET_VERSION] = "KVMI_GET_VERSION",
- [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND",
- [KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
- [KVMI_VM_CONTROL_EVENTS] = "KVMI_VM_CONTROL_EVENTS",
- [KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
- [KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
- [KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
- [KVMI_VCPU_CONTROL_CR] = "KVMI_VCPU_CONTROL_CR",
- [KVMI_VCPU_CONTROL_EVENTS] = "KVMI_VCPU_CONTROL_EVENTS",
- [KVMI_VCPU_GET_CPUID] = "KVMI_VCPU_GET_CPUID",
- [KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
- [KVMI_VCPU_GET_REGISTERS] = "KVMI_VCPU_GET_REGISTERS",
- [KVMI_VCPU_PAUSE] = "KVMI_VCPU_PAUSE",
- [KVMI_VCPU_SET_REGISTERS] = "KVMI_VCPU_SET_REGISTERS",
+ [KVMI_EVENT_REPLY] = "KVMI_EVENT_REPLY",
+ [KVMI_GET_VERSION] = "KVMI_GET_VERSION",
+ [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND",
+ [KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
+ [KVMI_VM_CONTROL_EVENTS] = "KVMI_VM_CONTROL_EVENTS",
+ [KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
+ [KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
+ [KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
+ [KVMI_VCPU_CONTROL_CR] = "KVMI_VCPU_CONTROL_CR",
+ [KVMI_VCPU_CONTROL_EVENTS] = "KVMI_VCPU_CONTROL_EVENTS",
+ [KVMI_VCPU_GET_CPUID] = "KVMI_VCPU_GET_CPUID",
+ [KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
+ [KVMI_VCPU_GET_REGISTERS] = "KVMI_VCPU_GET_REGISTERS",
+ [KVMI_VCPU_INJECT_EXCEPTION] = "KVMI_VCPU_INJECT_EXCEPTION",
+ [KVMI_VCPU_PAUSE] = "KVMI_VCPU_PAUSE",
+ [KVMI_VCPU_SET_REGISTERS] = "KVMI_VCPU_SET_REGISTERS",
};
static bool is_known_message(u16 id)
@@ -494,6 +495,23 @@ static int handle_vcpu_control_cr(const struct
kvmi_vcpu_cmd_job *job,
return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
}
+static int handle_vcpu_inject_exception(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg,
+ const void *_req)
+{
+ const struct kvmi_vcpu_inject_exception *req = _req;
+ int ec;
+
+ if (req->padding1 || req->padding2)
+ ec = -KVM_EINVAL;
+ else
+ ec = kvmi_arch_cmd_vcpu_inject_exception(job->vcpu, req->nr,
+ req->error_code,
+ req->address);
+
+ return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -502,13 +520,14 @@ static int handle_vcpu_control_cr(const struct
kvmi_vcpu_cmd_job *job,
*/
static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job *,
const struct kvmi_msg_hdr *, const void *) = {
- [KVMI_EVENT_REPLY] = handle_event_reply,
- [KVMI_VCPU_CONTROL_CR] = handle_vcpu_control_cr,
- [KVMI_VCPU_CONTROL_EVENTS] = handle_vcpu_control_events,
- [KVMI_VCPU_GET_CPUID] = handle_get_cpuid,
- [KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
- [KVMI_VCPU_GET_REGISTERS] = handle_get_registers,
- [KVMI_VCPU_SET_REGISTERS] = handle_set_registers,
+ [KVMI_EVENT_REPLY] = handle_event_reply,
+ [KVMI_VCPU_CONTROL_CR] = handle_vcpu_control_cr,
+ [KVMI_VCPU_CONTROL_EVENTS] = handle_vcpu_control_events,
+ [KVMI_VCPU_GET_CPUID] = handle_get_cpuid,
+ [KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
+ [KVMI_VCPU_GET_REGISTERS] = handle_get_registers,
+ [KVMI_VCPU_INJECT_EXCEPTION] = handle_vcpu_inject_exception,
+ [KVMI_VCPU_SET_REGISTERS] = handle_set_registers,
};
static void kvmi_job_vcpu_cmd(struct kvm_vcpu *vcpu, void *ctx)
@@ -821,9 +840,9 @@ static int kvmi_wait_for_reply(struct kvm_vcpu *vcpu)
return err;
}
-int kvmi_send_event(struct kvm_vcpu *vcpu, u32 ev_id,
- void *ev, size_t ev_size,
- void *rpl, size_t rpl_size, int *action)
+int __kvmi_send_event(struct kvm_vcpu *vcpu, u32 ev_id,
+ void *ev, size_t ev_size,
+ void *rpl, size_t rpl_size, int *action)
{
struct kvmi_msg_hdr hdr;
struct kvmi_event common;
@@ -873,6 +892,16 @@ int kvmi_send_event(struct kvm_vcpu *vcpu, u32 ev_id,
return err;
}
+int kvmi_send_event(struct kvm_vcpu *vcpu, u32 ev_id,
+ void *ev, size_t ev_size,
+ void *rpl, size_t rpl_size, int *action)
+{
+ kvmi_send_pending_event(vcpu);
+
+ return __kvmi_send_event(vcpu, ev_id, ev, ev_size,
+ rpl, rpl_size, action);
+}
+
u32 kvmi_msg_send_vcpu_pause(struct kvm_vcpu *vcpu)
{
int err, action;
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 63/78] KVM: introspection: add KVMI_VM_GET_MAX_GFN
From: ?tefan ?icleru <ssicleru at bitdefender.com>
The introspection tool can use this to set access restrictions for a
wide range of guest addresses.
Signed-off-by: ?tefan ?icleru <ssicleru at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 20 +++++++++++++++++++
include/uapi/linux/kvmi.h | 6 ++++++
.../testing/selftests/kvm/x86_64/kvmi_test.c | 12 +++++++++++
virt/kvm/introspection/kvmi_int.h | 1 +
virt/kvm/introspection/kvmi_msg.c | 14 +++++++++++++
5 files changed, 53 insertions(+)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 9a902a94ed28..c1badcde1662 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -735,6 +735,26 @@ order to be notified about the effective injected
expection.
* -KVM_EBUSY - another *KVMI_VCPU_INJECT_EXCEPTION* command was issued and no
corresponding *KVMI_EVENT_TRAP* (if enabled) has been provided yet.
+16. KVMI_VM_GET_MAX_GFN
+-----------------------
+
+:Architecture: all
+:Versions: >= 1
+:Parameters: none
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+ struct kvmi_vm_get_max_gfn_reply {
+ __u64 gfn;
+ };
+
+Provides the maximum GFN allocated to the VM by walking through all
+memory slots allocated by KVM, considering all address spaces indicated
+by KVM_ADDRESS_SPACE_NUM. Stricly speaking, the returned value refers
+to the first inaccessible GFN, next to the maximum accessible GFN.
+
Events
=====
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index fcbb19020c70..70d5a67badef 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -35,6 +35,8 @@ enum {
KVMI_VCPU_CONTROL_CR = 15,
KVMI_VCPU_INJECT_EXCEPTION = 16,
+ KVMI_VM_GET_MAX_GFN = 17,
+
KVMI_NUM_MESSAGES
};
@@ -130,6 +132,10 @@ struct kvmi_vcpu_control_events {
__u32 padding2;
};
+struct kvmi_vm_get_max_gfn_reply {
+ __u64 gfn;
+};
+
struct kvmi_event {
__u16 size;
__u16 vcpu;
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 6c9d1f3f927c..2852e6894e81 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -1229,6 +1229,17 @@ static void test_cmd_vcpu_inject_exception(struct kvm_vm
*vm)
disable_vcpu_event(vm, KVMI_EVENT_BREAKPOINT);
}
+static void test_cmd_vm_get_max_gfn(void)
+{
+ struct kvmi_vm_get_max_gfn_reply rpl;
+ struct kvmi_msg_hdr req;
+
+ test_vm_command(KVMI_VM_GET_MAX_GFN, &req, sizeof(req),
+ &rpl, sizeof(rpl));
+
+ DEBUG("max_gfn: 0x%llx\n", rpl.gfn);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1252,6 +1263,7 @@ static void test_introspection(struct kvm_vm *vm)
test_event_breakpoint(vm);
test_cmd_vcpu_control_cr(vm);
test_cmd_vcpu_inject_exception(vm);
+ test_cmd_vm_get_max_gfn();
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 9784477db46c..65a5801f143c 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -37,6 +37,7 @@
| BIT(KVMI_VM_CHECK_EVENT) \
| BIT(KVMI_VM_CONTROL_EVENTS) \
| BIT(KVMI_VM_GET_INFO) \
+ | BIT(KVMI_VM_GET_MAX_GFN) \
| BIT(KVMI_VM_READ_PHYSICAL) \
| BIT(KVMI_VM_WRITE_PHYSICAL) \
| BIT(KVMI_VCPU_GET_INFO) \
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 8d77e6a7794d..94fab70b56fa 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -23,6 +23,7 @@ static const char *const msg_IDs[] = {
[KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
[KVMI_VM_CONTROL_EVENTS] = "KVMI_VM_CONTROL_EVENTS",
[KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
+ [KVMI_VM_GET_MAX_GFN] = "KVMI_VM_GET_MAX_GFN",
[KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
[KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
[KVMI_VCPU_CONTROL_CR] = "KVMI_VCPU_CONTROL_CR",
@@ -336,6 +337,18 @@ static int handle_pause_vcpu(struct kvm_introspection
*kvmi,
return kvmi_msg_vm_reply(kvmi, msg, err, NULL, 0);
}
+static int handle_vm_get_max_gfn(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg,
+ const void *req)
+{
+ struct kvmi_vm_get_max_gfn_reply rpl;
+
+ memset(&rpl, 0, sizeof(rpl));
+ rpl.gfn = kvm_get_max_gfn(kvmi->kvm);
+
+ return kvmi_msg_vm_reply(kvmi, msg, 0, &rpl, sizeof(rpl));
+}
+
/*
* These commands are executed by the receiving thread/worker.
*/
@@ -346,6 +359,7 @@ static int(*const msg_vm[])(struct kvm_introspection *,
[KVMI_VM_CHECK_EVENT] = handle_check_event,
[KVMI_VM_CONTROL_EVENTS] = handle_vm_control_events,
[KVMI_VM_GET_INFO] = handle_get_info,
+ [KVMI_VM_GET_MAX_GFN] = handle_vm_get_max_gfn,
[KVMI_VM_READ_PHYSICAL] = handle_read_physical,
[KVMI_VM_WRITE_PHYSICAL] = handle_write_physical,
[KVMI_VCPU_PAUSE] = handle_pause_vcpu,
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 64/78] KVM: introspection: add KVMI_EVENT_XSETBV
From: Mihai Don?u <mdontu at bitdefender.com>
This event is sent when the extended control register XCR0 is going to
be changed.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 26 ++++++
arch/x86/include/asm/kvmi_host.h | 2 +
arch/x86/kvm/x86.c | 6 ++
include/uapi/linux/kvmi.h | 1 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 83 +++++++++++++++++++
virt/kvm/introspection/kvmi_int.h | 1 +
virt/kvm/introspection/kvmi_msg.c | 39 +++++++++
7 files changed, 158 insertions(+)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index c1badcde1662..8b43e0f80f77 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -534,6 +534,7 @@ the following events::
KVMI_EVENT_CR
KVMI_EVENT_HYPERCALL
KVMI_EVENT_TRAP
+ KVMI_EVENT_XSETBV
When an event is enabled, the introspection tool is notified and it
must reply with: continue, retry, crash, etc. (see **Events** below).
@@ -999,3 +1000,28 @@ took place and the introspection has been enabled for this
event
``kvmi_event``, exception/interrupt number (vector), exception code
(``error_code``) and CR2 are sent to the introspection tool,
which should check if its exception has been injected or overridden.
+
+7. KVMI_EVENT_XSETBV
+--------------------
+
+:Architectures: x86
+:Versions: >= 1
+:Actions: CONTINUE, CRASH
+:Parameters:
+
+::
+
+ struct kvmi_event;
+
+:Returns:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_event_reply;
+
+This event is sent when the extended control register XCR0 is going
+to be changed and the introspection has been enabled for this event
+(see *KVMI_VCPU_CONTROL_EVENTS*).
+
+``kvmi_event`` is sent to the introspection tool.
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
index 24f3f8fdee62..b3fa950362db 100644
--- a/arch/x86/include/asm/kvmi_host.h
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -30,6 +30,7 @@ bool kvmi_cr_event(struct kvm_vcpu *vcpu, unsigned int cr,
unsigned long old_value, unsigned long *new_value);
bool kvmi_cr3_intercepted(struct kvm_vcpu *vcpu);
bool kvmi_monitor_cr3w_intercept(struct kvm_vcpu *vcpu, bool enable);
+void kvmi_xsetbv_event(struct kvm_vcpu *vcpu);
#else /* CONFIG_KVM_INTROSPECTION */
@@ -41,6 +42,7 @@ static inline bool kvmi_cr_event(struct kvm_vcpu *vcpu,
unsigned int cr,
static inline bool kvmi_cr3_intercepted(struct kvm_vcpu *vcpu) { return false;
}
static inline bool kvmi_monitor_cr3w_intercept(struct kvm_vcpu *vcpu,
bool enable) { return false; }
+static inline void kvmi_xsetbv_event(struct kvm_vcpu *vcpu) { }
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index ff61123ce4bd..fa583f82298e 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -866,6 +866,12 @@ static int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index,
u64 xcr)
}
vcpu->arch.xcr0 = xcr0;
+#ifdef CONFIG_KVM_INTROSPECTION
+ if (index == 0 && xcr0 != old_xcr0)
+ kvmi_xsetbv_event(vcpu);
+#endif /* CONFIG_KVM_INTROSPECTION */
+
+
if ((xcr0 ^ old_xcr0) & XFEATURE_MASK_EXTEND)
kvm_update_cpuid(vcpu);
return 0;
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 70d5a67badef..3ea4882ac469 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -47,6 +47,7 @@ enum {
KVMI_EVENT_BREAKPOINT = 3,
KVMI_EVENT_CR = 4,
KVMI_EVENT_TRAP = 5,
+ KVMI_EVENT_XSETBV = 6,
KVMI_NUM_EVENTS
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 2852e6894e81..299f4d29d0d6 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -21,6 +21,8 @@
#define VCPU_ID 5
+#define X86_FEATURE_XSAVE (1<<26)
+
static int socket_pair[2];
#define Kvm_socket socket_pair[0]
#define Userspace_socket socket_pair[1]
@@ -53,6 +55,7 @@ enum {
GUEST_TEST_BP,
GUEST_TEST_CR,
GUEST_TEST_HYPERCALL,
+ GUEST_TEST_XSETBV,
};
#define GUEST_REQUEST_TEST() GUEST_SYNC(0)
@@ -84,6 +87,45 @@ static void guest_hypercall_test(void)
asm volatile(".byte 0x0f,0x01,0xc1");
}
+/* from fpu/internal.h */
+static u64 xgetbv(u32 index)
+{
+ u32 eax, edx;
+
+ asm volatile(".byte 0x0f,0x01,0xd0" /* xgetbv */
+ : "=a" (eax), "=d" (edx)
+ : "c" (index));
+ return eax + ((u64)edx << 32);
+}
+
+/* from fpu/internal.h */
+static void xsetbv(u32 index, u64 value)
+{
+ u32 eax = value;
+ u32 edx = value >> 32;
+
+ asm volatile(".byte 0x0f,0x01,0xd1" /* xsetbv */
+ : : "a" (eax), "d" (edx), "c" (index));
+}
+
+static void guest_xsetbv_test(void)
+{
+ const int SSE_BIT = 1 << 1;
+ const int AVX_BIT = 1 << 2;
+ u64 xcr0;
+
+ /* avoid #UD */
+ set_cr4(get_cr4() | X86_CR4_OSXSAVE);
+
+ xcr0 = xgetbv(0);
+ if (xcr0 & AVX_BIT)
+ xcr0 &= ~AVX_BIT;
+ else
+ xcr0 |= (AVX_BIT | SSE_BIT);
+
+ xsetbv(0, xcr0);
+}
+
static void guest_code(void)
{
while (true) {
@@ -99,6 +141,9 @@ static void guest_code(void)
case GUEST_TEST_HYPERCALL:
guest_hypercall_test();
break;
+ case GUEST_TEST_XSETBV:
+ guest_xsetbv_test();
+ break;
}
GUEST_SIGNAL_TEST_DONE();
}
@@ -1240,6 +1285,43 @@ static void test_cmd_vm_get_max_gfn(void)
DEBUG("max_gfn: 0x%llx\n", rpl.gfn);
}
+static void test_event_xsetbv(struct kvm_vm *vm)
+{
+ struct vcpu_worker_data data = {
+ .vm = vm,
+ .vcpu_id = VCPU_ID,
+ .test_id = GUEST_TEST_XSETBV,
+ };
+ __u16 event_id = KVMI_EVENT_XSETBV;
+ struct kvm_cpuid_entry2 *entry;
+ struct vcpu_reply rpl = {};
+ struct kvmi_msg_hdr hdr;
+ pthread_t vcpu_thread;
+ struct kvmi_event ev;
+
+ entry = kvm_get_supported_cpuid_entry(1);
+ if (!(entry->ecx & X86_FEATURE_XSAVE)) {
+ DEBUG("XSAVE is not supported, ecx 0x%x, skipping xsetbv test\n",
+ entry->ecx);
+ return;
+ }
+
+ enable_vcpu_event(vm, event_id);
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ receive_event(&hdr, &ev, sizeof(ev), event_id);
+
+ DEBUG("XSETBV event, rip 0x%llx\n", ev.arch.regs.rip);
+
+ reply_to_event(&hdr, &ev, KVMI_EVENT_ACTION_CONTINUE,
+ &rpl, sizeof(rpl));
+
+ stop_vcpu_worker(vcpu_thread, &data);
+
+ disable_vcpu_event(vm, event_id);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1264,6 +1346,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_vcpu_control_cr(vm);
test_cmd_vcpu_inject_exception(vm);
test_cmd_vm_get_max_gfn();
+ test_event_xsetbv(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 65a5801f143c..5a00e38c88cc 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -27,6 +27,7 @@
| BIT(KVMI_EVENT_HYPERCALL) \
| BIT(KVMI_EVENT_TRAP) \
| BIT(KVMI_EVENT_PAUSE_VCPU) \
+ | BIT(KVMI_EVENT_XSETBV) \
)
#define KVMI_KNOWN_EVENTS (KVMI_KNOWN_VM_EVENTS | KVMI_KNOWN_VCPU_EVENTS)
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 94fab70b56fa..ba2d7c6acb22 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -956,3 +956,42 @@ u32 kvmi_msg_send_bp(struct kvm_vcpu *vcpu, u64 gpa, u8
insn_len)
return action;
}
+
+static u32 kvmi_send_xsetbv(struct kvm_vcpu *vcpu)
+{
+ int err, action;
+
+ err = kvmi_send_event(vcpu, KVMI_EVENT_XSETBV, NULL, 0,
+ NULL, 0, &action);
+ if (err)
+ return KVMI_EVENT_ACTION_CONTINUE;
+
+ return action;
+}
+
+static void __kvmi_xsetbv_event(struct kvm_vcpu *vcpu)
+{
+ u32 action;
+
+ action = kvmi_send_xsetbv(vcpu);
+ switch (action) {
+ case KVMI_EVENT_ACTION_CONTINUE:
+ break;
+ default:
+ kvmi_handle_common_event_actions(vcpu->kvm, action, "XSETBV");
+ }
+}
+
+void kvmi_xsetbv_event(struct kvm_vcpu *vcpu)
+{
+ struct kvm_introspection *kvmi;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return;
+
+ if (is_event_enabled(vcpu, KVMI_EVENT_XSETBV))
+ __kvmi_xsetbv_event(vcpu);
+
+ kvmi_put(vcpu->kvm);
+}
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 65/78] KVM: introspection: add KVMI_VCPU_GET_XSAVE
From: Mihai Don?u <mdontu at bitdefender.com>
This vCPU command is used to get the XSAVE area.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 31 +++++++++++++++++++
arch/x86/include/uapi/asm/kvmi.h | 4 +++
arch/x86/kvm/kvmi.c | 21 +++++++++++++
include/uapi/linux/kvmi.h | 2 ++
.../testing/selftests/kvm/x86_64/kvmi_test.c | 21 +++++++++++++
virt/kvm/introspection/kvmi_int.h | 4 +++
virt/kvm/introspection/kvmi_msg.c | 17 ++++++++++
7 files changed, 100 insertions(+)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 8b43e0f80f77..5d2b828f2159 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -756,6 +756,37 @@ memory slots allocated by KVM, considering all address
spaces indicated
by KVM_ADDRESS_SPACE_NUM. Stricly speaking, the returned value refers
to the first inaccessible GFN, next to the maximum accessible GFN.
+17. KVMI_VCPU_GET_XSAVE
+-----------------------
+
+:Architecture: x86
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+ struct kvmi_vcpu_get_xsave_reply {
+ __u32 region[0];
+ };
+
+Returns a buffer containing the XSAVE area. Currently, the size of
+``kvm_xsave`` is used, but it could change. The userspace should get
+the buffer size from the message size.
+
+:Errors:
+
+* -KVM_EINVAL - the selected vCPU is invalid
+* -KVM_EINVAL - padding is not zero
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+* -KVM_ENOMEM - not enough memory to allocate the reply
+
Events
=====
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
index 06f69cfa3d79..68ad3d737d7e 100644
--- a/arch/x86/include/uapi/asm/kvmi.h
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -97,4 +97,8 @@ struct kvmi_vcpu_inject_exception {
__u64 address;
};
+struct kvmi_vcpu_get_xsave_reply {
+ __u32 region[0];
+};
+
#endif /* _UAPI_ASM_X86_KVMI_H */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index ac493fcebb5b..f8fd8ce140c5 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -616,3 +616,24 @@ void kvmi_arch_inject_pending_exception(struct kvm_vcpu
*vcpu)
kvmi_save_injected_event(vcpu);
}
+
+int kvmi_arch_cmd_vcpu_get_xsave(struct kvm_vcpu *vcpu,
+ struct kvmi_vcpu_get_xsave_reply **dest,
+ size_t *dest_size)
+{
+ struct kvmi_vcpu_get_xsave_reply *rpl = NULL;
+ size_t rpl_size = sizeof(*rpl) + sizeof(struct kvm_xsave);
+ struct kvm_xsave *area;
+
+ rpl = kvmi_msg_alloc_check(rpl_size);
+ if (!rpl)
+ return -KVM_ENOMEM;
+
+ area = (struct kvm_xsave *) &rpl->region[0];
+ kvm_vcpu_ioctl_x86_get_xsave(vcpu, area);
+
+ *dest = rpl;
+ *dest_size = rpl_size;
+
+ return 0;
+}
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 3ea4882ac469..bc63c04a543d 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -37,6 +37,8 @@ enum {
KVMI_VM_GET_MAX_GFN = 17,
+ KVMI_VCPU_GET_XSAVE = 18,
+
KVMI_NUM_MESSAGES
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 299f4d29d0d6..638491f33138 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -1322,6 +1322,26 @@ static void test_event_xsetbv(struct kvm_vm *vm)
disable_vcpu_event(vm, event_id);
}
+static void test_cmd_vcpu_get_xsave(struct kvm_vm *vm)
+{
+ struct kvm_cpuid_entry2 *entry;
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ } req = {};
+ struct kvm_xsave rpl;
+
+ entry = kvm_get_supported_cpuid_entry(1);
+ if (!(entry->ecx & X86_FEATURE_XSAVE)) {
+ DEBUG("XSAVE is not supported, ecx 0x%x, skipping xsave test\n",
+ entry->ecx);
+ return;
+ }
+
+ test_vcpu0_command(vm, KVMI_VCPU_GET_XSAVE, &req.hdr, sizeof(req),
+ &rpl, sizeof(rpl));
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1347,6 +1367,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_vcpu_inject_exception(vm);
test_cmd_vm_get_max_gfn();
test_event_xsetbv(vm);
+ test_cmd_vcpu_get_xsave(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 5a00e38c88cc..5e1231f09440 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -47,6 +47,7 @@
| BIT(KVMI_VCPU_CONTROL_EVENTS) \
| BIT(KVMI_VCPU_GET_CPUID) \
| BIT(KVMI_VCPU_GET_REGISTERS) \
+ | BIT(KVMI_VCPU_GET_XSAVE) \
| BIT(KVMI_VCPU_INJECT_EXCEPTION) \
| BIT(KVMI_VCPU_SET_REGISTERS) \
)
@@ -135,5 +136,8 @@ int kvmi_arch_cmd_vcpu_inject_exception(struct kvm_vcpu
*vcpu, u8 vector,
u32 error_code, u64 address);
void kvmi_arch_trap_event(struct kvm_vcpu *vcpu);
void kvmi_arch_inject_pending_exception(struct kvm_vcpu *vcpu);
+int kvmi_arch_cmd_vcpu_get_xsave(struct kvm_vcpu *vcpu,
+ struct kvmi_vcpu_get_xsave_reply **dest,
+ size_t *dest_size);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index ba2d7c6acb22..1639f5eab68b 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -31,6 +31,7 @@ static const char *const msg_IDs[] = {
[KVMI_VCPU_GET_CPUID] = "KVMI_VCPU_GET_CPUID",
[KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
[KVMI_VCPU_GET_REGISTERS] = "KVMI_VCPU_GET_REGISTERS",
+ [KVMI_VCPU_GET_XSAVE] = "KVMI_VCPU_GET_XSAVE",
[KVMI_VCPU_INJECT_EXCEPTION] = "KVMI_VCPU_INJECT_EXCEPTION",
[KVMI_VCPU_PAUSE] = "KVMI_VCPU_PAUSE",
[KVMI_VCPU_SET_REGISTERS] = "KVMI_VCPU_SET_REGISTERS",
@@ -526,6 +527,21 @@ static int handle_vcpu_inject_exception(const struct
kvmi_vcpu_cmd_job *job,
return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
}
+static int handle_vcpu_get_xsave(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg,
+ const void *req)
+{
+ struct kvmi_vcpu_get_xsave_reply *rpl = NULL;
+ size_t rpl_size = 0;
+ int err, ec;
+
+ ec = kvmi_arch_cmd_vcpu_get_xsave(job->vcpu, &rpl, &rpl_size);
+
+ err = kvmi_msg_vcpu_reply(job, msg, ec, rpl, rpl_size);
+ kvmi_msg_free(rpl);
+ return err;
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -540,6 +556,7 @@ static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job
*,
[KVMI_VCPU_GET_CPUID] = handle_get_cpuid,
[KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
[KVMI_VCPU_GET_REGISTERS] = handle_get_registers,
+ [KVMI_VCPU_GET_XSAVE] = handle_vcpu_get_xsave,
[KVMI_VCPU_INJECT_EXCEPTION] = handle_vcpu_inject_exception,
[KVMI_VCPU_SET_REGISTERS] = handle_set_registers,
};
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 66/78] KVM: introspection: add KVMI_VCPU_GET_MTRR_TYPE
From: Mihai Don?u <mdontu at bitdefender.com>
This command returns the memory type for a guest physical address.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 32 +++++++++++++++++++
arch/x86/include/uapi/asm/kvmi.h | 9 ++++++
arch/x86/kvm/kvmi.c | 7 ++++
include/uapi/linux/kvmi.h | 3 +-
.../testing/selftests/kvm/x86_64/kvmi_test.c | 19 +++++++++++
virt/kvm/introspection/kvmi_int.h | 2 ++
virt/kvm/introspection/kvmi_msg.c | 17 ++++++++++
7 files changed, 88 insertions(+), 1 deletion(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 5d2b828f2159..ae8e242c4721 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -787,6 +787,38 @@ the buffer size from the message size.
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
* -KVM_ENOMEM - not enough memory to allocate the reply
+18. KVMI_VCPU_GET_MTRR_TYPE
+---------------------------
+
+:Architecture: x86
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_vcpu_get_mtrr_type {
+ __u64 gpa;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+ struct kvmi_vcpu_get_mtrr_type_reply {
+ __u8 type;
+ __u8 padding[7];
+ };
+
+Returns the guest memory type for a specific physical address.
+
+:Errors:
+
+* -KVM_EINVAL - the selected vCPU is invalid
+* -KVM_EINVAL - padding is not zero
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+
Events
=====
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
index 68ad3d737d7e..1dc3fc02d3ec 100644
--- a/arch/x86/include/uapi/asm/kvmi.h
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -101,4 +101,13 @@ struct kvmi_vcpu_get_xsave_reply {
__u32 region[0];
};
+struct kvmi_vcpu_get_mtrr_type {
+ __u64 gpa;
+};
+
+struct kvmi_vcpu_get_mtrr_type_reply {
+ __u8 type;
+ __u8 padding[7];
+};
+
#endif /* _UAPI_ASM_X86_KVMI_H */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index f8fd8ce140c5..d3cddd34326b 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -637,3 +637,10 @@ int kvmi_arch_cmd_vcpu_get_xsave(struct kvm_vcpu *vcpu,
return 0;
}
+
+int kvmi_arch_cmd_vcpu_get_mtrr_type(struct kvm_vcpu *vcpu, u64 gpa, u8 *type)
+{
+ *type = kvm_mtrr_get_guest_memory_type(vcpu, gpa_to_gfn(gpa));
+
+ return 0;
+}
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index bc63c04a543d..5e911ca7a636 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -37,7 +37,8 @@ enum {
KVMI_VM_GET_MAX_GFN = 17,
- KVMI_VCPU_GET_XSAVE = 18,
+ KVMI_VCPU_GET_XSAVE = 18,
+ KVMI_VCPU_GET_MTRR_TYPE = 19,
KVMI_NUM_MESSAGES
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 638491f33138..600d65922bf4 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -1342,6 +1342,24 @@ static void test_cmd_vcpu_get_xsave(struct kvm_vm *vm)
&rpl, sizeof(rpl));
}
+static void test_cmd_vcpu_get_mtrr_type(struct kvm_vm *vm)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ struct kvmi_vcpu_get_mtrr_type cmd;
+ } req = {};
+ struct kvmi_vcpu_get_mtrr_type_reply rpl;
+
+ req.cmd.gpa = test_gpa;
+
+ test_vcpu0_command(vm, KVMI_VCPU_GET_MTRR_TYPE,
+ &req.hdr, sizeof(req),
+ &rpl, sizeof(rpl));
+
+ DEBUG("mtrr_type: gpa 0x%lx type 0x%x\n", test_gpa, rpl.type);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1368,6 +1386,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_vm_get_max_gfn();
test_event_xsetbv(vm);
test_cmd_vcpu_get_xsave(vm);
+ test_cmd_vcpu_get_mtrr_type(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 5e1231f09440..1e28355ea4d7 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -46,6 +46,7 @@
| BIT(KVMI_VCPU_CONTROL_CR) \
| BIT(KVMI_VCPU_CONTROL_EVENTS) \
| BIT(KVMI_VCPU_GET_CPUID) \
+ | BIT(KVMI_VCPU_GET_MTRR_TYPE) \
| BIT(KVMI_VCPU_GET_REGISTERS) \
| BIT(KVMI_VCPU_GET_XSAVE) \
| BIT(KVMI_VCPU_INJECT_EXCEPTION) \
@@ -139,5 +140,6 @@ void kvmi_arch_inject_pending_exception(struct kvm_vcpu
*vcpu);
int kvmi_arch_cmd_vcpu_get_xsave(struct kvm_vcpu *vcpu,
struct kvmi_vcpu_get_xsave_reply **dest,
size_t *dest_size);
+int kvmi_arch_cmd_vcpu_get_mtrr_type(struct kvm_vcpu *vcpu, u64 gpa, u8 *type);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 1639f5eab68b..6f23bc7517aa 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -30,6 +30,7 @@ static const char *const msg_IDs[] = {
[KVMI_VCPU_CONTROL_EVENTS] = "KVMI_VCPU_CONTROL_EVENTS",
[KVMI_VCPU_GET_CPUID] = "KVMI_VCPU_GET_CPUID",
[KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
+ [KVMI_VCPU_GET_MTRR_TYPE] = "KVMI_VCPU_GET_MTRR_TYPE",
[KVMI_VCPU_GET_REGISTERS] = "KVMI_VCPU_GET_REGISTERS",
[KVMI_VCPU_GET_XSAVE] = "KVMI_VCPU_GET_XSAVE",
[KVMI_VCPU_INJECT_EXCEPTION] = "KVMI_VCPU_INJECT_EXCEPTION",
@@ -542,6 +543,21 @@ static int handle_vcpu_get_xsave(const struct
kvmi_vcpu_cmd_job *job,
return err;
}
+static int handle_vcpu_get_mtrr_type(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg,
+ const void *_req)
+{
+ const struct kvmi_vcpu_get_mtrr_type *req = _req;
+ struct kvmi_vcpu_get_mtrr_type_reply rpl;
+ int ec;
+
+ memset(&rpl, 0, sizeof(rpl));
+
+ ec = kvmi_arch_cmd_vcpu_get_mtrr_type(job->vcpu, req->gpa,
&rpl.type);
+
+ return kvmi_msg_vcpu_reply(job, msg, ec, &rpl, sizeof(rpl));
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -555,6 +571,7 @@ static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job
*,
[KVMI_VCPU_CONTROL_EVENTS] = handle_vcpu_control_events,
[KVMI_VCPU_GET_CPUID] = handle_get_cpuid,
[KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
+ [KVMI_VCPU_GET_MTRR_TYPE] = handle_vcpu_get_mtrr_type,
[KVMI_VCPU_GET_REGISTERS] = handle_get_registers,
[KVMI_VCPU_GET_XSAVE] = handle_vcpu_get_xsave,
[KVMI_VCPU_INJECT_EXCEPTION] = handle_vcpu_inject_exception,
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 67/78] KVM: introspection: add KVMI_EVENT_DESCRIPTOR
From: Nicu?or C??u <ncitu at bitdefender.com>
This event is sent when IDTR, GDTR, LDTR or TR are accessed.
These could be used to implement a tiny agent which runs in the context
of an introspected guest and uses virtualized exceptions (#VE) and
alternate EPT views (VMFUNC #0) to filter converted VMEXITS. The events
of interested will be suppressed (after some appropriate guest-side
handling) while the rest will be sent to the introspector via a VMCALL.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 39 ++++++++++++
arch/x86/include/asm/kvmi_host.h | 3 +
arch/x86/include/uapi/asm/kvmi.h | 11 ++++
arch/x86/kvm/kvmi.c | 57 ++++++++++++++++++
arch/x86/kvm/svm.c | 45 ++++++++++++++
arch/x86/kvm/vmx/vmx.c | 37 +++++++++++-
include/uapi/linux/kvmi.h | 1 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 60 +++++++++++++++++++
virt/kvm/introspection/kvmi_int.h | 2 +
virt/kvm/introspection/kvmi_msg.c | 17 ++++++
10 files changed, 270 insertions(+), 2 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index ae8e242c4721..0a0e5305a0af 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -532,6 +532,7 @@ the following events::
KVMI_EVENT_BREAKPOINT
KVMI_EVENT_CR
+ KVMI_EVENT_DESCRIPTOR
KVMI_EVENT_HYPERCALL
KVMI_EVENT_TRAP
KVMI_EVENT_XSETBV
@@ -1088,3 +1089,41 @@ to be changed and the introspection has been enabled for
this event
(see *KVMI_VCPU_CONTROL_EVENTS*).
``kvmi_event`` is sent to the introspection tool.
+
+8. KVMI_EVENT_DESCRIPTOR
+------------------------
+
+:Architecture: x86
+:Versions: >= 1
+:Actions: CONTINUE, RETRY, CRASH
+:Parameters:
+
+::
+
+ struct kvmi_event;
+ struct kvmi_event_descriptor {
+ __u8 descriptor;
+ __u8 write;
+ __u8 padding[6];
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_event_reply;
+
+This event is sent when a descriptor table register is accessed and the
+introspection has been enabled for this event (see
**KVMI_VCPU_CONTROL_EVENTS**).
+
+``kvmi_event`` and ``kvmi_event_descriptor`` are sent to the introspection
tool.
+
+``descriptor`` can be one of::
+
+ KVMI_DESC_IDTR
+ KVMI_DESC_GDTR
+ KVMI_DESC_LDTR
+ KVMI_DESC_TR
+
+``write`` is 1 if the descriptor was written, 0 otherwise.
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
index b3fa950362db..8f9e6bd2953a 100644
--- a/arch/x86/include/asm/kvmi_host.h
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -31,6 +31,7 @@ bool kvmi_cr_event(struct kvm_vcpu *vcpu, unsigned int cr,
bool kvmi_cr3_intercepted(struct kvm_vcpu *vcpu);
bool kvmi_monitor_cr3w_intercept(struct kvm_vcpu *vcpu, bool enable);
void kvmi_xsetbv_event(struct kvm_vcpu *vcpu);
+bool kvmi_descriptor_event(struct kvm_vcpu *vcpu, u8 descriptor, u8 write);
#else /* CONFIG_KVM_INTROSPECTION */
@@ -43,6 +44,8 @@ static inline bool kvmi_cr3_intercepted(struct kvm_vcpu *vcpu)
{ return false; }
static inline bool kvmi_monitor_cr3w_intercept(struct kvm_vcpu *vcpu,
bool enable) { return false; }
static inline void kvmi_xsetbv_event(struct kvm_vcpu *vcpu) { }
+static inline bool kvmi_descriptor_event(struct kvm_vcpu *vcpu, u8 descriptor,
+ u8 write) { return true; }
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
index 1dc3fc02d3ec..6f411b9ba449 100644
--- a/arch/x86/include/uapi/asm/kvmi.h
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -110,4 +110,15 @@ struct kvmi_vcpu_get_mtrr_type_reply {
__u8 padding[7];
};
+#define KVMI_DESC_IDTR 1
+#define KVMI_DESC_GDTR 2
+#define KVMI_DESC_LDTR 3
+#define KVMI_DESC_TR 4
+
+struct kvmi_event_descriptor {
+ __u8 descriptor;
+ __u8 write;
+ __u8 padding[6];
+};
+
#endif /* _UAPI_ASM_X86_KVMI_H */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index d3cddd34326b..ed9b45060e2a 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -311,6 +311,21 @@ static void kvmi_arch_disable_cr3w_intercept(struct
kvm_vcpu *vcpu)
vcpu->arch.kvmi->cr3w.kvm_intercepted = false;
}
+static int kvmi_control_desc_intercept(struct kvm_vcpu *vcpu, bool enable)
+{
+ if (!kvm_x86_ops->umip_emulated())
+ return -KVM_EOPNOTSUPP;
+
+ kvm_x86_ops->control_desc_intercept(vcpu, enable);
+
+ return 0;
+}
+
+static void kvmi_arch_disable_desc_intercept(struct kvm_vcpu *vcpu)
+{
+ kvmi_control_desc_intercept(vcpu, false);
+}
+
int kvmi_arch_cmd_control_intercept(struct kvm_vcpu *vcpu,
unsigned int event_id, bool enable)
{
@@ -320,6 +335,9 @@ int kvmi_arch_cmd_control_intercept(struct kvm_vcpu *vcpu,
case KVMI_EVENT_BREAKPOINT:
err = kvmi_control_bp_intercept(vcpu, enable);
break;
+ case KVMI_EVENT_DESCRIPTOR:
+ err = kvmi_control_desc_intercept(vcpu, enable);
+ break;
default:
break;
}
@@ -356,6 +374,7 @@ bool kvmi_arch_restore_interception(struct kvm_vcpu *vcpu)
kvmi_arch_disable_bp_intercept(vcpu);
kvmi_arch_disable_cr3w_intercept(vcpu);
+ kvmi_arch_disable_desc_intercept(vcpu);
return true;
}
@@ -644,3 +663,41 @@ int kvmi_arch_cmd_vcpu_get_mtrr_type(struct kvm_vcpu *vcpu,
u64 gpa, u8 *type)
return 0;
}
+
+static bool __kvmi_descriptor_event(struct kvm_vcpu *vcpu, u8 descriptor,
+ u8 write)
+{
+ bool ret = false;
+ u32 action;
+
+ action = kvmi_msg_send_descriptor(vcpu, descriptor, write);
+ switch (action) {
+ case KVMI_EVENT_ACTION_CONTINUE:
+ ret = true;
+ break;
+ case KVMI_EVENT_ACTION_RETRY:
+ break;
+ default:
+ kvmi_handle_common_event_actions(vcpu->kvm, action, "DESC");
+ }
+
+ return ret;
+}
+
+bool kvmi_descriptor_event(struct kvm_vcpu *vcpu, u8 descriptor, u8 write)
+{
+ struct kvm_introspection *kvmi;
+ bool ret = true;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return true;
+
+ if (is_event_enabled(vcpu, KVMI_EVENT_DESCRIPTOR))
+ ret = __kvmi_descriptor_event(vcpu, descriptor, write);
+
+ kvmi_put(vcpu->kvm);
+
+ return ret;
+}
+EXPORT_SYMBOL(kvmi_descriptor_event);
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 909308711bb7..988eb6937515 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -4808,6 +4808,41 @@ static int avic_unaccelerated_access_interception(struct
vcpu_svm *svm)
return ret;
}
+#ifdef CONFIG_KVM_INTROSPECTION
+static int descriptor_access_interception(struct vcpu_svm *svm)
+{
+ struct kvm_vcpu *vcpu = &svm->vcpu;
+ struct vmcb_control_area *c = &svm->vmcb->control;
+
+ switch (c->exit_code) {
+ case SVM_EXIT_IDTR_READ:
+ case SVM_EXIT_IDTR_WRITE:
+ kvmi_descriptor_event(vcpu, KVMI_DESC_IDTR,
+ c->exit_code == SVM_EXIT_IDTR_WRITE);
+ break;
+ case SVM_EXIT_GDTR_READ:
+ case SVM_EXIT_GDTR_WRITE:
+ kvmi_descriptor_event(vcpu, KVMI_DESC_GDTR,
+ c->exit_code == SVM_EXIT_GDTR_WRITE);
+ break;
+ case SVM_EXIT_LDTR_READ:
+ case SVM_EXIT_LDTR_WRITE:
+ kvmi_descriptor_event(vcpu, KVMI_DESC_LDTR,
+ c->exit_code == SVM_EXIT_LDTR_WRITE);
+ break;
+ case SVM_EXIT_TR_READ:
+ case SVM_EXIT_TR_WRITE:
+ kvmi_descriptor_event(vcpu, KVMI_DESC_TR,
+ c->exit_code == SVM_EXIT_TR_WRITE);
+ break;
+ default:
+ break;
+ }
+
+ return kvm_emulate_instruction(vcpu, 0);
+}
+#endif /* CONFIG_KVM_INTROSPECTION */
+
static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
[SVM_EXIT_READ_CR0] = cr_interception,
[SVM_EXIT_READ_CR3] = cr_interception,
@@ -4874,6 +4909,16 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm
*svm) = {
[SVM_EXIT_RSM] = rsm_interception,
[SVM_EXIT_AVIC_INCOMPLETE_IPI] = avic_incomplete_ipi_interception,
[SVM_EXIT_AVIC_UNACCELERATED_ACCESS] = avic_unaccelerated_access_interception,
+#ifdef CONFIG_KVM_INTROSPECTION
+ [SVM_EXIT_IDTR_READ] = descriptor_access_interception,
+ [SVM_EXIT_GDTR_READ] = descriptor_access_interception,
+ [SVM_EXIT_LDTR_READ] = descriptor_access_interception,
+ [SVM_EXIT_TR_READ] = descriptor_access_interception,
+ [SVM_EXIT_IDTR_WRITE] = descriptor_access_interception,
+ [SVM_EXIT_GDTR_WRITE] = descriptor_access_interception,
+ [SVM_EXIT_LDTR_WRITE] = descriptor_access_interception,
+ [SVM_EXIT_TR_WRITE] = descriptor_access_interception,
+#endif /* CONFIG_KVM_INTROSPECTION */
};
static void dump_vmcb(struct kvm_vcpu *vcpu)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 157dfc3f756a..68986f600f98 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -3070,11 +3070,11 @@ int vmx_set_cr4(struct kvm_vcpu *vcpu, unsigned long
cr4)
if (!boot_cpu_has(X86_FEATURE_UMIP) && vmx_umip_emulated()) {
if (cr4 & X86_CR4_UMIP) {
- secondary_exec_controls_setbit(vmx, SECONDARY_EXEC_DESC);
+ vmx_control_desc_intercept(vcpu, true);
hw_cr4 &= ~X86_CR4_UMIP;
} else if (!is_guest_mode(vcpu) ||
!nested_cpu_has2(get_vmcs12(vcpu), SECONDARY_EXEC_DESC)) {
- secondary_exec_controls_clearbit(vmx, SECONDARY_EXEC_DESC);
+ vmx_control_desc_intercept(vcpu, false);
}
}
@@ -4831,7 +4831,40 @@ static int handle_set_cr4(struct kvm_vcpu *vcpu, unsigned
long val)
static int handle_desc(struct kvm_vcpu *vcpu)
{
+#ifdef CONFIG_KVM_INTROSPECTION
+ struct vcpu_vmx *vmx = to_vmx(vcpu);
+ u32 exit_reason = vmx->exit_reason;
+ u32 vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO);
+ u8 store = (vmx_instruction_info >> 29) & 0x1;
+ u8 descriptor = 0;
+
+ if (exit_reason == EXIT_REASON_GDTR_IDTR) {
+ if ((vmx_instruction_info >> 28) & 0x1)
+ descriptor = KVMI_DESC_IDTR;
+ else
+ descriptor = KVMI_DESC_GDTR;
+ } else {
+ if ((vmx_instruction_info >> 28) & 0x1)
+ descriptor = KVMI_DESC_TR;
+ else
+ descriptor = KVMI_DESC_LDTR;
+ }
+
+ /*
+ * For now, this function returns false only when the guest
+ * is ungracefully stopped (crashed) or the current instruction
+ * is skipped by the introspection tool.
+ */
+ if (!kvmi_descriptor_event(vcpu, descriptor, store))
+ return 1;
+
+ /*
+ * We are here because X86_CR4_UMIP was set or
+ * KVMI enabled the interception.
+ */
+#else
WARN_ON(!(vcpu->arch.cr4 & X86_CR4_UMIP));
+#endif /* CONFIG_KVM_INTROSPECTION */
return kvm_emulate_instruction(vcpu, 0);
}
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 5e911ca7a636..a8f5dc415e3d 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -51,6 +51,7 @@ enum {
KVMI_EVENT_CR = 4,
KVMI_EVENT_TRAP = 5,
KVMI_EVENT_XSETBV = 6,
+ KVMI_EVENT_DESCRIPTOR = 7,
KVMI_NUM_EVENTS
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 600d65922bf4..4308cb995ce3 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -54,6 +54,7 @@ enum {
GUEST_TEST_NOOP = 0,
GUEST_TEST_BP,
GUEST_TEST_CR,
+ GUEST_TEST_DESCRIPTOR,
GUEST_TEST_HYPERCALL,
GUEST_TEST_XSETBV,
};
@@ -79,6 +80,14 @@ static void guest_cr_test(void)
set_cr4(get_cr4() | X86_CR4_OSXSAVE);
}
+static void guest_descriptor_test(void)
+{
+ void *ptr;
+
+ asm volatile("sgdt %0" :: "m"(ptr));
+ asm volatile("lgdt %0" :: "m"(ptr));
+}
+
static void guest_hypercall_test(void)
{
asm volatile("mov $34, %rax");
@@ -138,6 +147,9 @@ static void guest_code(void)
case GUEST_TEST_CR:
guest_cr_test();
break;
+ case GUEST_TEST_DESCRIPTOR:
+ guest_descriptor_test();
+ break;
case GUEST_TEST_HYPERCALL:
guest_hypercall_test();
break;
@@ -1360,6 +1372,53 @@ static void test_cmd_vcpu_get_mtrr_type(struct kvm_vm
*vm)
DEBUG("mtrr_type: gpa 0x%lx type 0x%x\n", test_gpa, rpl.type);
}
+static void test_event_descriptor(struct kvm_vm *vm)
+{
+ struct vcpu_worker_data data = {
+ .vm = vm,
+ .vcpu_id = VCPU_ID,
+ .test_id = GUEST_TEST_DESCRIPTOR,
+ };
+ struct kvmi_msg_hdr hdr;
+ struct {
+ struct kvmi_event common;
+ struct kvmi_event_descriptor desc;
+ } ev;
+ struct vcpu_reply rpl = {};
+ __u16 event_id = KVMI_EVENT_DESCRIPTOR;
+ pthread_t vcpu_thread;
+
+ enable_vcpu_event(vm, event_id);
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ receive_event(&hdr, &ev.common, sizeof(ev), event_id);
+
+ DEBUG("Descriptor event (read), descriptor %u, write %u\n",
+ ev.desc.descriptor, ev.desc.write);
+
+ TEST_ASSERT(ev.desc.write == 0,
+ "Received a write descriptor access\n");
+
+ reply_to_event(&hdr, &ev.common, KVMI_EVENT_ACTION_CONTINUE,
+ &rpl, sizeof(rpl));
+
+ receive_event(&hdr, &ev.common, sizeof(ev), event_id);
+
+ DEBUG("Descriptor event (write), descriptor %u, write %u\n",
+ ev.desc.descriptor, ev.desc.write);
+
+ TEST_ASSERT(ev.desc.write == 1,
+ "Received a read descriptor access\n");
+
+ reply_to_event(&hdr, &ev.common, KVMI_EVENT_ACTION_CONTINUE,
+ &rpl, sizeof(rpl));
+
+ stop_vcpu_worker(vcpu_thread, &data);
+
+ disable_vcpu_event(vm, event_id);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1387,6 +1446,7 @@ static void test_introspection(struct kvm_vm *vm)
test_event_xsetbv(vm);
test_cmd_vcpu_get_xsave(vm);
test_cmd_vcpu_get_mtrr_type(vm);
+ test_event_descriptor(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 1e28355ea4d7..6d2c09a12c49 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -24,6 +24,7 @@
#define KVMI_KNOWN_VCPU_EVENTS ( \
BIT(KVMI_EVENT_BREAKPOINT) \
| BIT(KVMI_EVENT_CR) \
+ | BIT(KVMI_EVENT_DESCRIPTOR) \
| BIT(KVMI_EVENT_HYPERCALL) \
| BIT(KVMI_EVENT_TRAP) \
| BIT(KVMI_EVENT_PAUSE_VCPU) \
@@ -79,6 +80,7 @@ int kvmi_msg_send_unhook(struct kvm_introspection *kvmi);
u32 kvmi_msg_send_vcpu_pause(struct kvm_vcpu *vcpu);
u32 kvmi_msg_send_hypercall(struct kvm_vcpu *vcpu);
u32 kvmi_msg_send_bp(struct kvm_vcpu *vcpu, u64 gpa, u8 insn_len);
+u32 kvmi_msg_send_descriptor(struct kvm_vcpu *vcpu, u8 descriptor, u8 write);
/* kvmi.c */
void *kvmi_msg_alloc(void);
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 6f23bc7517aa..fed483bec936 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -1029,3 +1029,20 @@ void kvmi_xsetbv_event(struct kvm_vcpu *vcpu)
kvmi_put(vcpu->kvm);
}
+
+u32 kvmi_msg_send_descriptor(struct kvm_vcpu *vcpu, u8 descriptor, u8 write)
+{
+ struct kvmi_event_descriptor e;
+ int err, action;
+
+ memset(&e, 0, sizeof(e));
+ e.descriptor = descriptor;
+ e.write = write;
+
+ err = kvmi_send_event(vcpu, KVMI_EVENT_DESCRIPTOR, &e, sizeof(e),
+ NULL, 0, &action);
+ if (err)
+ return KVMI_EVENT_ACTION_CONTINUE;
+
+ return action;
+}
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 68/78] KVM: introspection: restore the state of descriptor interception on unhook
From: Nicu?or C??u <ncitu at bitdefender.com>
This commit also ensures that the introspection tool and the userspace
do not disable each other the descriptor access VM-exit.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvmi_host.h | 4 +++
arch/x86/kvm/kvmi.c | 45 ++++++++++++++++++++++++++++++++
arch/x86/kvm/svm.c | 3 +++
arch/x86/kvm/vmx/vmx.c | 3 +++
4 files changed, 55 insertions(+)
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
index 8f9e6bd2953a..10b251856c0e 100644
--- a/arch/x86/include/asm/kvmi_host.h
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -14,6 +14,7 @@ struct kvmi_interception {
bool restore_interception;
struct kvmi_monitor_interception breakpoint;
struct kvmi_monitor_interception cr3w;
+ struct kvmi_monitor_interception descriptor;
};
struct kvm_vcpu_arch_introspection {
@@ -31,6 +32,7 @@ bool kvmi_cr_event(struct kvm_vcpu *vcpu, unsigned int cr,
bool kvmi_cr3_intercepted(struct kvm_vcpu *vcpu);
bool kvmi_monitor_cr3w_intercept(struct kvm_vcpu *vcpu, bool enable);
void kvmi_xsetbv_event(struct kvm_vcpu *vcpu);
+bool kvmi_monitor_desc_intercept(struct kvm_vcpu *vcpu, bool enable);
bool kvmi_descriptor_event(struct kvm_vcpu *vcpu, u8 descriptor, u8 write);
#else /* CONFIG_KVM_INTROSPECTION */
@@ -44,6 +46,8 @@ static inline bool kvmi_cr3_intercepted(struct kvm_vcpu *vcpu)
{ return false; }
static inline bool kvmi_monitor_cr3w_intercept(struct kvm_vcpu *vcpu,
bool enable) { return false; }
static inline void kvmi_xsetbv_event(struct kvm_vcpu *vcpu) { }
+static inline bool kvmi_monitor_desc_intercept(struct kvm_vcpu *vcpu,
+ bool enable) { return false; }
static inline bool kvmi_descriptor_event(struct kvm_vcpu *vcpu, u8 descriptor,
u8 write) { return true; }
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index ed9b45060e2a..048f0e1f9f79 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -311,12 +311,52 @@ static void kvmi_arch_disable_cr3w_intercept(struct
kvm_vcpu *vcpu)
vcpu->arch.kvmi->cr3w.kvm_intercepted = false;
}
+/*
+ * Returns true if one side (kvm or kvmi) tries to disable the descriptor
+ * interception while the other side is still tracking it.
+ */
+bool kvmi_monitor_desc_intercept(struct kvm_vcpu *vcpu, bool enable)
+{
+ struct kvmi_interception *arch_vcpui = READ_ONCE(vcpu->arch.kvmi);
+
+ return (arch_vcpui && arch_vcpui->descriptor.monitor_fct(vcpu,
enable));
+}
+EXPORT_SYMBOL(kvmi_monitor_desc_intercept);
+
+static bool monitor_desc_fct_kvmi(struct kvm_vcpu *vcpu, bool enable)
+{
+ vcpu->arch.kvmi->descriptor.kvmi_intercepted = enable;
+
+ if (enable)
+ vcpu->arch.kvmi->descriptor.kvm_intercepted +
kvm_x86_ops->desc_intercepted(vcpu);
+ else if (vcpu->arch.kvmi->descriptor.kvm_intercepted)
+ return true;
+
+ return false;
+}
+
+static bool monitor_desc_fct_kvm(struct kvm_vcpu *vcpu, bool enable)
+{
+ if (!vcpu->arch.kvmi->descriptor.kvmi_intercepted)
+ return false;
+
+ vcpu->arch.kvmi->descriptor.kvm_intercepted = enable;
+
+ if (!enable)
+ return true;
+
+ return false;
+}
+
static int kvmi_control_desc_intercept(struct kvm_vcpu *vcpu, bool enable)
{
if (!kvm_x86_ops->umip_emulated())
return -KVM_EOPNOTSUPP;
+ vcpu->arch.kvmi->descriptor.monitor_fct = monitor_desc_fct_kvmi;
kvm_x86_ops->control_desc_intercept(vcpu, enable);
+ vcpu->arch.kvmi->descriptor.monitor_fct = monitor_desc_fct_kvm;
return 0;
}
@@ -324,6 +364,9 @@ static int kvmi_control_desc_intercept(struct kvm_vcpu
*vcpu, bool enable)
static void kvmi_arch_disable_desc_intercept(struct kvm_vcpu *vcpu)
{
kvmi_control_desc_intercept(vcpu, false);
+
+ vcpu->arch.kvmi->descriptor.kvmi_intercepted = false;
+ vcpu->arch.kvmi->descriptor.kvm_intercepted = false;
}
int kvmi_arch_cmd_control_intercept(struct kvm_vcpu *vcpu,
@@ -389,11 +432,13 @@ bool kvmi_arch_vcpu_alloc(struct kvm_vcpu *vcpu)
arch_vcpui->breakpoint.monitor_fct = monitor_bp_fct_kvm;
arch_vcpui->cr3w.monitor_fct = monitor_cr3w_fct_kvm;
+ arch_vcpui->descriptor.monitor_fct = monitor_desc_fct_kvm;
/*
* paired with:
* - kvmi_monitor_bp_intercept()
* - kvmi_monitor_cr3w_intercept()
+ * - kvmi_monitor_desc_intercept()
*/
smp_wmb();
WRITE_ONCE(vcpu->arch.kvmi, arch_vcpui);
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 988eb6937515..7cd48ef25f59 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -7388,6 +7388,9 @@ static void svm_control_desc_intercept(struct kvm_vcpu
*vcpu, bool enable)
{
struct vcpu_svm *svm = to_svm(vcpu);
+ if (kvmi_monitor_desc_intercept(vcpu, enable))
+ return;
+
if (enable) {
set_intercept(svm, INTERCEPT_STORE_IDTR);
set_intercept(svm, INTERCEPT_STORE_GDTR);
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 68986f600f98..e423dbbf3cf5 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -3008,6 +3008,9 @@ static void vmx_control_desc_intercept(struct kvm_vcpu
*vcpu, bool enable)
{
struct vcpu_vmx *vmx = to_vmx(vcpu);
+ if (kvmi_monitor_desc_intercept(vcpu, enable))
+ return;
+
if (enable)
secondary_exec_controls_setbit(vmx, SECONDARY_EXEC_DESC);
else
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 69/78] KVM: introspection: add KVMI_VCPU_CONTROL_MSR and KVMI_EVENT_MSR
From: Mihai Don?u <mdontu at bitdefender.com>
This command is used to enable/disable introspection for a specific
MSR. The KVMI_EVENT_MSR event is send when the tracked MSR is going to
be changed. The introspection tool can respond by allowing the guest to
continue with normal execution or by discarding the change.
This is meant to prevent malicious changes to MSRs
such as MSR_IA32_SYSENTER_EIP.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 75 ++++++++
arch/x86/include/asm/kvmi_host.h | 12 ++
arch/x86/include/uapi/asm/kvmi.h | 18 ++
arch/x86/kvm/kvmi.c | 163 ++++++++++++++++++
arch/x86/kvm/x86.c | 3 +
include/uapi/linux/kvmi.h | 2 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 102 +++++++++++
virt/kvm/introspection/kvmi_int.h | 4 +
virt/kvm/introspection/kvmi_msg.c | 13 ++
9 files changed, 392 insertions(+)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 0a0e5305a0af..4930a84200fc 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -534,6 +534,7 @@ the following events::
KVMI_EVENT_CR
KVMI_EVENT_DESCRIPTOR
KVMI_EVENT_HYPERCALL
+ KVMI_EVENT_MSR
KVMI_EVENT_TRAP
KVMI_EVENT_XSETBV
@@ -820,6 +821,45 @@ Returns the guest memory type for a specific physical
address.
* -KVM_EINVAL - padding is not zero
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+19. KVMI_VCPU_CONTROL_MSR
+-------------------------
+
+:Architectures: x86
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_vcpu_control_msr {
+ __u8 enable;
+ __u8 padding1;
+ __u16 padding2;
+ __u32 msr;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code
+
+Enables/disables introspection for a specific MSR and must be used
+in addition to *KVMI_VCPU_CONTROL_EVENTS* with the *KVMI_EVENT_MSR* ID set.
+
+Currently, only MSRs within the following two ranges are supported. Trying
+to control events for any other register will fail with -KVM_EINVAL::
+
+ 0 ... 0x00001fff
+ 0xc0000000 ... 0xc0001fff
+
+:Errors:
+
+* -KVM_EINVAL - the selected vCPU is invalid
+* -KVM_EINVAL - the specified MSR is invalid
+* -KVM_EINVAL - padding is not zero
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+
Events
=====
@@ -1127,3 +1167,38 @@ introspection has been enabled for this event (see
**KVMI_VCPU_CONTROL_EVENTS**)
KVMI_DESC_TR
``write`` is 1 if the descriptor was written, 0 otherwise.
+
+9. KVMI_EVENT_MSR
+-----------------
+
+:Architectures: x86
+:Versions: >= 1
+:Actions: CONTINUE, CRASH
+:Parameters:
+
+::
+
+ struct kvmi_event;
+ struct kvmi_event_msr {
+ __u32 msr;
+ __u32 padding;
+ __u64 old_value;
+ __u64 new_value;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_event_reply;
+ struct kvmi_event_msr_reply {
+ __u64 new_val;
+ };
+
+This event is sent when a model specific register is going to be changed
+and the introspection has been enabled for this event and for this specific
+register (see **KVMI_VCPU_CONTROL_EVENTS**).
+
+``kvmi_event``, the MSR number, the old value and the new value are
+sent to the introspection tool. The *CONTINUE* action will set the ``new_val``.
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
index 10b251856c0e..f9aaff45d082 100644
--- a/arch/x86/include/asm/kvmi_host.h
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -2,7 +2,10 @@
#ifndef _ASM_X86_KVMI_HOST_H
#define _ASM_X86_KVMI_HOST_H
+struct msr_data;
+
#define KVMI_NUM_CR 5
+#define KVMI_NUM_MSR 0x2000
struct kvmi_monitor_interception {
bool kvmi_intercepted;
@@ -15,6 +18,12 @@ struct kvmi_interception {
struct kvmi_monitor_interception breakpoint;
struct kvmi_monitor_interception cr3w;
struct kvmi_monitor_interception descriptor;
+ struct {
+ struct {
+ DECLARE_BITMAP(low, KVMI_NUM_MSR);
+ DECLARE_BITMAP(high, KVMI_NUM_MSR);
+ } kvmi_mask;
+ } msrw;
};
struct kvm_vcpu_arch_introspection {
@@ -34,6 +43,7 @@ bool kvmi_monitor_cr3w_intercept(struct kvm_vcpu *vcpu, bool
enable);
void kvmi_xsetbv_event(struct kvm_vcpu *vcpu);
bool kvmi_monitor_desc_intercept(struct kvm_vcpu *vcpu, bool enable);
bool kvmi_descriptor_event(struct kvm_vcpu *vcpu, u8 descriptor, u8 write);
+bool kvmi_msr_event(struct kvm_vcpu *vcpu, struct msr_data *msr);
#else /* CONFIG_KVM_INTROSPECTION */
@@ -50,6 +60,8 @@ static inline bool kvmi_monitor_desc_intercept(struct kvm_vcpu
*vcpu,
bool enable) { return false; }
static inline bool kvmi_descriptor_event(struct kvm_vcpu *vcpu, u8 descriptor,
u8 write) { return true; }
+static inline bool kvmi_msr_event(struct kvm_vcpu *vcpu, struct msr_data *msr)
+ { return true; }
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
index 6f411b9ba449..f4be7d12f63a 100644
--- a/arch/x86/include/uapi/asm/kvmi.h
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -121,4 +121,22 @@ struct kvmi_event_descriptor {
__u8 padding[6];
};
+struct kvmi_vcpu_control_msr {
+ __u8 enable;
+ __u8 padding1;
+ __u16 padding2;
+ __u32 msr;
+};
+
+struct kvmi_event_msr {
+ __u32 msr;
+ __u32 padding;
+ __u64 old_value;
+ __u64 new_value;
+};
+
+struct kvmi_event_msr_reply {
+ __u64 new_val;
+};
+
#endif /* _UAPI_ASM_X86_KVMI_H */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index 048f0e1f9f79..7705ac155c84 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -369,6 +369,72 @@ static void kvmi_arch_disable_desc_intercept(struct
kvm_vcpu *vcpu)
vcpu->arch.kvmi->descriptor.kvm_intercepted = false;
}
+static unsigned long *msr_mask(struct kvm_vcpu *vcpu, unsigned int *msr)
+{
+ switch (*msr) {
+ case 0 ... 0x1fff:
+ return vcpu->arch.kvmi->msrw.kvmi_mask.low;
+ case 0xc0000000 ... 0xc0001fff:
+ *msr &= 0x1fff;
+ return vcpu->arch.kvmi->msrw.kvmi_mask.high;
+ }
+
+ return NULL;
+}
+
+static bool test_msr_mask(struct kvm_vcpu *vcpu, unsigned int msr)
+{
+ unsigned long *mask = msr_mask(vcpu, &msr);
+
+ if (!mask)
+ return false;
+
+ return !!test_bit(msr, mask);
+}
+
+static bool msr_control(struct kvm_vcpu *vcpu, unsigned int msr, bool enable)
+{
+ unsigned long *mask = msr_mask(vcpu, &msr);
+
+ if (!mask)
+ return false;
+
+ if (enable)
+ set_bit(msr, mask);
+ else
+ clear_bit(msr, mask);
+
+ return true;
+}
+
+static unsigned int msr_mask_to_base(struct kvm_vcpu *vcpu, unsigned long
*mask)
+{
+ if (mask == vcpu->arch.kvmi->msrw.kvmi_mask.high)
+ return 0xc0000000;
+
+ return 0;
+}
+
+static void kvmi_arch_disable_msr_intercept(struct kvm_vcpu *vcpu,
+ unsigned long *mask)
+{
+ int offset = -1;
+ unsigned int msr_base = msr_mask_to_base(vcpu, mask);
+
+ for (;;) {
+ offset = find_next_bit(mask, KVMI_NUM_MSR, offset + 1);
+
+ if (offset >= KVMI_NUM_MSR)
+ break;
+
+ kvm_x86_ops->control_msr_intercept(vcpu, msr_base + offset,
+ MSR_TYPE_W, false);
+ msr_control(vcpu, msr_base + offset, false);
+ }
+
+ bitmap_zero(mask, KVMI_NUM_MSR);
+}
+
int kvmi_arch_cmd_control_intercept(struct kvm_vcpu *vcpu,
unsigned int event_id, bool enable)
{
@@ -418,6 +484,8 @@ bool kvmi_arch_restore_interception(struct kvm_vcpu *vcpu)
kvmi_arch_disable_bp_intercept(vcpu);
kvmi_arch_disable_cr3w_intercept(vcpu);
kvmi_arch_disable_desc_intercept(vcpu);
+ kvmi_arch_disable_msr_intercept(vcpu, arch_vcpui->msrw.kvmi_mask.low);
+ kvmi_arch_disable_msr_intercept(vcpu, arch_vcpui->msrw.kvmi_mask.high);
return true;
}
@@ -746,3 +814,98 @@ bool kvmi_descriptor_event(struct kvm_vcpu *vcpu, u8
descriptor, u8 write)
return ret;
}
EXPORT_SYMBOL(kvmi_descriptor_event);
+
+static bool kvmi_msr_valid(unsigned int msr)
+{
+ if ((msr < 0x1fff) || ((msr > 0xc0000000) && (msr <
0xc0001fff)))
+ return true;
+
+ return false;
+}
+
+
+int kvmi_arch_cmd_vcpu_control_msr(struct kvm_vcpu *vcpu,
+ const struct kvmi_vcpu_control_msr *req)
+{
+ if (req->padding1 || req->padding2)
+ return -KVM_EINVAL;
+
+ if (!kvmi_msr_valid(req->msr))
+ return -KVM_EINVAL;
+
+ kvm_x86_ops->control_msr_intercept(vcpu, req->msr, MSR_TYPE_W,
+ req->enable);
+ msr_control(vcpu, req->msr, req->enable);
+
+ return 0;
+}
+
+static u32 kvmi_send_msr(struct kvm_vcpu *vcpu, u32 msr, u64 old_value,
+ u64 new_value, u64 *ret_value)
+{
+ struct kvmi_event_msr e = {
+ .msr = msr,
+ .old_value = old_value,
+ .new_value = new_value,
+ };
+ struct kvmi_event_msr_reply r;
+ int err, action;
+
+ err = kvmi_send_event(vcpu, KVMI_EVENT_MSR, &e, sizeof(e),
+ &r, sizeof(r), &action);
+ if (err) {
+ *ret_value = new_value;
+ return KVMI_EVENT_ACTION_CONTINUE;
+ }
+
+ *ret_value = r.new_val;
+ return action;
+}
+
+static bool __kvmi_msr_event(struct kvm_vcpu *vcpu, struct msr_data *msr)
+{
+ struct msr_data old_msr = {
+ .host_initiated = true,
+ .index = msr->index,
+ };
+ bool ret = false;
+ u64 ret_value;
+ u32 action;
+
+ if (!test_msr_mask(vcpu, msr->index))
+ return true;
+ if (kvm_x86_ops->get_msr(vcpu, &old_msr))
+ return true;
+ if (old_msr.data == msr->data)
+ return true;
+
+ action = kvmi_send_msr(vcpu, msr->index, old_msr.data, msr->data,
+ &ret_value);
+ switch (action) {
+ case KVMI_EVENT_ACTION_CONTINUE:
+ msr->data = ret_value;
+ ret = true;
+ break;
+ default:
+ kvmi_handle_common_event_actions(vcpu->kvm, action, "MSR");
+ }
+
+ return ret;
+}
+
+bool kvmi_msr_event(struct kvm_vcpu *vcpu, struct msr_data *msr)
+{
+ struct kvm_introspection *kvmi;
+ bool ret = true;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return true;
+
+ if (is_event_enabled(vcpu, KVMI_EVENT_MSR))
+ ret = __kvmi_msr_event(vcpu, msr);
+
+ kvmi_put(vcpu->kvm);
+
+ return ret;
+}
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index fa583f82298e..5d6ac6c99246 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1470,6 +1470,9 @@ static int __kvm_set_msr(struct kvm_vcpu *vcpu, u32 index,
u64 data,
msr.index = index;
msr.host_initiated = host_initiated;
+ if (!host_initiated && !kvmi_msr_event(vcpu, &msr))
+ return 1;
+
return kvm_x86_ops->set_msr(vcpu, &msr);
}
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index a8f5dc415e3d..2d37d407f65d 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -39,6 +39,7 @@ enum {
KVMI_VCPU_GET_XSAVE = 18,
KVMI_VCPU_GET_MTRR_TYPE = 19,
+ KVMI_VCPU_CONTROL_MSR = 20,
KVMI_NUM_MESSAGES
};
@@ -52,6 +53,7 @@ enum {
KVMI_EVENT_TRAP = 5,
KVMI_EVENT_XSETBV = 6,
KVMI_EVENT_DESCRIPTOR = 7,
+ KVMI_EVENT_MSR = 8,
KVMI_NUM_EVENTS
};
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 4308cb995ce3..7bf2b64b62a3 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -56,6 +56,7 @@ enum {
GUEST_TEST_CR,
GUEST_TEST_DESCRIPTOR,
GUEST_TEST_HYPERCALL,
+ GUEST_TEST_MSR,
GUEST_TEST_XSETBV,
};
@@ -96,6 +97,15 @@ static void guest_hypercall_test(void)
asm volatile(".byte 0x0f,0x01,0xc1");
}
+static void guest_msr_test(void)
+{
+ uint64_t msr;
+
+ msr = rdmsr(MSR_MISC_FEATURES_ENABLES);
+ msr |= 1; /* MSR_MISC_FEATURES_ENABLES_CPUID_FAULT */
+ wrmsr(MSR_MISC_FEATURES_ENABLES, msr);
+}
+
/* from fpu/internal.h */
static u64 xgetbv(u32 index)
{
@@ -153,6 +163,9 @@ static void guest_code(void)
case GUEST_TEST_HYPERCALL:
guest_hypercall_test();
break;
+ case GUEST_TEST_MSR:
+ guest_msr_test();
+ break;
case GUEST_TEST_XSETBV:
guest_xsetbv_test();
break;
@@ -1419,6 +1432,94 @@ static void test_event_descriptor(struct kvm_vm *vm)
disable_vcpu_event(vm, event_id);
}
+static int cmd_control_msr(struct kvm_vm *vm, __u32 msr, bool enable)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ struct kvmi_vcpu_control_msr cmd;
+ } req = {};
+
+ req.cmd.msr = msr;
+ req.cmd.enable = enable ? 1 : 0;
+
+ return do_vcpu0_command(vm, KVMI_VCPU_CONTROL_MSR,
+ &req.hdr, sizeof(req), NULL, 0);
+}
+
+static void enable_msr_events(struct kvm_vm *vm, __u32 msr)
+{
+ int r;
+
+ enable_vcpu_event(vm, KVMI_EVENT_MSR);
+
+ r = cmd_control_msr(vm, msr, true);
+ TEST_ASSERT(r == 0,
+ "KVMI_EVENT_MSR failed, error %d(%s)\n",
+ -r, kvm_strerror(-r));
+}
+
+static void disable_msr_events(struct kvm_vm *vm, __u32 msr)
+{
+ int r;
+
+ r = cmd_control_msr(vm, msr, false);
+ TEST_ASSERT(r == 0,
+ "KVMI_EVENT_MSR failed, error %d(%s)\n",
+ -r, kvm_strerror(-r));
+
+ disable_vcpu_event(vm, KVMI_EVENT_MSR);
+}
+
+static void test_cmd_vcpu_control_msr(struct kvm_vm *vm)
+{
+ struct vcpu_worker_data data = {
+ .vm = vm,
+ .vcpu_id = VCPU_ID,
+ .test_id = GUEST_TEST_MSR,
+ };
+ struct kvmi_msg_hdr hdr;
+ struct {
+ struct kvmi_event common;
+ struct kvmi_event_msr msr;
+ } ev;
+ struct {
+ struct vcpu_reply common;
+ struct kvmi_event_msr_reply msr;
+ } rpl = {};
+ __u16 event_id = KVMI_EVENT_MSR;
+ __u32 msr = MSR_MISC_FEATURES_ENABLES;
+ uint64_t msr_data;
+ pthread_t vcpu_thread;
+
+ enable_msr_events(vm, msr);
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ receive_event(&hdr, &ev.common, sizeof(ev), event_id);
+
+ DEBUG("MSR 0x%x, old 0x%llx, new 0x%llx\n",
+ ev.msr.msr, ev.msr.old_value, ev.msr.new_value);
+
+ TEST_ASSERT(ev.msr.msr == msr,
+ "Unexpected MSR event, received MSR 0x%x, expected MSR 0x%x",
+ ev.msr.msr, msr);
+
+ rpl.msr.new_val = ev.msr.old_value;
+
+ reply_to_event(&hdr, &ev.common, KVMI_EVENT_ACTION_CONTINUE,
+ &rpl.common, sizeof(rpl));
+
+ stop_vcpu_worker(vcpu_thread, &data);
+
+ disable_msr_events(vm, msr);
+
+ msr_data = vcpu_get_msr(vm, VCPU_ID, msr);
+ TEST_ASSERT(msr_data == ev.msr.old_value,
+ "Failed to block MSR 0x%x update, value 0x%x, expected 0x%x",
+ msr, msr_data, ev.msr.old_value);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1447,6 +1548,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_vcpu_get_xsave(vm);
test_cmd_vcpu_get_mtrr_type(vm);
test_event_descriptor(vm);
+ test_cmd_vcpu_control_msr(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 6d2c09a12c49..33544dd9dce5 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -26,6 +26,7 @@
| BIT(KVMI_EVENT_CR) \
| BIT(KVMI_EVENT_DESCRIPTOR) \
| BIT(KVMI_EVENT_HYPERCALL) \
+ | BIT(KVMI_EVENT_MSR) \
| BIT(KVMI_EVENT_TRAP) \
| BIT(KVMI_EVENT_PAUSE_VCPU) \
| BIT(KVMI_EVENT_XSETBV) \
@@ -46,6 +47,7 @@
| BIT(KVMI_VCPU_PAUSE) \
| BIT(KVMI_VCPU_CONTROL_CR) \
| BIT(KVMI_VCPU_CONTROL_EVENTS) \
+ | BIT(KVMI_VCPU_CONTROL_MSR) \
| BIT(KVMI_VCPU_GET_CPUID) \
| BIT(KVMI_VCPU_GET_MTRR_TYPE) \
| BIT(KVMI_VCPU_GET_REGISTERS) \
@@ -143,5 +145,7 @@ int kvmi_arch_cmd_vcpu_get_xsave(struct kvm_vcpu *vcpu,
struct kvmi_vcpu_get_xsave_reply **dest,
size_t *dest_size);
int kvmi_arch_cmd_vcpu_get_mtrr_type(struct kvm_vcpu *vcpu, u64 gpa, u8 *type);
+int kvmi_arch_cmd_vcpu_control_msr(struct kvm_vcpu *vcpu,
+ const struct kvmi_vcpu_control_msr *req);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index fed483bec936..a5250d9b9b3d 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -28,6 +28,7 @@ static const char *const msg_IDs[] = {
[KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
[KVMI_VCPU_CONTROL_CR] = "KVMI_VCPU_CONTROL_CR",
[KVMI_VCPU_CONTROL_EVENTS] = "KVMI_VCPU_CONTROL_EVENTS",
+ [KVMI_VCPU_CONTROL_MSR] = "KVMI_VCPU_CONTROL_MSR",
[KVMI_VCPU_GET_CPUID] = "KVMI_VCPU_GET_CPUID",
[KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
[KVMI_VCPU_GET_MTRR_TYPE] = "KVMI_VCPU_GET_MTRR_TYPE",
@@ -558,6 +559,17 @@ static int handle_vcpu_get_mtrr_type(const struct
kvmi_vcpu_cmd_job *job,
return kvmi_msg_vcpu_reply(job, msg, ec, &rpl, sizeof(rpl));
}
+static int handle_vcpu_control_msr(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg,
+ const void *req)
+{
+ int ec;
+
+ ec = kvmi_arch_cmd_vcpu_control_msr(job->vcpu, req);
+
+ return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -569,6 +581,7 @@ static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job
*,
[KVMI_EVENT_REPLY] = handle_event_reply,
[KVMI_VCPU_CONTROL_CR] = handle_vcpu_control_cr,
[KVMI_VCPU_CONTROL_EVENTS] = handle_vcpu_control_events,
+ [KVMI_VCPU_CONTROL_MSR] = handle_vcpu_control_msr,
[KVMI_VCPU_GET_CPUID] = handle_get_cpuid,
[KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
[KVMI_VCPU_GET_MTRR_TYPE] = handle_vcpu_get_mtrr_type,
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 70/78] KVM: introspection: restore the state of MSR interception on unhook
From: Nicu?or C??u <ncitu at bitdefender.com>
This commit also ensures that the introspection tool and the userspace
do not disable each other the MSR access VM-exit.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvmi_host.h | 12 ++++
arch/x86/kvm/kvmi.c | 119 +++++++++++++++++++++++++++----
arch/x86/kvm/svm.c | 11 +++
arch/x86/kvm/vmx/vmx.c | 11 +++
4 files changed, 139 insertions(+), 14 deletions(-)
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
index f9aaff45d082..875778d80176 100644
--- a/arch/x86/include/asm/kvmi_host.h
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -23,6 +23,12 @@ struct kvmi_interception {
DECLARE_BITMAP(low, KVMI_NUM_MSR);
DECLARE_BITMAP(high, KVMI_NUM_MSR);
} kvmi_mask;
+ struct {
+ DECLARE_BITMAP(low, KVMI_NUM_MSR);
+ DECLARE_BITMAP(high, KVMI_NUM_MSR);
+ } kvm_mask;
+ bool (*monitor_fct)(struct kvm_vcpu *vcpu, u32 msr,
+ bool enable);
} msrw;
};
@@ -44,6 +50,8 @@ void kvmi_xsetbv_event(struct kvm_vcpu *vcpu);
bool kvmi_monitor_desc_intercept(struct kvm_vcpu *vcpu, bool enable);
bool kvmi_descriptor_event(struct kvm_vcpu *vcpu, u8 descriptor, u8 write);
bool kvmi_msr_event(struct kvm_vcpu *vcpu, struct msr_data *msr);
+bool kvmi_monitor_msrw_intercept(struct kvm_vcpu *vcpu, u32 msr, bool enable);
+bool kvmi_msrw_intercept_originator(struct kvm_vcpu *vcpu);
#else /* CONFIG_KVM_INTROSPECTION */
@@ -62,6 +70,10 @@ static inline bool kvmi_descriptor_event(struct kvm_vcpu
*vcpu, u8 descriptor,
u8 write) { return true; }
static inline bool kvmi_msr_event(struct kvm_vcpu *vcpu, struct msr_data *msr)
{ return true; }
+static inline bool kvmi_monitor_msrw_intercept(struct kvm_vcpu *vcpu, u32 msr,
+ bool enable) { return false; }
+static inline bool kvmi_msrw_intercept_originator(struct kvm_vcpu *vcpu)
+ { return false; }
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index 7705ac155c84..bed6e02697ca 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -369,22 +369,25 @@ static void kvmi_arch_disable_desc_intercept(struct
kvm_vcpu *vcpu)
vcpu->arch.kvmi->descriptor.kvm_intercepted = false;
}
-static unsigned long *msr_mask(struct kvm_vcpu *vcpu, unsigned int *msr)
+static unsigned long *msr_mask(struct kvm_vcpu *vcpu, unsigned int *msr,
+ bool kvmi)
{
switch (*msr) {
case 0 ... 0x1fff:
- return vcpu->arch.kvmi->msrw.kvmi_mask.low;
+ return kvmi ? vcpu->arch.kvmi->msrw.kvmi_mask.low :
+ vcpu->arch.kvmi->msrw.kvm_mask.low;
case 0xc0000000 ... 0xc0001fff:
*msr &= 0x1fff;
- return vcpu->arch.kvmi->msrw.kvmi_mask.high;
+ return kvmi ? vcpu->arch.kvmi->msrw.kvmi_mask.high :
+ vcpu->arch.kvmi->msrw.kvm_mask.high;
}
return NULL;
}
-static bool test_msr_mask(struct kvm_vcpu *vcpu, unsigned int msr)
+static bool test_msr_mask(struct kvm_vcpu *vcpu, unsigned int msr, bool kvmi)
{
- unsigned long *mask = msr_mask(vcpu, &msr);
+ unsigned long *mask = msr_mask(vcpu, &msr, kvmi);
if (!mask)
return false;
@@ -392,9 +395,27 @@ static bool test_msr_mask(struct kvm_vcpu *vcpu, unsigned
int msr)
return !!test_bit(msr, mask);
}
-static bool msr_control(struct kvm_vcpu *vcpu, unsigned int msr, bool enable)
+/*
+ * Returns true if one side (kvm or kvmi) tries to disable the MSR write
+ * interception while the other side is still tracking it.
+ */
+bool kvmi_monitor_msrw_intercept(struct kvm_vcpu *vcpu, u32 msr, bool enable)
+{
+ struct kvmi_interception *arch_vcpui;
+
+ if (!vcpu)
+ return false;
+
+ arch_vcpui = READ_ONCE(vcpu->arch.kvmi);
+
+ return (arch_vcpui && arch_vcpui->msrw.monitor_fct(vcpu, msr,
enable));
+}
+EXPORT_SYMBOL(kvmi_monitor_msrw_intercept);
+
+static bool msr_control(struct kvm_vcpu *vcpu, unsigned int msr, bool enable,
+ bool kvmi)
{
- unsigned long *mask = msr_mask(vcpu, &msr);
+ unsigned long *mask = msr_mask(vcpu, &msr, kvmi);
if (!mask)
return false;
@@ -407,6 +428,63 @@ static bool msr_control(struct kvm_vcpu *vcpu, unsigned int
msr, bool enable)
return true;
}
+static bool msr_intercepted_by_kvmi(struct kvm_vcpu *vcpu, u32 msr)
+{
+ return test_msr_mask(vcpu, msr, true);
+}
+
+static bool msr_intercepted_by_kvm(struct kvm_vcpu *vcpu, u32 msr)
+{
+ return test_msr_mask(vcpu, msr, false);
+}
+
+static void record_msr_intercept_status_for_kvmi(struct kvm_vcpu *vcpu, u32
msr,
+ bool enable)
+{
+ msr_control(vcpu, msr, enable, true);
+}
+
+static void record_msr_intercept_status_for_kvm(struct kvm_vcpu *vcpu, u32 msr,
+ bool enable)
+{
+ msr_control(vcpu, msr, enable, false);
+}
+
+static bool monitor_msrw_fct_kvmi(struct kvm_vcpu *vcpu, u32 msr, bool enable)
+{
+ bool ret = false;
+
+ if (enable) {
+ if (kvm_x86_ops->msr_write_intercepted(vcpu, msr))
+ record_msr_intercept_status_for_kvm(vcpu, msr, true);
+ } else {
+ if (unlikely(!msr_intercepted_by_kvmi(vcpu, msr)))
+ ret = true;
+
+ if (msr_intercepted_by_kvm(vcpu, msr))
+ ret = true;
+ }
+
+ record_msr_intercept_status_for_kvmi(vcpu, msr, enable);
+
+ return ret;
+}
+
+static bool monitor_msrw_fct_kvm(struct kvm_vcpu *vcpu, u32 msr, bool enable)
+{
+ bool ret = false;
+
+ if (!(msr_intercepted_by_kvmi(vcpu, msr)))
+ return false;
+
+ if (!enable)
+ ret = true;
+
+ record_msr_intercept_status_for_kvm(vcpu, msr, enable);
+
+ return ret;
+}
+
static unsigned int msr_mask_to_base(struct kvm_vcpu *vcpu, unsigned long
*mask)
{
if (mask == vcpu->arch.kvmi->msrw.kvmi_mask.high)
@@ -415,6 +493,14 @@ static unsigned int msr_mask_to_base(struct kvm_vcpu *vcpu,
unsigned long *mask)
return 0;
}
+static void kvmi_control_msrw_intercept(struct kvm_vcpu *vcpu, u32 msr,
+ bool enable)
+{
+ vcpu->arch.kvmi->msrw.monitor_fct = monitor_msrw_fct_kvmi;
+ kvm_x86_ops->control_msr_intercept(vcpu, msr, MSR_TYPE_W, enable);
+ vcpu->arch.kvmi->msrw.monitor_fct = monitor_msrw_fct_kvm;
+}
+
static void kvmi_arch_disable_msr_intercept(struct kvm_vcpu *vcpu,
unsigned long *mask)
{
@@ -427,9 +513,7 @@ static void kvmi_arch_disable_msr_intercept(struct kvm_vcpu
*vcpu,
if (offset >= KVMI_NUM_MSR)
break;
- kvm_x86_ops->control_msr_intercept(vcpu, msr_base + offset,
- MSR_TYPE_W, false);
- msr_control(vcpu, msr_base + offset, false);
+ kvmi_control_msrw_intercept(vcpu, msr_base + offset, false);
}
bitmap_zero(mask, KVMI_NUM_MSR);
@@ -501,12 +585,14 @@ bool kvmi_arch_vcpu_alloc(struct kvm_vcpu *vcpu)
arch_vcpui->breakpoint.monitor_fct = monitor_bp_fct_kvm;
arch_vcpui->cr3w.monitor_fct = monitor_cr3w_fct_kvm;
arch_vcpui->descriptor.monitor_fct = monitor_desc_fct_kvm;
+ arch_vcpui->msrw.monitor_fct = monitor_msrw_fct_kvm;
/*
* paired with:
* - kvmi_monitor_bp_intercept()
* - kvmi_monitor_cr3w_intercept()
* - kvmi_monitor_desc_intercept()
+ * - kvmi_monitor_msrw_intercept()
*/
smp_wmb();
WRITE_ONCE(vcpu->arch.kvmi, arch_vcpui);
@@ -823,6 +909,13 @@ static bool kvmi_msr_valid(unsigned int msr)
return false;
}
+bool kvmi_msrw_intercept_originator(struct kvm_vcpu *vcpu)
+{
+ struct kvmi_interception *arch = vcpu->arch.kvmi;
+
+ return (arch && arch->msrw.monitor_fct == monitor_msrw_fct_kvmi);
+}
+EXPORT_SYMBOL(kvmi_msrw_intercept_originator);
int kvmi_arch_cmd_vcpu_control_msr(struct kvm_vcpu *vcpu,
const struct kvmi_vcpu_control_msr *req)
@@ -833,9 +926,7 @@ int kvmi_arch_cmd_vcpu_control_msr(struct kvm_vcpu *vcpu,
if (!kvmi_msr_valid(req->msr))
return -KVM_EINVAL;
- kvm_x86_ops->control_msr_intercept(vcpu, req->msr, MSR_TYPE_W,
- req->enable);
- msr_control(vcpu, req->msr, req->enable);
+ kvmi_control_msrw_intercept(vcpu, req->msr, req->enable);
return 0;
}
@@ -872,7 +963,7 @@ static bool __kvmi_msr_event(struct kvm_vcpu *vcpu, struct
msr_data *msr)
u64 ret_value;
u32 action;
- if (!test_msr_mask(vcpu, msr->index))
+ if (!test_msr_mask(vcpu, msr->index, true))
return true;
if (kvm_x86_ops->get_msr(vcpu, &old_msr))
return true;
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 7cd48ef25f59..309a7e5e8b62 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -1085,6 +1085,17 @@ static void set_msr_interception(struct kvm_vcpu *vcpu,
unsigned long tmp;
u32 offset;
+#ifdef CONFIG_KVM_INTROSPECTION
+ if ((type & MSR_TYPE_W) &&
+ kvmi_monitor_msrw_intercept(vcpu, msr, !value))
+ type &= ~MSR_TYPE_W;
+
+ /*
+ * Avoid the below warning for kvmi intercepted msrs.
+ */
+ if (!kvmi_msrw_intercept_originator(vcpu))
+#endif /* CONFIG_KVM_INTROSPECTION */
+
/*
* If this warning triggers extend the direct_access_msrs list at the
* beginning of the file
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index e423dbbf3cf5..2aaa74caefff 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -3630,6 +3630,12 @@ static __always_inline void
vmx_disable_intercept_for_msr(struct kvm_vcpu *vcpu,
if (!cpu_has_vmx_msr_bitmap())
return;
+#ifdef CONFIG_KVM_INTROSPECTION
+ if ((type & MSR_TYPE_W) &&
+ kvmi_monitor_msrw_intercept(vcpu, msr, false))
+ type &= ~MSR_TYPE_W;
+#endif /* CONFIG_KVM_INTROSPECTION */
+
if (static_branch_unlikely(&enable_evmcs))
evmcs_touch_msr_bitmap();
@@ -3669,6 +3675,11 @@ static __always_inline void
vmx_enable_intercept_for_msr(struct kvm_vcpu *vcpu,
if (!cpu_has_vmx_msr_bitmap())
return;
+#ifdef CONFIG_KVM_INTROSPECTION
+ if (type & MSR_TYPE_W)
+ kvmi_monitor_msrw_intercept(vcpu, msr, true);
+#endif /* CONFIG_KVM_INTROSPECTION */
+
if (static_branch_unlikely(&enable_evmcs))
evmcs_touch_msr_bitmap();
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 71/78] KVM: introspection: add KVMI_VM_SET_PAGE_ACCESS
From: Mihai Don?u <mdontu at bitdefender.com>
This command sets the spte access bits (rwx) for an array of guest
physical addresses (through the page track subsystem).
These pages, with the requested access bits, are also kept in a radix
tree in order to filter out the #PF events which are of no interest to
the introspection tool.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 58 ++++++++
arch/x86/include/asm/kvm_host.h | 2 +
arch/x86/include/asm/kvmi_host.h | 8 ++
arch/x86/kvm/kvmi.c | 78 ++++++++++
include/linux/kvmi_host.h | 3 +
include/uapi/linux/kvmi.h | 23 +++
.../testing/selftests/kvm/x86_64/kvmi_test.c | 73 ++++++++++
virt/kvm/introspection/kvmi.c | 133 +++++++++++++++++-
virt/kvm/introspection/kvmi_int.h | 15 ++
virt/kvm/introspection/kvmi_msg.c | 31 ++--
10 files changed, 414 insertions(+), 10 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 4930a84200fc..14790171a170 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -860,6 +860,64 @@ to control events for any other register will fail with
-KVM_EINVAL::
* -KVM_EINVAL - padding is not zero
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+20. KVMI_VM_SET_PAGE_ACCESS
+---------------------------
+
+:Architectures: all
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vm_set_page_access {
+ __u16 count;
+ __u16 padding1;
+ __u32 padding2;
+ struct kvmi_page_access_entry entries[0];
+ };
+
+where::
+
+ struct kvmi_page_access_entry {
+ __u64 gpa;
+ __u8 access;
+ __u8 padding1;
+ __u16 padding2;
+ __u32 padding3;
+ };
+
+
+:Returns:
+
+::
+
+ struct kvmi_error_code
+
+Sets the spte access bits (rwx) for an array of ``count`` guest physical
+addresses.
+
+The valid access bits are::
+
+ KVMI_PAGE_ACCESS_R
+ KVMI_PAGE_ACCESS_W
+ KVMI_PAGE_ACCESS_X
+
+
+The command will fail with -KVM_EINVAL if any of the specified combination
+of access bits is not supported.
+
+The command will try to apply all changes and return the first error if
+some failed. The introspection tool should handle the rollback.
+
+In order to 'forget' an address, all the access bits ('rwx')
must be set.
+
+:Errors:
+
+* -KVM_EINVAL - the specified access bits combination is invalid
+* -KVM_EINVAL - padding is not zero
+* -KVM_EINVAL - the message size is invalid
+* -KVM_ENOMEM - not enough memory to add the page tracking structures
+
Events
=====
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index fbd9ecc41177..685157cc36ad 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -45,6 +45,8 @@
#define KVM_PRIVATE_MEM_SLOTS 3
#define KVM_MEM_SLOTS_NUM (KVM_USER_MEM_SLOTS + KVM_PRIVATE_MEM_SLOTS)
+#include <asm/kvmi_host.h>
+
#define KVM_HALT_POLL_NS_DEFAULT 200000
#define KVM_IRQCHIP_NUM_PINS KVM_IOAPIC_NUM_PINS
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
index 875778d80176..5f2614ac3b4c 100644
--- a/arch/x86/include/asm/kvmi_host.h
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -2,6 +2,8 @@
#ifndef _ASM_X86_KVMI_HOST_H
#define _ASM_X86_KVMI_HOST_H
+#include <asm/kvm_page_track.h>
+
struct msr_data;
#define KVMI_NUM_CR 5
@@ -39,6 +41,12 @@ struct kvm_vcpu_arch_introspection {
struct kvm_arch_introspection {
};
+#define SLOTS_SIZE BITS_TO_LONGS(KVM_MEM_SLOTS_NUM)
+
+struct kvmi_arch_mem_access {
+ unsigned long active[KVM_PAGE_TRACK_MAX][SLOTS_SIZE];
+};
+
#ifdef CONFIG_KVM_INTROSPECTION
bool kvmi_monitor_bp_intercept(struct kvm_vcpu *vcpu, u32 dbg);
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index bed6e02697ca..ae6fef5a9b95 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -1000,3 +1000,81 @@ bool kvmi_msr_event(struct kvm_vcpu *vcpu, struct
msr_data *msr)
return ret;
}
+
+static const struct {
+ unsigned int allow_bit;
+ enum kvm_page_track_mode track_mode;
+} track_modes[] = {
+ { KVMI_PAGE_ACCESS_R, KVM_PAGE_TRACK_PREREAD },
+ { KVMI_PAGE_ACCESS_W, KVM_PAGE_TRACK_PREWRITE },
+ { KVMI_PAGE_ACCESS_X, KVM_PAGE_TRACK_PREEXEC },
+};
+
+void kvmi_arch_update_page_tracking(struct kvm *kvm,
+ struct kvm_memory_slot *slot,
+ struct kvmi_mem_access *m)
+{
+ struct kvmi_arch_mem_access *arch = &m->arch;
+ int i;
+
+ if (!slot) {
+ slot = gfn_to_memslot(kvm, m->gfn);
+ if (!slot)
+ return;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(track_modes); i++) {
+ unsigned int allow_bit = track_modes[i].allow_bit;
+ enum kvm_page_track_mode mode = track_modes[i].track_mode;
+ bool slot_tracked = test_bit(slot->id, arch->active[mode]);
+
+ if (m->access & allow_bit) {
+ if (slot_tracked) {
+ kvm_slot_page_track_remove_page(kvm, slot,
+ m->gfn, mode);
+ clear_bit(slot->id, arch->active[mode]);
+ }
+ } else if (!slot_tracked) {
+ kvm_slot_page_track_add_page(kvm, slot, m->gfn, mode);
+ set_bit(slot->id, arch->active[mode]);
+ }
+ }
+}
+
+int kvmi_arch_cmd_set_page_access(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg,
+ const struct kvmi_vm_set_page_access *req)
+{
+ const struct kvmi_page_access_entry *entry = req->entries;
+ const struct kvmi_page_access_entry *end = req->entries + req->count;
+ u8 unknown_bits = ~(KVMI_PAGE_ACCESS_R | KVMI_PAGE_ACCESS_W
+ | KVMI_PAGE_ACCESS_X);
+ int ec = 0;
+
+ if (req->padding1 || req->padding2)
+ return -KVM_EINVAL;
+
+ if (msg->size < struct_size(req, entries, req->count))
+ return -KVM_EINVAL;
+
+ for (; entry < end; entry++) {
+ int r;
+
+ if ((entry->access & unknown_bits) || entry->padding1
+ || entry->padding2 || entry->padding3)
+ r = -KVM_EINVAL;
+ else
+ r = kvmi_cmd_set_page_access(kvmi, entry->gpa,
+ entry->access);
+ if (r) {
+ kvmi_warn(kvmi, "%s: %llx %x padding %x,%x,%x",
+ __func__, entry->gpa, entry->access,
+ entry->padding1, entry->padding2,
+ entry->padding3);
+ if (!ec)
+ ec = r;
+ }
+ }
+
+ return ec;
+}
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index b738f15cd826..a9f572df1809 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -67,6 +67,9 @@ struct kvm_introspection {
DECLARE_BITMAP(vm_event_enable_mask, KVMI_NUM_EVENTS);
atomic_t ev_seq;
+
+ struct radix_tree_root access_tree;
+ rwlock_t access_tree_lock;
};
#ifdef CONFIG_KVM_INTROSPECTION
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 2d37d407f65d..4b8462b80553 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -41,6 +41,8 @@ enum {
KVMI_VCPU_GET_MTRR_TYPE = 19,
KVMI_VCPU_CONTROL_MSR = 20,
+ KVMI_VM_SET_PAGE_ACCESS = 21,
+
KVMI_NUM_MESSAGES
};
@@ -64,6 +66,12 @@ enum {
KVMI_EVENT_ACTION_CRASH = 2,
};
+enum {
+ KVMI_PAGE_ACCESS_R = 1 << 0,
+ KVMI_PAGE_ACCESS_W = 1 << 1,
+ KVMI_PAGE_ACCESS_X = 1 << 2,
+};
+
struct kvmi_msg_hdr {
__u16 id;
__u16 size;
@@ -143,6 +151,21 @@ struct kvmi_vm_get_max_gfn_reply {
__u64 gfn;
};
+struct kvmi_page_access_entry {
+ __u64 gpa;
+ __u8 access;
+ __u8 padding1;
+ __u16 padding2;
+ __u32 padding3;
+};
+
+struct kvmi_vm_set_page_access {
+ __u16 count;
+ __u16 padding1;
+ __u32 padding2;
+ struct kvmi_page_access_entry entries[0];
+};
+
struct kvmi_event {
__u16 size;
__u16 vcpu;
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 7bf2b64b62a3..a0bd573ab264 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -1520,6 +1520,78 @@ static void test_cmd_vcpu_control_msr(struct kvm_vm *vm)
msr, msr_data, ev.msr.old_value);
}
+static int __cmd_set_page_access(struct kvm_vm *vm, __u16 count, __u64 *gpa,
+ __u8 *access)
+{
+ struct kvmi_page_access_entry *entry, *end;
+ struct kvmi_vm_set_page_access *cmd;
+ struct kvmi_msg_hdr *req;
+ size_t req_size;
+ int r;
+
+ req_size = sizeof(*req) + sizeof(*cmd) + count * sizeof(*entry);
+
+ TEST_ASSERT(req_size < KVMI_MSG_SIZE + sizeof(req),
+ "Message too big\n");
+
+ req = calloc(1, req_size);
+
+ TEST_ASSERT(req, "Insufficient Memory\n");
+
+ cmd = (struct kvmi_vm_set_page_access *)(req + 1);
+ cmd->count = count;
+
+ entry = cmd->entries;
+ end = cmd->entries + count;
+ for (; entry < end; entry++) {
+ entry->gpa = *gpa++;
+ entry->access = *access++;
+ }
+
+ r = do_command(KVMI_VM_SET_PAGE_ACCESS, req, req_size, NULL, 0);
+
+ free(req);
+ return r;
+}
+
+static int cmd_set_page_access(struct kvm_vm *vm, __u16 count, __u64 *gpa,
+ __u8 *access)
+{
+ struct vcpu_worker_data data = {.vm = vm, .vcpu_id = VCPU_ID};
+ pthread_t vcpu_thread;
+ int r;
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ r = __cmd_set_page_access(vm, count, gpa, access);
+
+ stop_vcpu_worker(vcpu_thread, &data);
+
+ return r;
+}
+
+static void set_page_access(struct kvm_vm *vm, __u64 gpa, __u8 access)
+{
+ int r;
+
+ r = cmd_set_page_access(vm, 1, &gpa, &access);
+ TEST_ASSERT(r == 0,
+ "KVMI_VM_SET_PAGE_ACCESS failed, gpa 0x%llx, access 0x%x, error %d
(%s)\n",
+ gpa, access, -r, kvm_strerror(-r));
+}
+
+static void test_cmd_vm_set_page_access(struct kvm_vm *vm)
+{
+ __u8 full_access = KVMI_PAGE_ACCESS_R | KVMI_PAGE_ACCESS_W
+ | KVMI_PAGE_ACCESS_X;
+ __u8 no_access = 0;
+ __u64 gpa = 0;
+
+ set_page_access(vm, gpa, no_access);
+
+ set_page_access(vm, gpa, full_access);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1549,6 +1621,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_vcpu_get_mtrr_type(vm);
test_event_descriptor(vm);
test_cmd_vcpu_control_msr(vm);
+ test_cmd_vm_set_page_access(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 92d1719f4941..6e88735978ae 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -15,6 +15,11 @@ enum {
static struct kmem_cache *msg_cache;
static struct kmem_cache *job_cache;
+static struct kmem_cache *radix_cache;
+
+static const u8 full_access = KVMI_PAGE_ACCESS_R |
+ KVMI_PAGE_ACCESS_W |
+ KVMI_PAGE_ACCESS_X;
void *kvmi_msg_alloc(void)
{
@@ -40,6 +45,8 @@ static void kvmi_cache_destroy(void)
msg_cache = NULL;
kmem_cache_destroy(job_cache);
job_cache = NULL;
+ kmem_cache_destroy(radix_cache);
+ radix_cache = NULL;
}
static int kvmi_cache_create(void)
@@ -49,8 +56,11 @@ static int kvmi_cache_create(void)
job_cache = kmem_cache_create("kvmi_job",
sizeof(struct kvmi_job),
0, SLAB_ACCOUNT, NULL);
+ radix_cache = kmem_cache_create("kvmi_radix_tree",
+ sizeof(struct kvmi_mem_access),
+ 0, SLAB_ACCOUNT, NULL);
- if (!msg_cache || !job_cache) {
+ if (!msg_cache || !job_cache || !radix_cache) {
kvmi_cache_destroy();
return -1;
@@ -170,11 +180,37 @@ static void free_vcpui(struct kvm_vcpu *vcpu)
kvmi_make_request(vcpu, false);
}
+static void kvmi_clear_mem_access(struct kvm *kvm)
+{
+ struct kvm_introspection *kvmi = KVMI(kvm);
+ struct radix_tree_iter iter;
+ void **slot;
+ int idx;
+
+ idx = srcu_read_lock(&kvm->srcu);
+ spin_lock(&kvm->mmu_lock);
+
+ radix_tree_for_each_slot(slot, &kvmi->access_tree, &iter, 0) {
+ struct kvmi_mem_access *m = *slot;
+
+ m->access = full_access;
+ kvmi_arch_update_page_tracking(kvm, NULL, m);
+
+ radix_tree_iter_delete(&kvmi->access_tree, &iter, slot);
+ kmem_cache_free(radix_cache, m);
+ }
+
+ spin_unlock(&kvm->mmu_lock);
+ srcu_read_unlock(&kvm->srcu, idx);
+}
+
static void free_kvmi(struct kvm *kvm)
{
struct kvm_vcpu *vcpu;
int i;
+ kvmi_clear_mem_access(kvm);
+
kvm_for_each_vcpu(i, vcpu, kvm)
free_vcpui(vcpu);
@@ -208,6 +244,10 @@ alloc_kvmi(struct kvm *kvm, const struct
kvm_introspection_hook *hook)
atomic_set(&kvmi->ev_seq, 0);
+ INIT_RADIX_TREE(&kvmi->access_tree,
+ GFP_KERNEL & ~__GFP_DIRECT_RECLAIM);
+ rwlock_init(&kvmi->access_tree_lock);
+
kvm_for_each_vcpu(i, vcpu, kvm) {
int err = create_vcpui(vcpu);
@@ -944,3 +984,94 @@ bool kvmi_enter_guest(struct kvm_vcpu *vcpu)
kvmi_put(vcpu->kvm);
return r;
}
+
+static struct kvmi_mem_access *
+__kvmi_get_gfn_access(struct kvm_introspection *kvmi, const gfn_t gfn)
+{
+ return radix_tree_lookup(&kvmi->access_tree, gfn);
+}
+
+static void kvmi_update_mem_access(struct kvm *kvm, struct kvmi_mem_access
*old,
+ struct kvmi_mem_access *m)
+{
+ struct kvm_introspection *kvmi = KVMI(kvm);
+ u32 new_access = old->access = m->access;
+
+ kvmi_arch_update_page_tracking(kvm, NULL, old);
+
+ if (new_access == full_access) {
+ radix_tree_delete(&kvmi->access_tree, old->gfn);
+ kmem_cache_free(radix_cache, old);
+ }
+}
+
+static bool kvmi_insert_mem_access(struct kvm *kvm, struct kvmi_mem_access *m)
+{
+ struct kvm_introspection *kvmi = KVMI(kvm);
+
+ if (!kvm_is_visible_gfn(kvm, m->gfn))
+ return false;
+
+ if (m->access == full_access)
+ return false;
+
+ kvmi_arch_update_page_tracking(kvm, NULL, m);
+ radix_tree_insert(&kvmi->access_tree, m->gfn, m);
+
+ return true;
+}
+
+static void kvmi_set_mem_access(struct kvm *kvm, struct kvmi_mem_access *m,
+ bool *done)
+{
+ struct kvm_introspection *kvmi = KVMI(kvm);
+ struct kvmi_mem_access *found;
+ int idx;
+
+ idx = srcu_read_lock(&kvm->srcu);
+ spin_lock(&kvm->mmu_lock);
+ write_lock(&kvmi->access_tree_lock);
+
+ found = __kvmi_get_gfn_access(kvmi, m->gfn);
+ if (found)
+ kvmi_update_mem_access(kvm, found, m);
+ else if (kvmi_insert_mem_access(kvm, m))
+ *done = true;
+
+ write_unlock(&kvmi->access_tree_lock);
+ spin_unlock(&kvm->mmu_lock);
+ srcu_read_unlock(&kvm->srcu, idx);
+}
+
+static int kvmi_set_gfn_access(struct kvm *kvm, gfn_t gfn, u8 access)
+{
+ struct kvmi_mem_access *m;
+ bool done = false;
+ int err = 0;
+
+ m = kmem_cache_zalloc(radix_cache, GFP_KERNEL);
+ if (!m)
+ return -KVM_ENOMEM;
+
+ m->gfn = gfn;
+ m->access = access;
+
+ if (radix_tree_preload(GFP_KERNEL))
+ err = -KVM_ENOMEM;
+ else
+ kvmi_set_mem_access(kvm, m, &done);
+
+ radix_tree_preload_end();
+
+ if (!done)
+ kmem_cache_free(radix_cache, m);
+
+ return err;
+}
+
+int kvmi_cmd_set_page_access(struct kvm_introspection *kvmi, u64 gpa, u8
access)
+{
+ gfn_t gfn = gpa_to_gfn(gpa);
+
+ return kvmi_set_gfn_access(kvmi->kvm, gfn, access);
+}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 33544dd9dce5..a81e400eab17 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -42,6 +42,7 @@
| BIT(KVMI_VM_GET_INFO) \
| BIT(KVMI_VM_GET_MAX_GFN) \
| BIT(KVMI_VM_READ_PHYSICAL) \
+ | BIT(KVMI_VM_SET_PAGE_ACCESS) \
| BIT(KVMI_VM_WRITE_PHYSICAL) \
| BIT(KVMI_VCPU_GET_INFO) \
| BIT(KVMI_VCPU_PAUSE) \
@@ -59,6 +60,12 @@
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
#define VCPUI(vcpu) ((struct kvm_vcpu_introspection *)((vcpu)->kvmi))
+struct kvmi_mem_access {
+ gfn_t gfn;
+ u8 access;
+ struct kvmi_arch_mem_access arch;
+};
+
static inline bool is_vm_event_enabled(struct kvm_introspection *kvmi,
int event)
{
@@ -112,6 +119,8 @@ int kvmi_cmd_write_physical(struct kvm *kvm, u64 gpa, u64
size,
int kvmi_cmd_vcpu_pause(struct kvm_vcpu *vcpu, bool wait);
int kvmi_cmd_vcpu_set_registers(struct kvm_vcpu *vcpu,
const struct kvm_regs *regs);
+int kvmi_cmd_set_page_access(struct kvm_introspection *kvmi, u64 gpa,
+ u8 access);
/* arch */
bool kvmi_arch_vcpu_alloc(struct kvm_vcpu *vcpu);
@@ -147,5 +156,11 @@ int kvmi_arch_cmd_vcpu_get_xsave(struct kvm_vcpu *vcpu,
int kvmi_arch_cmd_vcpu_get_mtrr_type(struct kvm_vcpu *vcpu, u64 gpa, u8 *type);
int kvmi_arch_cmd_vcpu_control_msr(struct kvm_vcpu *vcpu,
const struct kvmi_vcpu_control_msr *req);
+void kvmi_arch_update_page_tracking(struct kvm *kvm,
+ struct kvm_memory_slot *slot,
+ struct kvmi_mem_access *m);
+int kvmi_arch_cmd_set_page_access(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg,
+ const struct kvmi_vm_set_page_access *req);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index a5250d9b9b3d..fd7c9993296f 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -25,6 +25,7 @@ static const char *const msg_IDs[] = {
[KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
[KVMI_VM_GET_MAX_GFN] = "KVMI_VM_GET_MAX_GFN",
[KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
+ [KVMI_VM_SET_PAGE_ACCESS] = "KVMI_VM_SET_PAGE_ACCESS",
[KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
[KVMI_VCPU_CONTROL_CR] = "KVMI_VCPU_CONTROL_CR",
[KVMI_VCPU_CONTROL_EVENTS] = "KVMI_VCPU_CONTROL_EVENTS",
@@ -352,20 +353,32 @@ static int handle_vm_get_max_gfn(struct kvm_introspection
*kvmi,
return kvmi_msg_vm_reply(kvmi, msg, 0, &rpl, sizeof(rpl));
}
+static int handle_set_page_access(struct kvm_introspection *kvmi,
+ const struct kvmi_msg_hdr *msg,
+ const void *req)
+{
+ int ec;
+
+ ec = kvmi_arch_cmd_set_page_access(kvmi, msg, req);
+
+ return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0);
+}
+
/*
* These commands are executed by the receiving thread/worker.
*/
static int(*const msg_vm[])(struct kvm_introspection *,
const struct kvmi_msg_hdr *, const void *) = {
- [KVMI_GET_VERSION] = handle_get_version,
- [KVMI_VM_CHECK_COMMAND] = handle_check_command,
- [KVMI_VM_CHECK_EVENT] = handle_check_event,
- [KVMI_VM_CONTROL_EVENTS] = handle_vm_control_events,
- [KVMI_VM_GET_INFO] = handle_get_info,
- [KVMI_VM_GET_MAX_GFN] = handle_vm_get_max_gfn,
- [KVMI_VM_READ_PHYSICAL] = handle_read_physical,
- [KVMI_VM_WRITE_PHYSICAL] = handle_write_physical,
- [KVMI_VCPU_PAUSE] = handle_pause_vcpu,
+ [KVMI_GET_VERSION] = handle_get_version,
+ [KVMI_VM_CHECK_COMMAND] = handle_check_command,
+ [KVMI_VM_CHECK_EVENT] = handle_check_event,
+ [KVMI_VM_CONTROL_EVENTS] = handle_vm_control_events,
+ [KVMI_VM_GET_INFO] = handle_get_info,
+ [KVMI_VM_GET_MAX_GFN] = handle_vm_get_max_gfn,
+ [KVMI_VM_READ_PHYSICAL] = handle_read_physical,
+ [KVMI_VM_SET_PAGE_ACCESS] = handle_set_page_access,
+ [KVMI_VM_WRITE_PHYSICAL] = handle_write_physical,
+ [KVMI_VCPU_PAUSE] = handle_pause_vcpu,
};
static int handle_get_vcpu_info(const struct kvmi_vcpu_cmd_job *job,
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 72/78] KVM: introspection: add KVMI_EVENT_PF
From: Mihai Don?u <mdontu at bitdefender.com>
This event is sent when a #PF occurs due to a failed permission check
in the shadow page tables, for a page in which the introspection tool
has shown interest.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 50 ++++
arch/x86/include/asm/kvmi_host.h | 1 +
arch/x86/kvm/kvmi.c | 28 +++
include/uapi/linux/kvmi.h | 10 +
.../testing/selftests/kvm/x86_64/kvmi_test.c | 85 +++++++
virt/kvm/introspection/kvmi.c | 221 ++++++++++++++++++
virt/kvm/introspection/kvmi_int.h | 5 +
virt/kvm/introspection/kvmi_msg.c | 27 +++
8 files changed, 427 insertions(+)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 14790171a170..7994d6e8cacf 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -535,6 +535,7 @@ the following events::
KVMI_EVENT_DESCRIPTOR
KVMI_EVENT_HYPERCALL
KVMI_EVENT_MSR
+ KVMI_EVENT_PF
KVMI_EVENT_TRAP
KVMI_EVENT_XSETBV
@@ -1260,3 +1261,52 @@ register (see **KVMI_VCPU_CONTROL_EVENTS**).
``kvmi_event``, the MSR number, the old value and the new value are
sent to the introspection tool. The *CONTINUE* action will set the ``new_val``.
+
+10. KVMI_EVENT_PF
+-----------------
+
+:Architectures: x86
+:Versions: >= 1
+:Actions: CONTINUE, CRASH, RETRY
+:Parameters:
+
+::
+
+ struct kvmi_event;
+ struct kvmi_event_pf {
+ __u64 gva;
+ __u64 gpa;
+ __u8 access;
+ __u8 padding1;
+ __u16 padding2;
+ __u32 padding3;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_event_reply;
+
+This event is sent when a hypervisor page fault occurs due to a failed
+permission check in the shadow page tables, the introspection has been
+enabled for this event (see *KVMI_VPUC_CONTROL_EVENTS*) and the event was
+generated for a page in which the introspection tool has shown interest
+(ie. has previously touched it by adjusting the spte permissions).
+
+The shadow page tables can be used by the introspection tool to guarantee
+the purpose of code areas inside the guest (code, rodata, stack, heap
+etc.) Each attempt at an operation unfitting for a certain memory
+range (eg. execute code in heap) triggers a page fault and gives the
+introspection tool the chance to audit the code attempting the operation.
+
+``kvmi_event``, guest virtual address (or 0xffffffff/UNMAPPED_GVA),
+guest physical address and the access flags (eg. KVMI_PAGE_ACCESS_R)
+are sent to the introspection tool.
+
+The *CONTINUE* action will continue the page fault handling via emulation.
+
+The *RETRY* action is used by the introspection tool to retry the
+execution of the current instruction, usually because it changed the
+instruction pointer or the page restrictions.
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
index 5f2614ac3b4c..2e4eff501c0a 100644
--- a/arch/x86/include/asm/kvmi_host.h
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -39,6 +39,7 @@ struct kvm_vcpu_arch_introspection {
};
struct kvm_arch_introspection {
+ struct kvm_page_track_notifier_node kptn_node;
};
#define SLOTS_SIZE BITS_TO_LONGS(KVM_MEM_SLOTS_NUM)
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index ae6fef5a9b95..4e8b8e0a2961 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -1078,3 +1078,31 @@ int kvmi_arch_cmd_set_page_access(struct
kvm_introspection *kvmi,
return ec;
}
+
+bool kvmi_arch_pf_event(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ u8 access)
+{
+ bool ret = false;
+ u32 action;
+
+ action = kvmi_msg_send_pf(vcpu, gpa, gva, access);
+
+ switch (action) {
+ case KVMI_EVENT_ACTION_CONTINUE:
+ ret = true;
+ break;
+ case KVMI_EVENT_ACTION_RETRY:
+ break;
+ default:
+ kvmi_handle_common_event_actions(vcpu->kvm, action, "PF");
+ }
+
+ return ret;
+}
+
+bool kvmi_arch_pf_of_interest(struct kvm_vcpu *vcpu)
+{
+ return kvm_x86_ops->spt_fault(vcpu) &&
+ !kvm_x86_ops->gpt_translation_fault(vcpu);
+}
+
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 4b8462b80553..c74ded097efa 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -56,6 +56,7 @@ enum {
KVMI_EVENT_XSETBV = 6,
KVMI_EVENT_DESCRIPTOR = 7,
KVMI_EVENT_MSR = 8,
+ KVMI_EVENT_PF = 9,
KVMI_NUM_EVENTS
};
@@ -181,4 +182,13 @@ struct kvmi_event_reply {
__u32 padding2;
};
+struct kvmi_event_pf {
+ __u64 gva;
+ __u64 gpa;
+ __u8 access;
+ __u8 padding1;
+ __u16 padding2;
+ __u32 padding3;
+};
+
#endif /* _UAPI__LINUX_KVMI_H */
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index a0bd573ab264..e8d3ccac1caa 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -41,6 +41,11 @@ struct vcpu_reply {
struct kvmi_event_reply reply;
};
+struct pf_ev {
+ struct kvmi_event common;
+ struct kvmi_event_pf pf;
+};
+
struct vcpu_worker_data {
struct kvm_vm *vm;
int vcpu_id;
@@ -50,6 +55,10 @@ struct vcpu_worker_data {
bool restart_on_shutdown;
};
+typedef void (*fct_pf_event)(struct kvm_vm *vm, struct kvmi_msg_hdr *hdr,
+ struct pf_ev *ev,
+ struct vcpu_reply *rpl);
+
enum {
GUEST_TEST_NOOP = 0,
GUEST_TEST_BP,
@@ -57,6 +66,7 @@ enum {
GUEST_TEST_DESCRIPTOR,
GUEST_TEST_HYPERCALL,
GUEST_TEST_MSR,
+ GUEST_TEST_PF,
GUEST_TEST_XSETBV,
};
@@ -106,6 +116,11 @@ static void guest_msr_test(void)
wrmsr(MSR_MISC_FEATURES_ENABLES, msr);
}
+static void guest_pf_test(void)
+{
+ *((uint8_t *)test_gva) = READ_ONCE(test_write_pattern);
+}
+
/* from fpu/internal.h */
static u64 xgetbv(u32 index)
{
@@ -166,6 +181,9 @@ static void guest_code(void)
case GUEST_TEST_MSR:
guest_msr_test();
break;
+ case GUEST_TEST_PF:
+ guest_pf_test();
+ break;
case GUEST_TEST_XSETBV:
guest_xsetbv_test();
break;
@@ -1580,6 +1598,16 @@ static void set_page_access(struct kvm_vm *vm, __u64 gpa,
__u8 access)
gpa, access, -r, kvm_strerror(-r));
}
+static void __set_page_access(struct kvm_vm *vm, __u64 gpa, __u8 access)
+{
+ int r;
+
+ r = __cmd_set_page_access(vm, 1, &gpa, &access);
+ TEST_ASSERT(r == 0,
+ "KVMI_VM_SET_PAGE_ACCESS failed, gpa 0x%llx, access 0x%x, error %d
(%s)\n",
+ gpa, access, -r, kvm_strerror(-r));
+}
+
static void test_cmd_vm_set_page_access(struct kvm_vm *vm)
{
__u8 full_access = KVMI_PAGE_ACCESS_R | KVMI_PAGE_ACCESS_W
@@ -1592,6 +1620,62 @@ static void test_cmd_vm_set_page_access(struct kvm_vm
*vm)
set_page_access(vm, gpa, full_access);
}
+static void test_pf(struct kvm_vm *vm, fct_pf_event cbk)
+{
+ __u16 event_id = KVMI_EVENT_PF;
+ struct vcpu_worker_data data = {
+ .vm = vm,
+ .vcpu_id = VCPU_ID,
+ .test_id = GUEST_TEST_PF,
+ };
+ struct kvmi_msg_hdr hdr;
+ struct vcpu_reply rpl = {};
+ pthread_t vcpu_thread;
+ struct pf_ev ev;
+
+ set_page_access(vm, test_gpa, KVMI_PAGE_ACCESS_R);
+
+ enable_vcpu_event(vm, event_id);
+
+ new_test_write_pattern(vm);
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ receive_event(&hdr, &ev.common, sizeof(ev), event_id);
+
+ DEBUG("PF event, gpa 0x%llx, gva 0x%llx, access 0x%x\n",
+ ev.pf.gpa, ev.pf.gva, ev.pf.access);
+
+ TEST_ASSERT(ev.pf.gpa == test_gpa && ev.pf.gva == test_gva,
+ "Unexpected #PF event, gpa 0x%llx (expended 0x%llx), gva 0x%llx
(expected 0x%llx)\n",
+ ev.pf.gpa, test_gpa, ev.pf.gva, test_gva);
+
+ cbk(vm, &hdr, &ev, &rpl);
+
+ stop_vcpu_worker(vcpu_thread, &data);
+
+ TEST_ASSERT(*((uint8_t *)test_hva) == test_write_pattern,
+ "Write failed, expected 0x%x, result 0x%x\n",
+ test_write_pattern, *((uint8_t *)test_hva));
+
+ disable_vcpu_event(vm, event_id);
+}
+
+static void cbk_test_event_pf(struct kvm_vm *vm, struct kvmi_msg_hdr *hdr,
+ struct pf_ev *ev, struct vcpu_reply *rpl)
+{
+ __set_page_access(vm, test_gpa, KVMI_PAGE_ACCESS_R
+ | KVMI_PAGE_ACCESS_W);
+
+ reply_to_event(hdr, &ev->common, KVMI_EVENT_ACTION_RETRY,
+ rpl, sizeof(*rpl));
+}
+
+static void test_event_pf(struct kvm_vm *vm)
+{
+ test_pf(vm, cbk_test_event_pf);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1622,6 +1706,7 @@ static void test_introspection(struct kvm_vm *vm)
test_event_descriptor(vm);
test_cmd_vcpu_control_msr(vm);
test_cmd_vm_set_page_access(vm);
+ test_event_pf(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 6e88735978ae..10d59061fa82 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -13,6 +13,21 @@ enum {
MAX_PAUSE_REQUESTS = 1001
};
+static bool kvmi_track_preread(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ int bytes,
+ struct kvm_page_track_notifier_node *node);
+static bool kvmi_track_prewrite(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ const u8 *new, int bytes,
+ struct kvm_page_track_notifier_node *node);
+static bool kvmi_track_preexec(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ struct kvm_page_track_notifier_node *node);
+static void kvmi_track_create_slot(struct kvm *kvm,
+ struct kvm_memory_slot *slot,
+ unsigned long npages,
+ struct kvm_page_track_notifier_node *node);
+static void kvmi_track_flush_slot(struct kvm *kvm, struct kvm_memory_slot
*slot,
+ struct kvm_page_track_notifier_node *node);
+
static struct kmem_cache *msg_cache;
static struct kmem_cache *job_cache;
static struct kmem_cache *radix_cache;
@@ -248,6 +263,12 @@ alloc_kvmi(struct kvm *kvm, const struct
kvm_introspection_hook *hook)
GFP_KERNEL & ~__GFP_DIRECT_RECLAIM);
rwlock_init(&kvmi->access_tree_lock);
+ kvmi->arch.kptn_node.track_preread = kvmi_track_preread;
+ kvmi->arch.kptn_node.track_prewrite = kvmi_track_prewrite;
+ kvmi->arch.kptn_node.track_preexec = kvmi_track_preexec;
+ kvmi->arch.kptn_node.track_create_slot = kvmi_track_create_slot;
+ kvmi->arch.kptn_node.track_flush_slot = kvmi_track_flush_slot;
+
kvm_for_each_vcpu(i, vcpu, kvm) {
int err = create_vcpui(vcpu);
@@ -279,6 +300,8 @@ static void __kvmi_unhook(struct kvm *kvm)
struct kvm_introspection *kvmi = KVMI(kvm);
wait_for_completion_killable(&kvm->kvmi_complete);
+
+ kvm_page_track_unregister_notifier(kvm, &kvmi->arch.kptn_node);
kvmi_sock_put(kvmi);
}
@@ -327,6 +350,8 @@ static int __kvmi_hook(struct kvm *kvm,
if (!kvmi_sock_get(kvmi, hook->fd))
return -EINVAL;
+ kvm_page_track_register_notifier(kvm, &kvmi->arch.kptn_node);
+
return 0;
}
@@ -1075,3 +1100,199 @@ int kvmi_cmd_set_page_access(struct kvm_introspection
*kvmi, u64 gpa, u8 access)
return kvmi_set_gfn_access(kvmi->kvm, gfn, access);
}
+
+static int kvmi_get_gfn_access(struct kvm_introspection *kvmi, const gfn_t gfn,
+ u8 *access)
+{
+ struct kvmi_mem_access *m;
+
+ read_lock(&kvmi->access_tree_lock);
+ m = __kvmi_get_gfn_access(kvmi, gfn);
+ if (m)
+ *access = m->access;
+ read_unlock(&kvmi->access_tree_lock);
+
+ return m ? 0 : -1;
+}
+
+static bool kvmi_restricted_access(struct kvm_introspection *kvmi, gpa_t gpa,
+ u8 access)
+{
+ u8 allowed_access;
+ int err;
+
+ err = kvmi_get_gfn_access(kvmi, gpa_to_gfn(gpa), &allowed_access);
+
+ if (err)
+ return false;
+
+ /*
+ * We want to be notified only for violations involving access
+ * bits that we've specifically cleared
+ */
+ if (access & (~allowed_access))
+ return true;
+
+ return false;
+}
+
+static bool is_pf_of_interest(struct kvm_vcpu *vcpu, gpa_t gpa, u8 access)
+{
+ struct kvm *kvm = vcpu->kvm;
+
+ if (!kvmi_arch_pf_of_interest(vcpu))
+ return false;
+
+ return kvmi_restricted_access(KVMI(kvm), gpa, access);
+}
+
+static bool __kvmi_track_preread(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva)
+{
+ if (!is_pf_of_interest(vcpu, gpa, KVMI_PAGE_ACCESS_R))
+ return true;
+
+ return kvmi_arch_pf_event(vcpu, gpa, gva, KVMI_PAGE_ACCESS_R);
+}
+
+static bool kvmi_track_preread(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ int bytes,
+ struct kvm_page_track_notifier_node *node)
+{
+ struct kvm_introspection *kvmi;
+ bool ret = true;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return true;
+
+ if (is_event_enabled(vcpu, KVMI_EVENT_PF))
+ ret = __kvmi_track_preread(vcpu, gpa, gva);
+
+ kvmi_put(vcpu->kvm);
+
+ return ret;
+}
+
+static bool __kvmi_track_prewrite(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva)
+{
+ if (!is_pf_of_interest(vcpu, gpa, KVMI_PAGE_ACCESS_W))
+ return true;
+
+ return kvmi_arch_pf_event(vcpu, gpa, gva, KVMI_PAGE_ACCESS_W);
+}
+
+static bool kvmi_track_prewrite(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ const u8 *new, int bytes,
+ struct kvm_page_track_notifier_node *node)
+{
+ struct kvm_introspection *kvmi;
+ bool ret = true;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return true;
+
+ if (is_event_enabled(vcpu, KVMI_EVENT_PF))
+ ret = __kvmi_track_prewrite(vcpu, gpa, gva);
+
+ kvmi_put(vcpu->kvm);
+
+ return ret;
+}
+
+static bool __kvmi_track_preexec(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva)
+{
+ if (!is_pf_of_interest(vcpu, gpa, KVMI_PAGE_ACCESS_X))
+ return true;
+
+ return kvmi_arch_pf_event(vcpu, gpa, gva, KVMI_PAGE_ACCESS_X);
+}
+
+static bool kvmi_track_preexec(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ struct kvm_page_track_notifier_node *node)
+{
+ struct kvm_introspection *kvmi;
+ bool ret = true;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return true;
+
+ if (is_event_enabled(vcpu, KVMI_EVENT_PF))
+ ret = __kvmi_track_preexec(vcpu, gpa, gva);
+
+ kvmi_put(vcpu->kvm);
+
+ return ret;
+}
+
+static void kvmi_track_create_slot(struct kvm *kvm,
+ struct kvm_memory_slot *slot,
+ unsigned long npages,
+ struct kvm_page_track_notifier_node *node)
+{
+ struct kvm_introspection *kvmi;
+ gfn_t start = slot->base_gfn;
+ const gfn_t end = start + npages;
+ int idx;
+
+ kvmi = kvmi_get(kvm);
+ if (!kvmi)
+ return;
+
+ idx = srcu_read_lock(&kvm->srcu);
+ spin_lock(&kvm->mmu_lock);
+ read_lock(&kvmi->access_tree_lock);
+
+ while (start < end) {
+ struct kvmi_mem_access *m;
+
+ m = __kvmi_get_gfn_access(kvmi, start);
+ if (m)
+ kvmi_arch_update_page_tracking(kvm, slot, m);
+ start++;
+ }
+
+ read_unlock(&kvmi->access_tree_lock);
+ spin_unlock(&kvm->mmu_lock);
+ srcu_read_unlock(&kvm->srcu, idx);
+
+ kvmi_put(kvm);
+}
+
+static void kvmi_track_flush_slot(struct kvm *kvm, struct kvm_memory_slot
*slot,
+ struct kvm_page_track_notifier_node *node)
+{
+ struct kvm_introspection *kvmi;
+ gfn_t start = slot->base_gfn;
+ const gfn_t end = start + slot->npages;
+ int idx;
+
+ kvmi = kvmi_get(kvm);
+ if (!kvmi)
+ return;
+
+ idx = srcu_read_lock(&kvm->srcu);
+ spin_lock(&kvm->mmu_lock);
+ write_lock(&kvmi->access_tree_lock);
+
+ while (start < end) {
+ struct kvmi_mem_access *m;
+
+ m = __kvmi_get_gfn_access(kvmi, start);
+ if (m) {
+ u8 prev_access = m->access;
+
+ m->access = full_access;
+ kvmi_arch_update_page_tracking(kvm, slot, m);
+ m->access = prev_access;
+ }
+ start++;
+ }
+
+ write_unlock(&kvmi->access_tree_lock);
+ spin_unlock(&kvm->mmu_lock);
+ srcu_read_unlock(&kvm->srcu, idx);
+
+ kvmi_put(kvm);
+}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index a81e400eab17..23a088afe072 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -29,6 +29,7 @@
| BIT(KVMI_EVENT_MSR) \
| BIT(KVMI_EVENT_TRAP) \
| BIT(KVMI_EVENT_PAUSE_VCPU) \
+ | BIT(KVMI_EVENT_PF) \
| BIT(KVMI_EVENT_XSETBV) \
)
@@ -90,6 +91,7 @@ u32 kvmi_msg_send_vcpu_pause(struct kvm_vcpu *vcpu);
u32 kvmi_msg_send_hypercall(struct kvm_vcpu *vcpu);
u32 kvmi_msg_send_bp(struct kvm_vcpu *vcpu, u64 gpa, u8 insn_len);
u32 kvmi_msg_send_descriptor(struct kvm_vcpu *vcpu, u8 descriptor, u8 write);
+u32 kvmi_msg_send_pf(struct kvm_vcpu *vcpu, u64 gpa, u64 gva, u8 access);
/* kvmi.c */
void *kvmi_msg_alloc(void);
@@ -162,5 +164,8 @@ void kvmi_arch_update_page_tracking(struct kvm *kvm,
int kvmi_arch_cmd_set_page_access(struct kvm_introspection *kvmi,
const struct kvmi_msg_hdr *msg,
const struct kvmi_vm_set_page_access *req);
+bool kvmi_arch_pf_event(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
+ u8 access);
+bool kvmi_arch_pf_of_interest(struct kvm_vcpu *vcpu);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index fd7c9993296f..49f49f2401bc 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -1072,3 +1072,30 @@ u32 kvmi_msg_send_descriptor(struct kvm_vcpu *vcpu, u8
descriptor, u8 write)
return action;
}
+
+u32 kvmi_msg_send_pf(struct kvm_vcpu *vcpu, u64 gpa, u64 gva, u8 access)
+{
+ struct kvmi_event_pf e;
+ int err, action;
+
+ memset(&e, 0, sizeof(e));
+ e.gpa = gpa;
+ e.gva = gva;
+ e.access = access;
+
+ err = kvmi_send_event(vcpu, KVMI_EVENT_PF, &e, sizeof(e),
+ NULL, 0, &action);
+ if (err)
+ return KVMI_EVENT_ACTION_CONTINUE;
+
+ if (e.padding1 || e.padding2 || e.padding3) {
+ struct kvm_introspection *kvmi = KVMI(vcpu->kvm);
+
+ kvmi_err(kvmi, "%s: non zero padding %u,%u\n",
+ __func__, e.padding1, e.padding2);
+ kvmi_sock_shutdown(kvmi);
+ return KVMI_EVENT_ACTION_CONTINUE;
+ }
+
+ return action;
+}
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 73/78] KVM: introspection: extend KVMI_GET_VERSION with struct kvmi_features
This is used by the introspection tool to check the hardware support
for single step.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 13 ++++++++++++-
arch/x86/include/uapi/asm/kvmi.h | 5 +++++
arch/x86/kvm/kvmi.c | 5 +++++
include/uapi/linux/kvmi.h | 1 +
tools/testing/selftests/kvm/x86_64/kvmi_test.c | 5 +++++
virt/kvm/introspection/kvmi_int.h | 1 +
virt/kvm/introspection/kvmi_msg.c | 2 ++
7 files changed, 31 insertions(+), 1 deletion(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 7994d6e8cacf..454d7ae75ae6 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -254,9 +254,20 @@ The commands related to vCPUs start with::
struct kvmi_get_version_reply {
__u32 version;
__u32 padding;
+ struct kvmi_features features;
};
-Returns the introspection API version.
+For x86
+
+::
+
+ struct kvmi_features {
+ __u8 singlestep;
+ __u8 padding[7];
+ };
+
+Returns the introspection API version and some of the features supported
+by the hardware.
This command is always allowed and successful (if the introspection is
built in kernel).
diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h
index f4be7d12f63a..8e2056ad11a7 100644
--- a/arch/x86/include/uapi/asm/kvmi.h
+++ b/arch/x86/include/uapi/asm/kvmi.h
@@ -139,4 +139,9 @@ struct kvmi_event_msr_reply {
__u64 new_val;
};
+struct kvmi_features {
+ __u8 singlestep;
+ __u8 padding[7];
+};
+
#endif /* _UAPI_ASM_X86_KVMI_H */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index 4e8b8e0a2961..5cf266d13375 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -1100,6 +1100,11 @@ bool kvmi_arch_pf_event(struct kvm_vcpu *vcpu, gpa_t gpa,
gva_t gva,
return ret;
}
+void kvmi_arch_features(struct kvmi_features *feat)
+{
+ feat->singlestep = !!kvm_x86_ops->control_singlestep;
+}
+
bool kvmi_arch_pf_of_interest(struct kvm_vcpu *vcpu)
{
return kvm_x86_ops->spt_fault(vcpu) &&
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index c74ded097efa..7cd41a815967 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -91,6 +91,7 @@ struct kvmi_error_code {
struct kvmi_get_version_reply {
__u32 version;
__u32 padding;
+ struct kvmi_features features;
};
struct kvmi_vm_check_command {
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index e8d3ccac1caa..a27588c27eb8 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -55,6 +55,8 @@ struct vcpu_worker_data {
bool restart_on_shutdown;
};
+static struct kvmi_features features;
+
typedef void (*fct_pf_event)(struct kvm_vm *vm, struct kvmi_msg_hdr *hdr,
struct pf_ev *ev,
struct vcpu_reply *rpl);
@@ -371,7 +373,10 @@ static void test_cmd_get_version(void)
"Unexpected KVMI version %d, expecting %d\n",
rpl.version, KVMI_VERSION);
+ features = rpl.features;
+
DEBUG("KVMI version: %u\n", rpl.version);
+ DEBUG("\tsinglestep: %u\n", features.singlestep);
}
static int cmd_check_command(__u16 id)
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 23a088afe072..06b924277f37 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -167,5 +167,6 @@ int kvmi_arch_cmd_set_page_access(struct kvm_introspection
*kvmi,
bool kvmi_arch_pf_event(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva,
u8 access);
bool kvmi_arch_pf_of_interest(struct kvm_vcpu *vcpu);
+void kvmi_arch_features(struct kvmi_features *feat);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 49f49f2401bc..8c7cdbd96faa 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -184,6 +184,8 @@ static int handle_get_version(struct kvm_introspection
*kvmi,
memset(&rpl, 0, sizeof(rpl));
rpl.version = KVMI_VERSION;
+ kvmi_arch_features(&rpl.features);
+
return kvmi_msg_vm_reply(kvmi, msg, 0, &rpl, sizeof(rpl));
}
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 74/78] KVM: introspection: add KVMI_VCPU_CONTROL_SINGLESTEP
From: Nicu?or C??u <ncitu at bitdefender.com>
This command is extremely useful for debuggers.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 31 ++++++
arch/x86/kvm/kvmi.c | 18 ++++
arch/x86/kvm/x86.c | 7 ++
include/linux/kvmi_host.h | 7 ++
include/uapi/linux/kvmi.h | 7 ++
.../testing/selftests/kvm/x86_64/kvmi_test.c | 21 +++++
virt/kvm/introspection/kvmi.c | 23 +++++
virt/kvm/introspection/kvmi_int.h | 3 +
virt/kvm/introspection/kvmi_msg.c | 94 ++++++++++++-------
9 files changed, 179 insertions(+), 32 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 454d7ae75ae6..ffa183745722 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -930,6 +930,37 @@ In order to 'forget' an address, all the access
bits ('rwx') must be set.
* -KVM_EINVAL - the message size is invalid
* -KVM_ENOMEM - not enough memory to add the page tracking structures
+20. KVMI_VCPU_CONTROL_SINGLESTEP
+--------------------------------
+
+:Architectures: x86 (vmx)
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_control_singlestep {
+ __u8 enable;
+ __u8 padding[7];
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code
+
+Enables/disables singlestep.
+
+The introspection tool can use *KVMI_GET_VERSION*, to check
+if the hardware supports singlestep (see **KVMI_GET_VERSION**).
+
+:Errors:
+
+* -KVM_EOPNOTSUPP - the hardware doesn't support it
+* -KVM_EINVAL - padding is not zero
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+
Events
=====
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index 5cf266d13375..feebb0327e27 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -1111,3 +1111,21 @@ bool kvmi_arch_pf_of_interest(struct kvm_vcpu *vcpu)
!kvm_x86_ops->gpt_translation_fault(vcpu);
}
+bool kvmi_arch_start_singlestep(struct kvm_vcpu *vcpu)
+{
+ if (!kvm_x86_ops->control_singlestep)
+ return false;
+
+ kvm_x86_ops->control_singlestep(vcpu, true);
+ return true;
+}
+
+bool kvmi_arch_stop_singlestep(struct kvm_vcpu *vcpu)
+{
+ if (!kvm_x86_ops->control_singlestep)
+ return false;
+
+ kvm_x86_ops->control_singlestep(vcpu, false);
+ return true;
+}
+
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 5d6ac6c99246..b87ff31ce486 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7625,6 +7625,13 @@ static int inject_pending_event(struct kvm_vcpu *vcpu,
bool req_int_win)
{
int r;
+ if (kvmi_vcpu_running_singlestep(vcpu))
+ /*
+ * We cannot inject events during single-stepping.
+ * Try again later.
+ */
+ return -1;
+
/* try to reinject previous events if any */
if (vcpu->arch.exception.injected)
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index a9f572df1809..7c84ca681411 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -50,6 +50,10 @@ struct kvm_vcpu_introspection {
bool pending;
bool send_event;
} exception;
+
+ struct {
+ bool loop;
+ } singlestep;
};
struct kvm_introspection {
@@ -90,6 +94,7 @@ void kvmi_handle_requests(struct kvm_vcpu *vcpu);
bool kvmi_hypercall_event(struct kvm_vcpu *vcpu);
bool kvmi_breakpoint_event(struct kvm_vcpu *vcpu, u64 gva, u8 insn_len);
bool kvmi_enter_guest(struct kvm_vcpu *vcpu);
+bool kvmi_vcpu_running_singlestep(struct kvm_vcpu *vcpu);
#else
@@ -106,6 +111,8 @@ static inline bool kvmi_breakpoint_event(struct kvm_vcpu
*vcpu, u64 gva,
{ return true; }
static inline bool kvmi_enter_guest(struct kvm_vcpu *vcpu)
{ return true; }
+static inline bool kvmi_vcpu_running_singlestep(struct kvm_vcpu *vcpu)
+ { return false; }
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 7cd41a815967..c6c5019ccf85 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -43,6 +43,8 @@ enum {
KVMI_VM_SET_PAGE_ACCESS = 21,
+ KVMI_VCPU_CONTROL_SINGLESTEP = 22,
+
KVMI_NUM_MESSAGES
};
@@ -168,6 +170,11 @@ struct kvmi_vm_set_page_access {
struct kvmi_page_access_entry entries[0];
};
+struct kvmi_vcpu_control_singlestep {
+ __u8 enable;
+ __u8 padding[7];
+};
+
struct kvmi_event {
__u16 size;
__u16 vcpu;
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index a27588c27eb8..090cb7acd2ed 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -1681,6 +1681,26 @@ static void test_event_pf(struct kvm_vm *vm)
test_pf(vm, cbk_test_event_pf);
}
+static void test_cmd_vcpu_control_singlestep(struct kvm_vm *vm)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ struct kvmi_vcpu_control_singlestep cmd;
+ } req = {};
+
+ if (!features.singlestep)
+ return;
+
+ req.cmd.enable = true;
+ test_vcpu0_command(vm, KVMI_VCPU_CONTROL_SINGLESTEP,
+ &req.hdr, sizeof(req), NULL, 0);
+
+ req.cmd.enable = false;
+ test_vcpu0_command(vm, KVMI_VCPU_CONTROL_SINGLESTEP,
+ &req.hdr, sizeof(req), NULL, 0);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1712,6 +1732,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_vcpu_control_msr(vm);
test_cmd_vm_set_page_access(vm);
test_event_pf(vm);
+ test_cmd_vcpu_control_singlestep(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 10d59061fa82..b798eeab6618 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -361,6 +361,9 @@ static void kvmi_job_release_vcpu(struct kvm_vcpu *vcpu,
void *ctx)
atomic_set(&vcpui->pause_requests, 0);
vcpui->waiting_for_reply = false;
+
+ if (vcpui->singlestep.loop)
+ kvmi_arch_stop_singlestep(vcpu);
}
static void kvmi_release_vcpus(struct kvm *kvm)
@@ -1003,6 +1006,9 @@ bool kvmi_enter_guest(struct kvm_vcpu *vcpu)
if (!kvmi)
return true;
+ if (VCPUI(vcpu)->singlestep.loop)
+ kvmi_arch_start_singlestep(vcpu);
+
if (kvmi_inject_pending_exception(vcpu))
r = false;
@@ -1296,3 +1302,20 @@ static void kvmi_track_flush_slot(struct kvm *kvm, struct
kvm_memory_slot *slot,
kvmi_put(kvm);
}
+
+bool kvmi_vcpu_running_singlestep(struct kvm_vcpu *vcpu)
+{
+ struct kvm_introspection *kvmi;
+ bool ret;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return false;
+
+ ret = VCPUI(vcpu)->singlestep.loop;
+
+ kvmi_put(vcpu->kvm);
+
+ return ret;
+}
+EXPORT_SYMBOL(kvmi_vcpu_running_singlestep);
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 06b924277f37..64425ff16c7d 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -50,6 +50,7 @@
| BIT(KVMI_VCPU_CONTROL_CR) \
| BIT(KVMI_VCPU_CONTROL_EVENTS) \
| BIT(KVMI_VCPU_CONTROL_MSR) \
+ | BIT(KVMI_VCPU_CONTROL_SINGLESTEP) \
| BIT(KVMI_VCPU_GET_CPUID) \
| BIT(KVMI_VCPU_GET_MTRR_TYPE) \
| BIT(KVMI_VCPU_GET_REGISTERS) \
@@ -168,5 +169,7 @@ bool kvmi_arch_pf_event(struct kvm_vcpu *vcpu, gpa_t gpa,
gva_t gva,
u8 access);
bool kvmi_arch_pf_of_interest(struct kvm_vcpu *vcpu);
void kvmi_arch_features(struct kvmi_features *feat);
+bool kvmi_arch_start_singlestep(struct kvm_vcpu *vcpu);
+bool kvmi_arch_stop_singlestep(struct kvm_vcpu *vcpu);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 8c7cdbd96faa..4c49033a6407 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -17,27 +17,28 @@ struct kvmi_vcpu_cmd_job {
};
static const char *const msg_IDs[] = {
- [KVMI_EVENT_REPLY] = "KVMI_EVENT_REPLY",
- [KVMI_GET_VERSION] = "KVMI_GET_VERSION",
- [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND",
- [KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
- [KVMI_VM_CONTROL_EVENTS] = "KVMI_VM_CONTROL_EVENTS",
- [KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
- [KVMI_VM_GET_MAX_GFN] = "KVMI_VM_GET_MAX_GFN",
- [KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
- [KVMI_VM_SET_PAGE_ACCESS] = "KVMI_VM_SET_PAGE_ACCESS",
- [KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
- [KVMI_VCPU_CONTROL_CR] = "KVMI_VCPU_CONTROL_CR",
- [KVMI_VCPU_CONTROL_EVENTS] = "KVMI_VCPU_CONTROL_EVENTS",
- [KVMI_VCPU_CONTROL_MSR] = "KVMI_VCPU_CONTROL_MSR",
- [KVMI_VCPU_GET_CPUID] = "KVMI_VCPU_GET_CPUID",
- [KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
- [KVMI_VCPU_GET_MTRR_TYPE] = "KVMI_VCPU_GET_MTRR_TYPE",
- [KVMI_VCPU_GET_REGISTERS] = "KVMI_VCPU_GET_REGISTERS",
- [KVMI_VCPU_GET_XSAVE] = "KVMI_VCPU_GET_XSAVE",
- [KVMI_VCPU_INJECT_EXCEPTION] = "KVMI_VCPU_INJECT_EXCEPTION",
- [KVMI_VCPU_PAUSE] = "KVMI_VCPU_PAUSE",
- [KVMI_VCPU_SET_REGISTERS] = "KVMI_VCPU_SET_REGISTERS",
+ [KVMI_EVENT_REPLY] = "KVMI_EVENT_REPLY",
+ [KVMI_GET_VERSION] = "KVMI_GET_VERSION",
+ [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND",
+ [KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT",
+ [KVMI_VM_CONTROL_EVENTS] = "KVMI_VM_CONTROL_EVENTS",
+ [KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO",
+ [KVMI_VM_GET_MAX_GFN] = "KVMI_VM_GET_MAX_GFN",
+ [KVMI_VM_READ_PHYSICAL] = "KVMI_VM_READ_PHYSICAL",
+ [KVMI_VM_SET_PAGE_ACCESS] = "KVMI_VM_SET_PAGE_ACCESS",
+ [KVMI_VM_WRITE_PHYSICAL] = "KVMI_VM_WRITE_PHYSICAL",
+ [KVMI_VCPU_CONTROL_CR] = "KVMI_VCPU_CONTROL_CR",
+ [KVMI_VCPU_CONTROL_EVENTS] = "KVMI_VCPU_CONTROL_EVENTS",
+ [KVMI_VCPU_CONTROL_MSR] = "KVMI_VCPU_CONTROL_MSR",
+ [KVMI_VCPU_CONTROL_SINGLESTEP] = "KVMI_VCPU_CONTROL_SINGLESTEP",
+ [KVMI_VCPU_GET_CPUID] = "KVMI_VCPU_GET_CPUID",
+ [KVMI_VCPU_GET_INFO] = "KVMI_VCPU_GET_INFO",
+ [KVMI_VCPU_GET_MTRR_TYPE] = "KVMI_VCPU_GET_MTRR_TYPE",
+ [KVMI_VCPU_GET_REGISTERS] = "KVMI_VCPU_GET_REGISTERS",
+ [KVMI_VCPU_GET_XSAVE] = "KVMI_VCPU_GET_XSAVE",
+ [KVMI_VCPU_INJECT_EXCEPTION] = "KVMI_VCPU_INJECT_EXCEPTION",
+ [KVMI_VCPU_PAUSE] = "KVMI_VCPU_PAUSE",
+ [KVMI_VCPU_SET_REGISTERS] = "KVMI_VCPU_SET_REGISTERS",
};
static bool is_known_message(u16 id)
@@ -585,6 +586,34 @@ static int handle_vcpu_control_msr(const struct
kvmi_vcpu_cmd_job *job,
return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
}
+static int handle_vcpu_control_singlestep(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg,
+ const void *_req)
+{
+ const struct kvmi_vcpu_control_singlestep *req = _req;
+ struct kvm_vcpu *vcpu = job->vcpu;
+ int ec = -KVM_EINVAL;
+ bool done;
+ int i;
+
+ for (i = 0; i < sizeof(req->padding); i++)
+ if (req->padding[i])
+ goto reply;
+
+ if (req->enable)
+ done = kvmi_arch_start_singlestep(vcpu);
+ else
+ done = kvmi_arch_stop_singlestep(vcpu);
+
+ if (done) {
+ ec = 0;
+ VCPUI(vcpu)->singlestep.loop = !!req->enable;
+ }
+
+reply:
+ return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -593,17 +622,18 @@ static int handle_vcpu_control_msr(const struct
kvmi_vcpu_cmd_job *job,
*/
static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job *,
const struct kvmi_msg_hdr *, const void *) = {
- [KVMI_EVENT_REPLY] = handle_event_reply,
- [KVMI_VCPU_CONTROL_CR] = handle_vcpu_control_cr,
- [KVMI_VCPU_CONTROL_EVENTS] = handle_vcpu_control_events,
- [KVMI_VCPU_CONTROL_MSR] = handle_vcpu_control_msr,
- [KVMI_VCPU_GET_CPUID] = handle_get_cpuid,
- [KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
- [KVMI_VCPU_GET_MTRR_TYPE] = handle_vcpu_get_mtrr_type,
- [KVMI_VCPU_GET_REGISTERS] = handle_get_registers,
- [KVMI_VCPU_GET_XSAVE] = handle_vcpu_get_xsave,
- [KVMI_VCPU_INJECT_EXCEPTION] = handle_vcpu_inject_exception,
- [KVMI_VCPU_SET_REGISTERS] = handle_set_registers,
+ [KVMI_EVENT_REPLY] = handle_event_reply,
+ [KVMI_VCPU_CONTROL_CR] = handle_vcpu_control_cr,
+ [KVMI_VCPU_CONTROL_EVENTS] = handle_vcpu_control_events,
+ [KVMI_VCPU_CONTROL_MSR] = handle_vcpu_control_msr,
+ [KVMI_VCPU_CONTROL_SINGLESTEP] = handle_vcpu_control_singlestep,
+ [KVMI_VCPU_GET_CPUID] = handle_get_cpuid,
+ [KVMI_VCPU_GET_INFO] = handle_get_vcpu_info,
+ [KVMI_VCPU_GET_MTRR_TYPE] = handle_vcpu_get_mtrr_type,
+ [KVMI_VCPU_GET_REGISTERS] = handle_get_registers,
+ [KVMI_VCPU_GET_XSAVE] = handle_vcpu_get_xsave,
+ [KVMI_VCPU_INJECT_EXCEPTION] = handle_vcpu_inject_exception,
+ [KVMI_VCPU_SET_REGISTERS] = handle_set_registers,
};
static void kvmi_job_vcpu_cmd(struct kvm_vcpu *vcpu, void *ctx)
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 75/78] KVM: introspection: add KVMI_EVENT_SINGLESTEP
From: Nicu?or C??u <ncitu at bitdefender.com>
This event is sent when the current instruction has been single stepped
with or without success.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 28 +++++++
arch/x86/kvm/vmx/vmx.c | 6 ++
include/linux/kvmi_host.h | 4 +
include/uapi/linux/kvmi.h | 6 ++
.../testing/selftests/kvm/x86_64/kvmi_test.c | 80 ++++++++++++++++---
virt/kvm/introspection/kvmi.c | 61 ++++++++++++++
virt/kvm/introspection/kvmi_int.h | 1 +
7 files changed, 177 insertions(+), 9 deletions(-)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index ffa183745722..3515fea1eb75 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -547,6 +547,7 @@ the following events::
KVMI_EVENT_HYPERCALL
KVMI_EVENT_MSR
KVMI_EVENT_PF
+ KVMI_EVENT_SINGLESTEP
KVMI_EVENT_TRAP
KVMI_EVENT_XSETBV
@@ -1352,3 +1353,30 @@ The *CONTINUE* action will continue the page fault
handling via emulation.
The *RETRY* action is used by the introspection tool to retry the
execution of the current instruction, usually because it changed the
instruction pointer or the page restrictions.
+
+11. KVMI_EVENT_SINGLESTEP
+-------------------------
+
+:Architectures: x86
+:Versions: >= 1
+:Actions: CONTINUE, CRASH
+:Parameters:
+
+::
+
+ struct kvmi_event;
+
+:Returns:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_event_reply;
+ struct kvmi_event_singlestep {
+ __u8 failed;
+ __u8 padding[7];
+ };
+
+This event is sent when the current instruction has been executed or the
+singlestep failed and the introspection has been enabled for this event
+(see **KVMI_VCPU_CONTROL_EVENTS**).
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 2aaa74caefff..fece435ce743 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -5439,6 +5439,7 @@ static int handle_invalid_op(struct kvm_vcpu *vcpu)
static int handle_monitor_trap(struct kvm_vcpu *vcpu)
{
+ kvmi_singlestep_done(vcpu);
return 1;
}
@@ -5994,6 +5995,11 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu)
}
}
+ if (kvmi_vcpu_running_singlestep(vcpu) &&
+ exit_reason != EXIT_REASON_EPT_VIOLATION &&
+ exit_reason != EXIT_REASON_MONITOR_TRAP_FLAG)
+ kvmi_singlestep_failed(vcpu);
+
if (exit_reason < kvm_vmx_max_exit_handlers
&& kvm_vmx_exit_handlers[exit_reason]) {
#ifdef CONFIG_RETPOLINE
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 7c84ca681411..723a902f4b89 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -95,6 +95,8 @@ bool kvmi_hypercall_event(struct kvm_vcpu *vcpu);
bool kvmi_breakpoint_event(struct kvm_vcpu *vcpu, u64 gva, u8 insn_len);
bool kvmi_enter_guest(struct kvm_vcpu *vcpu);
bool kvmi_vcpu_running_singlestep(struct kvm_vcpu *vcpu);
+void kvmi_singlestep_done(struct kvm_vcpu *vcpu);
+void kvmi_singlestep_failed(struct kvm_vcpu *vcpu);
#else
@@ -113,6 +115,8 @@ static inline bool kvmi_enter_guest(struct kvm_vcpu *vcpu)
{ return true; }
static inline bool kvmi_vcpu_running_singlestep(struct kvm_vcpu *vcpu)
{ return false; }
+static void kvmi_singlestep_done(struct kvm_vcpu *vcpu) { }
+static void kvmi_singlestep_failed(struct kvm_vcpu *vcpu) { }
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index c6c5019ccf85..37c51e64d22c 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -59,6 +59,7 @@ enum {
KVMI_EVENT_DESCRIPTOR = 7,
KVMI_EVENT_MSR = 8,
KVMI_EVENT_PF = 9,
+ KVMI_EVENT_SINGLESTEP = 10,
KVMI_NUM_EVENTS
};
@@ -199,4 +200,9 @@ struct kvmi_event_pf {
__u32 padding3;
};
+struct kvmi_event_singlestep {
+ __u8 failed;
+ __u8 padding[7];
+};
+
#endif /* _UAPI__LINUX_KVMI_H */
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index 090cb7acd2ed..cf5edf91197d 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -738,6 +738,14 @@ static void stop_vcpu_worker(pthread_t vcpu_thread,
wait_vcpu_worker(vcpu_thread);
}
+static int __do_vcpu_command(struct kvm_vm *vm, int cmd_id,
+ struct kvmi_msg_hdr *req, size_t req_size,
+ void *rpl, size_t rpl_size)
+{
+ send_message(cmd_id, req, req_size);
+ return receive_cmd_reply(req, rpl, rpl_size);
+}
+
static int do_vcpu_command(struct kvm_vm *vm, int cmd_id,
struct kvmi_msg_hdr *req, size_t req_size,
void *rpl, size_t rpl_size)
@@ -748,13 +756,24 @@ static int do_vcpu_command(struct kvm_vm *vm, int cmd_id,
vcpu_thread = start_vcpu_worker(&data);
- send_message(cmd_id, req, req_size);
- r = receive_cmd_reply(req, rpl, rpl_size);
+ r = __do_vcpu_command(vm, cmd_id, req, req_size, rpl, rpl_size);
stop_vcpu_worker(vcpu_thread, &data);
return r;
}
+static int __do_vcpu0_command(struct kvm_vm *vm, int cmd_id,
+ struct kvmi_msg_hdr *req, size_t req_size,
+ void *rpl, size_t rpl_size)
+{
+ struct kvmi_vcpu_hdr *vcpu_hdr = (struct kvmi_vcpu_hdr *)req;
+
+ vcpu_hdr->vcpu = 0;
+
+ send_message(cmd_id, req, req_size);
+ return receive_cmd_reply(req, rpl, rpl_size);
+}
+
static int do_vcpu0_command(struct kvm_vm *vm, int cmd_id,
struct kvmi_msg_hdr *req, size_t req_size,
void *rpl, size_t rpl_size)
@@ -1681,24 +1700,67 @@ static void test_event_pf(struct kvm_vm *vm)
test_pf(vm, cbk_test_event_pf);
}
-static void test_cmd_vcpu_control_singlestep(struct kvm_vm *vm)
+static void control_singlestep(struct kvm_vm *vm, bool enable)
{
struct {
struct kvmi_msg_hdr hdr;
struct kvmi_vcpu_hdr vcpu_hdr;
struct kvmi_vcpu_control_singlestep cmd;
} req = {};
+ int r;
+
+ req.cmd.enable = enable;
+ r = __do_vcpu0_command(vm, KVMI_VCPU_CONTROL_SINGLESTEP,
+ &req.hdr, sizeof(req), NULL, 0);
+ TEST_ASSERT(r == 0,
+ "KVMI_VCPU_CONTROL_SINGLESTEP failed, error %d (%s)\n",
+ -r, kvm_strerror(-r));
+}
+
+static void enable_singlestep(struct kvm_vm *vm)
+{
+ control_singlestep(vm, true);
+}
+
+static void disable_singlestep(struct kvm_vm *vm)
+{
+ control_singlestep(vm, false);
+}
+
+static void test_cmd_vcpu_control_singlestep(struct kvm_vm *vm)
+{
+ struct vcpu_worker_data data = { .vm = vm, .vcpu_id = VCPU_ID };
+ struct {
+ struct kvmi_event common;
+ struct kvmi_event_singlestep singlestep;
+ } ev;
+ __u16 event_id = KVMI_EVENT_SINGLESTEP;
+ struct vcpu_reply rpl = {};
+ struct kvmi_msg_hdr hdr;
+ pthread_t vcpu_thread;
if (!features.singlestep)
return;
- req.cmd.enable = true;
- test_vcpu0_command(vm, KVMI_VCPU_CONTROL_SINGLESTEP,
- &req.hdr, sizeof(req), NULL, 0);
+ enable_vcpu_event(vm, event_id);
+
+ vcpu_thread = start_vcpu_worker(&data);
+
+ enable_singlestep(vm);
+
+ receive_event(&hdr, &ev.common, sizeof(ev), event_id);
+
+ DEBUG("SINGLESTEP event, rip 0x%llx success %d\n",
+ ev.common.arch.regs.rip, !ev.singlestep.failed);
+
+ disable_singlestep(vm);
+
+ reply_to_event(&hdr, &ev.common, KVMI_EVENT_ACTION_CONTINUE,
+ &rpl, sizeof(rpl));
+
+ stop_vcpu_worker(vcpu_thread, &data);
- req.cmd.enable = false;
- test_vcpu0_command(vm, KVMI_VCPU_CONTROL_SINGLESTEP,
- &req.hdr, sizeof(req), NULL, 0);
+ disable_vcpu_event(vm, KVMI_EVENT_SINGLESTEP);
}
static void test_introspection(struct kvm_vm *vm)
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index b798eeab6618..5bb3e1252242 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -1319,3 +1319,64 @@ bool kvmi_vcpu_running_singlestep(struct kvm_vcpu *vcpu)
return ret;
}
EXPORT_SYMBOL(kvmi_vcpu_running_singlestep);
+
+static u32 kvmi_send_singlestep(struct kvm_vcpu *vcpu, bool success)
+{
+ struct kvmi_event_singlestep e;
+ int err, action;
+
+ memset(&e, 0, sizeof(e));
+ e.failed = success ? 0 : 1;
+
+ err = kvmi_send_event(vcpu, KVMI_EVENT_SINGLESTEP, &e, sizeof(e),
+ NULL, 0, &action);
+ if (err)
+ return KVMI_EVENT_ACTION_CONTINUE;
+
+ return action;
+}
+
+static void __kvmi_singlestep_event(struct kvm_vcpu *vcpu, bool success)
+{
+ struct kvm_vcpu_introspection *vcpui = VCPUI(vcpu);
+ u32 action;
+
+ if (!vcpui->singlestep.loop)
+ return;
+
+ action = kvmi_send_singlestep(vcpu, success);
+ switch (action) {
+ case KVMI_EVENT_ACTION_CONTINUE:
+ break;
+ default:
+ kvmi_handle_common_event_actions(vcpu->kvm, action,
+ "SINGLESTEP");
+ }
+}
+
+static void kvmi_singlestep_event(struct kvm_vcpu *vcpu, bool success)
+{
+ struct kvm_introspection *kvmi;
+ struct kvm *kvm = vcpu->kvm;
+
+ kvmi = kvmi_get(kvm);
+ if (!kvmi)
+ return;
+
+ if (is_event_enabled(vcpu, KVMI_EVENT_SINGLESTEP))
+ __kvmi_singlestep_event(vcpu, success);
+
+ kvmi_put(kvm);
+}
+
+void kvmi_singlestep_done(struct kvm_vcpu *vcpu)
+{
+ kvmi_singlestep_event(vcpu, true);
+}
+EXPORT_SYMBOL(kvmi_singlestep_done);
+
+void kvmi_singlestep_failed(struct kvm_vcpu *vcpu)
+{
+ kvmi_singlestep_event(vcpu, false);
+}
+EXPORT_SYMBOL(kvmi_singlestep_failed);
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index 64425ff16c7d..ccd99dfddf31 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -30,6 +30,7 @@
| BIT(KVMI_EVENT_TRAP) \
| BIT(KVMI_EVENT_PAUSE_VCPU) \
| BIT(KVMI_EVENT_PF) \
+ | BIT(KVMI_EVENT_SINGLESTEP) \
| BIT(KVMI_EVENT_XSETBV) \
)
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 76/78] KVM: introspection: add KVMI_VCPU_TRANSLATE_GVA
This helps the introspection tool with the VGA to GPA translations
without the need to monitor the guest page tables.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 31 +++++++++++++++++++
arch/x86/kvm/kvmi.c | 4 +++
include/uapi/linux/kvmi.h | 9 ++++++
.../testing/selftests/kvm/x86_64/kvmi_test.c | 31 +++++++++++++++++++
virt/kvm/introspection/kvmi_int.h | 2 ++
virt/kvm/introspection/kvmi_msg.c | 16 ++++++++++
6 files changed, 93 insertions(+)
diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 3515fea1eb75..bbe33cf7bd6e 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -962,6 +962,37 @@ if the hardware supports singlestep (see
**KVMI_GET_VERSION**).
* -KVM_EINVAL - padding is not zero
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+21. KVMI_VCPU_TRANSLATE_GVA
+---------------------------
+
+:Architecture: all
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_vcpu_translate_gva {
+ __u64 gva;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+ struct kvmi_vcpu_translate_gva_reply {
+ __u64 gpa;
+ };
+
+Translates a guest virtual address to a guest physical address or ~0 if
+the address cannot be translated.
+
+:Errors:
+
+* -KVM_EINVAL - the selected vCPU is invalid
+* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+
Events
=====
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index feebb0327e27..7b02bc82dbd7 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -1129,3 +1129,7 @@ bool kvmi_arch_stop_singlestep(struct kvm_vcpu *vcpu)
return true;
}
+gpa_t kvmi_arch_cmd_translate_gva(struct kvm_vcpu *vcpu, gva_t gva)
+{
+ return kvm_mmu_gva_to_gpa_system(vcpu, gva, 0, NULL);
+}
diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h
index 37c51e64d22c..2d93cafd0062 100644
--- a/include/uapi/linux/kvmi.h
+++ b/include/uapi/linux/kvmi.h
@@ -44,6 +44,7 @@ enum {
KVMI_VM_SET_PAGE_ACCESS = 21,
KVMI_VCPU_CONTROL_SINGLESTEP = 22,
+ KVMI_VCPU_TRANSLATE_GVA = 23,
KVMI_NUM_MESSAGES
};
@@ -205,4 +206,12 @@ struct kvmi_event_singlestep {
__u8 padding[7];
};
+struct kvmi_vcpu_translate_gva {
+ __u64 gva;
+};
+
+struct kvmi_vcpu_translate_gva_reply {
+ __u64 gpa;
+};
+
#endif /* _UAPI__LINUX_KVMI_H */
diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
index cf5edf91197d..9056a826864b 100644
--- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c
+++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c
@@ -1763,6 +1763,36 @@ static void test_cmd_vcpu_control_singlestep(struct
kvm_vm *vm)
disable_vcpu_event(vm, KVMI_EVENT_SINGLESTEP);
}
+static void cmd_translate_gva(struct kvm_vm *vm, vm_vaddr_t gva,
+ vm_paddr_t expected_gpa)
+{
+ struct {
+ struct kvmi_msg_hdr hdr;
+ struct kvmi_vcpu_hdr vcpu_hdr;
+ struct kvmi_vcpu_translate_gva cmd;
+ } req = { 0 };
+ struct kvmi_vcpu_translate_gva_reply rpl;
+
+ req.cmd.gva = gva;
+
+ test_vcpu0_command(vm, KVMI_VCPU_TRANSLATE_GVA, &req.hdr, sizeof(req),
+ &rpl, sizeof(rpl));
+
+ TEST_ASSERT(rpl.gpa == expected_gpa,
+ "Translation failed for gva 0x%llx -> gpa 0x%llx instead of
0x%llx\n",
+ gva, rpl.gpa, expected_gpa);
+}
+
+static void test_cmd_translate_gva(struct kvm_vm *vm)
+{
+ cmd_translate_gva(vm, test_gva, test_gpa);
+ DEBUG("Tested gva 0x%lx to gpa 0x%lx\n", test_gva, test_gpa);
+
+ cmd_translate_gva(vm, -1, ~0);
+ DEBUG("Tested gva 0x%lx to gpa 0x%lx\n",
+ (vm_vaddr_t)-1, (vm_paddr_t)-1);
+}
+
static void test_introspection(struct kvm_vm *vm)
{
setup_socket();
@@ -1795,6 +1825,7 @@ static void test_introspection(struct kvm_vm *vm)
test_cmd_vm_set_page_access(vm);
test_event_pf(vm);
test_cmd_vcpu_control_singlestep(vm);
+ test_cmd_translate_gva(vm);
unhook_introspection(vm);
}
diff --git a/virt/kvm/introspection/kvmi_int.h
b/virt/kvm/introspection/kvmi_int.h
index ccd99dfddf31..f440d04824c7 100644
--- a/virt/kvm/introspection/kvmi_int.h
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -58,6 +58,7 @@
| BIT(KVMI_VCPU_GET_XSAVE) \
| BIT(KVMI_VCPU_INJECT_EXCEPTION) \
| BIT(KVMI_VCPU_SET_REGISTERS) \
+ | BIT(KVMI_VCPU_TRANSLATE_GVA) \
)
#define KVMI(kvm) ((struct kvm_introspection *)((kvm)->kvmi))
@@ -172,5 +173,6 @@ bool kvmi_arch_pf_of_interest(struct kvm_vcpu *vcpu);
void kvmi_arch_features(struct kvmi_features *feat);
bool kvmi_arch_start_singlestep(struct kvm_vcpu *vcpu);
bool kvmi_arch_stop_singlestep(struct kvm_vcpu *vcpu);
+gpa_t kvmi_arch_cmd_translate_gva(struct kvm_vcpu *vcpu, gva_t gva);
#endif
diff --git a/virt/kvm/introspection/kvmi_msg.c
b/virt/kvm/introspection/kvmi_msg.c
index 4c49033a6407..b026cd142f5e 100644
--- a/virt/kvm/introspection/kvmi_msg.c
+++ b/virt/kvm/introspection/kvmi_msg.c
@@ -39,6 +39,7 @@ static const char *const msg_IDs[] = {
[KVMI_VCPU_INJECT_EXCEPTION] = "KVMI_VCPU_INJECT_EXCEPTION",
[KVMI_VCPU_PAUSE] = "KVMI_VCPU_PAUSE",
[KVMI_VCPU_SET_REGISTERS] = "KVMI_VCPU_SET_REGISTERS",
+ [KVMI_VCPU_TRANSLATE_GVA] = "KVMI_VCPU_TRANSLATE_GVA",
};
static bool is_known_message(u16 id)
@@ -614,6 +615,20 @@ static int handle_vcpu_control_singlestep(const struct
kvmi_vcpu_cmd_job *job,
return kvmi_msg_vcpu_reply(job, msg, ec, NULL, 0);
}
+static int handle_vcpu_translate_gva(const struct kvmi_vcpu_cmd_job *job,
+ const struct kvmi_msg_hdr *msg,
+ const void *_req)
+{
+ const struct kvmi_vcpu_translate_gva *req = _req;
+ struct kvmi_vcpu_translate_gva_reply rpl;
+
+ memset(&rpl, 0, sizeof(rpl));
+
+ rpl.gpa = kvmi_arch_cmd_translate_gva(job->vcpu, req->gva);
+
+ return kvmi_msg_vcpu_reply(job, msg, 0, &rpl, sizeof(rpl));
+}
+
/*
* These commands are executed on the vCPU thread. The receiving thread
* passes the messages using a newly allocated 'struct
kvmi_vcpu_cmd_job'
@@ -634,6 +649,7 @@ static int(*const msg_vcpu[])(const struct kvmi_vcpu_cmd_job
*,
[KVMI_VCPU_GET_XSAVE] = handle_vcpu_get_xsave,
[KVMI_VCPU_INJECT_EXCEPTION] = handle_vcpu_inject_exception,
[KVMI_VCPU_SET_REGISTERS] = handle_set_registers,
+ [KVMI_VCPU_TRANSLATE_GVA] = handle_vcpu_translate_gva,
};
static void kvmi_job_vcpu_cmd(struct kvm_vcpu *vcpu, void *ctx)
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 77/78] KVM: introspection: emulate a guest page table walk on SPT violations due to A/D bit updates
From: Mihai Don?u <mdontu at bitdefender.com>
On SPT page faults caused by guest page table walks, use the existing
guest page table walk code to make the necessary adjustments to the A/D
bits and return to guest. This effectively bypasses the x86 emulator
who was making the wrong modifications leading one OS (Windows 8.1 x64)
to triple-fault very early in the boot process with the introspection
enabled.
With introspection disabled, these faults are handled by simply removing
the protection from the affected guest page and returning to guest.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvmi_host.h | 2 ++
arch/x86/kvm/kvmi.c | 33 ++++++++++++++++++++++++++++++++
arch/x86/kvm/mmu/mmu.c | 11 +++++++++--
include/linux/kvmi_host.h | 3 +++
virt/kvm/introspection/kvmi.c | 26 +++++++++++++++++++++++++
5 files changed, 73 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/kvmi_host.h b/arch/x86/include/asm/kvmi_host.h
index 2e4eff501c0a..4c2188dc4a2b 100644
--- a/arch/x86/include/asm/kvmi_host.h
+++ b/arch/x86/include/asm/kvmi_host.h
@@ -61,6 +61,7 @@ bool kvmi_descriptor_event(struct kvm_vcpu *vcpu, u8
descriptor, u8 write);
bool kvmi_msr_event(struct kvm_vcpu *vcpu, struct msr_data *msr);
bool kvmi_monitor_msrw_intercept(struct kvm_vcpu *vcpu, u32 msr, bool enable);
bool kvmi_msrw_intercept_originator(struct kvm_vcpu *vcpu);
+bool kvmi_update_ad_flags(struct kvm_vcpu *vcpu);
#else /* CONFIG_KVM_INTROSPECTION */
@@ -83,6 +84,7 @@ static inline bool kvmi_monitor_msrw_intercept(struct kvm_vcpu
*vcpu, u32 msr,
bool enable) { return false; }
static inline bool kvmi_msrw_intercept_originator(struct kvm_vcpu *vcpu)
{ return false; }
+bool kvmi_update_ad_flags(struct kvm_vcpu *vcpu) { return false; }
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c
index 7b02bc82dbd7..229543ee90e6 100644
--- a/arch/x86/kvm/kvmi.c
+++ b/arch/x86/kvm/kvmi.c
@@ -1133,3 +1133,36 @@ gpa_t kvmi_arch_cmd_translate_gva(struct kvm_vcpu *vcpu,
gva_t gva)
{
return kvm_mmu_gva_to_gpa_system(vcpu, gva, 0, NULL);
}
+
+bool kvmi_update_ad_flags(struct kvm_vcpu *vcpu)
+{
+ struct kvm_introspection *kvmi;
+ bool ret = false;
+ gva_t gva;
+ gpa_t gpa;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return false;
+
+ gva = kvm_x86_ops->fault_gla(vcpu);
+ if (gva == ~0ull) {
+ kvmi_warn_once(kvmi, "%s: cannot perform translation\n",
+ __func__);
+ goto out;
+ }
+
+ gpa = kvm_mmu_gva_to_gpa_system(vcpu, gva, PFERR_WRITE_MASK, NULL);
+ if (gpa == UNMAPPED_GVA) {
+ struct x86_exception exception = { };
+
+ gpa = kvm_mmu_gva_to_gpa_system(vcpu, gva, 0, &exception);
+ }
+
+ ret = (gpa != UNMAPPED_GVA);
+
+out:
+ kvmi_put(vcpu->kvm);
+
+ return ret;
+}
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index d28b7425c4f1..603776f9bd84 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -5675,8 +5675,15 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2,
u64 error_code,
*/
if (vcpu->arch.mmu->direct_map &&
(error_code & PFERR_NESTED_GUEST_PAGE) == PFERR_NESTED_GUEST_PAGE) {
- kvm_mmu_unprotect_page(vcpu->kvm, gpa_to_gfn(cr2));
- return 1;
+ gfn_t gfn = gpa_to_gfn(cr2);
+
+ if (kvmi_tracked_gfn(vcpu, gfn)) {
+ if (kvmi_update_ad_flags(vcpu))
+ return 1;
+ } else {
+ kvm_mmu_unprotect_page(vcpu->kvm, gfn);
+ return 1;
+ }
}
/*
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
index 723a902f4b89..9a9cd7e1f75e 100644
--- a/include/linux/kvmi_host.h
+++ b/include/linux/kvmi_host.h
@@ -97,6 +97,7 @@ bool kvmi_enter_guest(struct kvm_vcpu *vcpu);
bool kvmi_vcpu_running_singlestep(struct kvm_vcpu *vcpu);
void kvmi_singlestep_done(struct kvm_vcpu *vcpu);
void kvmi_singlestep_failed(struct kvm_vcpu *vcpu);
+bool kvmi_tracked_gfn(struct kvm_vcpu *vcpu, gfn_t gfn);
#else
@@ -117,6 +118,8 @@ static inline bool kvmi_vcpu_running_singlestep(struct
kvm_vcpu *vcpu)
{ return false; }
static void kvmi_singlestep_done(struct kvm_vcpu *vcpu) { }
static void kvmi_singlestep_failed(struct kvm_vcpu *vcpu) { }
+static inline bool kvmi_tracked_gfn(struct kvm_vcpu *vcpu, gfn_t gfn)
+ { return false; }
#endif /* CONFIG_KVM_INTROSPECTION */
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
index 5bb3e1252242..8f3de6be6413 100644
--- a/virt/kvm/introspection/kvmi.c
+++ b/virt/kvm/introspection/kvmi.c
@@ -1380,3 +1380,29 @@ void kvmi_singlestep_failed(struct kvm_vcpu *vcpu)
kvmi_singlestep_event(vcpu, false);
}
EXPORT_SYMBOL(kvmi_singlestep_failed);
+
+static bool __kvmi_tracked_gfn(struct kvm_introspection *kvmi, gfn_t gfn)
+{
+ u8 ignored_access;
+
+ if (kvmi_get_gfn_access(kvmi, gfn, &ignored_access))
+ return false;
+
+ return true;
+}
+
+bool kvmi_tracked_gfn(struct kvm_vcpu *vcpu, gfn_t gfn)
+{
+ struct kvm_introspection *kvmi;
+ bool ret;
+
+ kvmi = kvmi_get(vcpu->kvm);
+ if (!kvmi)
+ return false;
+
+ ret = __kvmi_tracked_gfn(kvmi, gfn);
+
+ kvmi_put(vcpu->kvm);
+
+ return ret;
+}
Adalbert Lazăr
2020-Feb-07 18:16 UTC
[RFC PATCH v7 78/78] KVM: x86: call the page tracking code on emulation failure
From: Mihai Don?u <mdontu at bitdefender.com>
The information we can provide this way is incomplete, but current users
of the page tracking code can work with it.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/kvm/x86.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 49 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index b87ff31ce486..45ba3497484e 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6686,6 +6686,51 @@ static bool is_vmware_backdoor_opcode(struct
x86_emulate_ctxt *ctxt)
return false;
}
+/*
+ * With introspection enabled, emulation failures translate in events being
+ * missed because the read/write callbacks are not invoked. All we have is
+ * the fetch event (kvm_page_track_preexec). Below we use the EPT/NPT VMEXIT
+ * information to generate the events, but without providing accurate
+ * data and size (the emulator would have computed those). If an instruction
+ * would happen to read and write in the same page, the second event will
+ * initially be missed and we rely on the page tracking mechanism to bring
+ * us back here to send it.
+ */
+static bool kvm_page_track_emulation_failure(struct kvm_vcpu *vcpu, gpa_t gpa)
+{
+ u64 error_code = vcpu->arch.error_code;
+ u8 data = 0;
+ gva_t gva;
+ bool ret;
+
+ /* MMIO emulation failures should be treated the normal way */
+ if (unlikely(error_code & PFERR_RSVD_MASK))
+ return true;
+
+ /* EPT/NTP must be enabled */
+ if (unlikely(!vcpu->arch.mmu->direct_map))
+ return true;
+
+ /*
+ * The A/D bit emulation should make this test unneeded, but just
+ * in case
+ */
+ if (unlikely((error_code & PFERR_NESTED_GUEST_PAGE) =+
PFERR_NESTED_GUEST_PAGE))
+ return true;
+
+ gva = kvm_x86_ops->fault_gla(vcpu);
+
+ if (error_code & PFERR_WRITE_MASK)
+ ret = kvm_page_track_prewrite(vcpu, gpa, gva, &data, 0);
+ else if (error_code & PFERR_USER_MASK)
+ ret = kvm_page_track_preread(vcpu, gpa, gva, 0);
+ else
+ ret = true;
+
+ return ret;
+}
+
int x86_emulate_instruction(struct kvm_vcpu *vcpu,
unsigned long cr2,
int emulation_type,
@@ -6738,6 +6783,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
kvm_queue_exception(vcpu, UD_VECTOR);
return 1;
}
+ if (!kvm_page_track_emulation_failure(vcpu, cr2))
+ return 1;
if (reexecute_instruction(vcpu, cr2, write_fault_to_spt,
emulation_type))
return 1;
@@ -6795,6 +6842,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
return 1;
if (r == EMULATION_FAILED) {
+ if (!kvm_page_track_emulation_failure(vcpu, cr2))
+ return 1;
if (reexecute_instruction(vcpu, cr2, write_fault_to_spt,
emulation_type))
return 1;
Seemingly Similar Threads
- [PATCH v9 44/84] KVM: introspection: add KVMI_EVENT_UNHOOK
- [RFC PATCH v7 52/78] KVM: introspection: add KVMI_EVENT_PAUSE_VCPU
- [PATCH v9 45/84] KVM: introspection: add KVMI_VM_CONTROL_EVENTS
- [RFC PATCH v7 44/78] KVM: introspection: add KVMI_VM_CONTROL_EVENTS
- [RFC PATCH v7 57/78] KVM: introspection: add KVMI_EVENT_HYPERCALL