search for: cmd_allow_mask

...lose the KVMI channel (signaling that the +operation can proceed). diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h index 8d21e031788e..8e142096ba47 100644 --- a/include/linux/kvmi_host.h +++ b/include/linux/kvmi_host.h @@ -18,6 +18,8 @@ struct kvm_introspection { unsigned long *cmd_allow_mask; unsigned long *event_allow_mask; + unsigned long *vm_event_enable_mask; + atomic_t ev_seq; }; diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h index 9fbe52caf96c..f9e2cb8a2c5e 100644 --- a/include/uapi/linux/kvmi.h +++ b/include/uapi/linux/kvmi.h @@ -17,10 +17,11 @@ enum...

...*/ diff --git a/virt/kvm/kvmi.c b/virt/kvm/kvmi.c index afa31748d7f4..d5b6af21564e 100644 --- a/virt/kvm/kvmi.c +++ b/virt/kvm/kvmi.c @@ -68,6 +68,8 @@ static bool alloc_kvmi(struct kvm *kvm, const struct kvm_introspection *qemu) if (!ikvm) return false; + set_bit(KVMI_GET_VERSION, ikvm->cmd_allow_mask); + memcpy(&ikvm->uuid, &qemu->uuid, sizeof(ikvm->uuid)); ikvm->kvm = kvm; @@ -290,6 +292,18 @@ int kvmi_ioctl_command(struct kvm *kvm, void __user *argp) bitmap_from_u64(known, KVMI_KNOWN_COMMANDS); bitmap_and(requested, requested, known, KVMI_NUM_COMMANDS); + if (!...

...++ b/virt/kvm/introspection/kvmi.c @@ -76,6 +76,8 @@ alloc_kvmi(struct kvm *kvm, const struct kvm_introspection_hook *hook) BUILD_BUG_ON(sizeof(hook->uuid) != sizeof(kvmi->uuid)); memcpy(&kvmi->uuid, &hook->uuid, sizeof(kvmi->uuid)); + set_bit(KVMI_GET_VERSION, kvmi->cmd_allow_mask); + kvmi->kvm = kvm; return kvmi; @@ -299,6 +301,18 @@ int kvmi_ioctl_command(struct kvm *kvm, void __user *argp) bitmap_from_u64(known, KVMI_KNOWN_COMMANDS); bitmap_and(requested, requested, known, KVMI_NUM_COMMANDS); + if (!allow) { + DECLARE_BITMAP(always_allowed, KVMI_NUM_COMMAN...

...f0cfb..8f8e18696794 100644 --- a/virt/kvm/introspection/kvmi.c +++ b/virt/kvm/introspection/kvmi.c @@ -77,6 +77,8 @@ alloc_kvmi(struct kvm *kvm, const struct kvm_introspection_hook *hook) memcpy(&kvmi->uuid, &hook->uuid, sizeof(kvmi->uuid)); set_bit(KVMI_GET_VERSION, kvmi->cmd_allow_mask); + set_bit(KVMI_VM_CHECK_COMMAND, kvmi->cmd_allow_mask); + set_bit(KVMI_VM_CHECK_EVENT, kvmi->cmd_allow_mask); kvmi->kvm = kvm; @@ -304,10 +306,14 @@ int kvmi_ioctl_command(struct kvm *kvm, void __user *argp) if (!allow) { DECLARE_BITMAP(always_allowed, KVMI_NUM_COMMANDS); -...

...__u8 enable; + __u8 now; + __u16 padding1; + __u32 padding2; +}; + #endif /* _UAPI__LINUX_KVMI_H */ diff --git a/virt/kvm/kvmi_int.h b/virt/kvm/kvmi_int.h index 76119a4b69d8..157f765fb34d 100644 --- a/virt/kvm/kvmi_int.h +++ b/virt/kvm/kvmi_int.h @@ -85,6 +85,8 @@ struct kvmi { DECLARE_BITMAP(cmd_allow_mask, KVMI_NUM_COMMANDS); DECLARE_BITMAP(event_allow_mask, KVMI_NUM_EVENTS); + + bool cmd_reply_disabled; }; /* kvmi_msg.c */ diff --git a/virt/kvm/kvmi_msg.c b/virt/kvm/kvmi_msg.c index 6fe04de29f7e..ea5c7e23669a 100644 --- a/virt/kvm/kvmi_msg.c +++ b/virt/kvm/kvmi_msg.c @@ -9,6 +9,7 @@ #include...

...64 shadow_gs; + } msrs; +}; + +#endif /* _UAPI_ASM_X86_KVMI_H */ diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h index 4e77a0227c08..180e26335a8f 100644 --- a/include/linux/kvmi_host.h +++ b/include/linux/kvmi_host.h @@ -21,6 +21,8 @@ struct kvm_introspection { DECLARE_BITMAP(cmd_allow_mask, KVMI_NUM_COMMANDS); DECLARE_BITMAP(event_allow_mask, KVMI_NUM_EVENTS); + + atomic_t ev_seq; }; #ifdef CONFIG_KVM_INTROSPECTION @@ -34,6 +36,7 @@ int kvmi_ioctl_hook(struct kvm *kvm, void __user *argp); int kvmi_ioctl_unhook(struct kvm *kvm); int kvmi_ioctl_command(struct kvm *kvm, void __u...

...vm/kvmi.c index 3c884dc0e38c..3cc7bb035796 100644 --- a/virt/kvm/kvmi.c +++ b/virt/kvm/kvmi.c @@ -76,6 +76,8 @@ static bool alloc_kvmi(struct kvm *kvm, const struct kvm_introspection *qemu) if (!ikvm) return false; + atomic_set(&ikvm->ev_seq, 0); + set_bit(KVMI_GET_VERSION, ikvm->cmd_allow_mask); set_bit(KVMI_CHECK_COMMAND, ikvm->cmd_allow_mask); set_bit(KVMI_CHECK_EVENT, ikvm->cmd_allow_mask); @@ -520,10 +522,20 @@ void kvmi_run_jobs(struct kvm_vcpu *vcpu) } } +static bool need_to_wait(struct kvm_vcpu *vcpu) +{ + struct kvmi_vcpu *ivcpu = IVCPU(vcpu); + + return ivcpu->...

...struct kvm; #include <asm/kvmi_host.h> +#define KVMI_NUM_COMMANDS KVMI_NUM_MESSAGES + struct kvm_introspection { struct kvm_arch_introspection arch; struct kvm *kvm; @@ -16,6 +18,9 @@ struct kvm_introspection { struct socket *sock; struct task_struct *recv; + + DECLARE_BITMAP(cmd_allow_mask, KVMI_NUM_COMMANDS); + DECLARE_BITMAP(event_allow_mask, KVMI_NUM_EVENTS); }; #ifdef CONFIG_KVM_INTROSPECTION @@ -27,6 +32,8 @@ void kvmi_destroy_vm(struct kvm *kvm); int kvmi_ioctl_hook(struct kvm *kvm, void __user *argp); int kvmi_ioctl_unhook(struct kvm *kvm); +int kvmi_ioctl_command(stru...

...64 shadow_gs; + } msrs; +}; + +#endif /* _UAPI_ASM_X86_KVMI_H */ diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h index 7efd071e398d..8d21e031788e 100644 --- a/include/linux/kvmi_host.h +++ b/include/linux/kvmi_host.h @@ -17,6 +17,8 @@ struct kvm_introspection { unsigned long *cmd_allow_mask; unsigned long *event_allow_mask; + + atomic_t ev_seq; }; int kvmi_version(void); @@ -32,6 +34,7 @@ int kvmi_ioctl_command(struct kvm *kvm, const struct kvm_introspection_feature *feat); int kvmi_ioctl_event(struct kvm *kvm, const struct kvm_introspection_feature *feat); +i...

...*vcpu; +}; + static const char *const msg_IDs[] = { [KVMI_GET_VERSION] = "KVMI_GET_VERSION", [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND", @@ -123,6 +131,28 @@ static bool is_command_allowed(struct kvm_introspection *kvmi, int id) return test_bit(id, kvmi->cmd_allow_mask); } +static bool invalid_vcpu_hdr(const struct kvmi_vcpu_hdr *hdr) +{ + return hdr->padding1 || hdr->padding2; +} + +static int kvmi_get_vcpu(struct kvm_introspection *kvmi, unsigned int vcpu_idx, + struct kvm_vcpu **dest) +{ + struct kvm *kvm = kvmi->kvm; + struct kvm_vcpu *vcpu; +...

...ys_allowed_commands, KVMI_NUM_COMMANDS); +static DECLARE_BITMAP(Kvmi_known_events, KVMI_NUM_EVENTS); static struct kmem_cache *msg_cache; @@ -51,15 +52,28 @@ bool kvmi_is_command_allowed(struct kvm_introspection *kvmi, u16 id) return id < KVMI_NUM_COMMANDS && test_bit(id, kvmi->cmd_allow_mask); } +bool kvmi_is_known_event(u8 id) +{ + return id < KVMI_NUM_EVENTS && test_bit(id, Kvmi_known_events); +} + static void setup_always_allowed_commands(void) { bitmap_zero(Kvmi_always_allowed_commands, KVMI_NUM_COMMANDS); set_bit(KVMI_GET_VERSION, Kvmi_always_allowed_commands);...

...lose the KVMI channel (signaling that the +operation can proceed). diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h index 180e26335a8f..41b22af771fb 100644 --- a/include/linux/kvmi_host.h +++ b/include/linux/kvmi_host.h @@ -22,6 +22,8 @@ struct kvm_introspection { DECLARE_BITMAP(cmd_allow_mask, KVMI_NUM_COMMANDS); DECLARE_BITMAP(event_allow_mask, KVMI_NUM_EVENTS); + DECLARE_BITMAP(vm_event_enable_mask, KVMI_NUM_EVENTS); + atomic_t ev_seq; }; diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h index e74240aff5b7..da9bf30ae513 100644 --- a/include/uapi/linux/kvmi.h...

...+static int kvmi_msg_vm_reply(struct kvmi *ikvm, + const struct kvmi_msg_hdr *msg, int err, + const void *rpl, size_t rpl_size) +{ + return kvmi_msg_reply(ikvm, msg, err, rpl, rpl_size); +} + +static bool is_command_allowed(struct kvmi *ikvm, int id) +{ + return test_bit(id, ikvm->cmd_allow_mask); +} + +/* + * These commands are executed on the receiving thread/worker. + */ +static int(*const msg_vm[])(struct kvmi *, const struct kvmi_msg_hdr *, + const void *) = { +}; + +static bool is_vm_message(u16 id) +{ + return id < ARRAY_SIZE(msg_vm) && !!msg_vm[id]; +} + +static bo...

...m) return false; + /* see comments of radix_tree_preload() - no direct reclaim */ + INIT_RADIX_TREE(&ikvm->access_tree, GFP_KERNEL & ~__GFP_DIRECT_RECLAIM); + rwlock_init(&ikvm->access_tree_lock); + atomic_set(&ikvm->ev_seq, 0); set_bit(KVMI_GET_VERSION, ikvm->cmd_allow_mask); @@ -85,6 +179,12 @@ static bool alloc_kvmi(struct kvm *kvm, const struct kvm_introspection *qemu) memcpy(&ikvm->uuid, &qemu->uuid, sizeof(ikvm->uuid)); + ikvm->kptn_node.track_preread = kvmi_track_preread; + ikvm->kptn_node.track_prewrite = kvmi_track_prewrite; + ikvm...

...mi_msg", KVMI_MSG_SIZE_ALLOC, + 4096, SLAB_ACCOUNT, NULL); + + if (!msg_cache) { + kvmi_cache_destroy(); + + return -1; + } + + return 0; +} + +bool kvmi_is_command_allowed(struct kvm_introspection *kvmi, u16 id) +{ + return id < KVMI_NUM_COMMANDS && test_bit(id, kvmi->cmd_allow_mask); +} int kvmi_init(void) { - return 0; + return kvmi_cache_create(); } int kvmi_version(void) @@ -22,6 +61,7 @@ int kvmi_version(void) void kvmi_uninit(void) { + kvmi_cache_destroy(); } static void free_kvmi(struct kvm *kvm) diff --git a/virt/kvm/introspection/kvmi_int.h b/virt/kvm/...

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

...ct kvm_introspection *kvmi, + const struct kvmi_msg_hdr *msg, + int err, const void *rpl, + size_t rpl_size) +{ + return kvmi_msg_reply(kvmi, msg, err, rpl, rpl_size); +} + +static bool is_command_allowed(struct kvm_introspection *kvmi, int id) +{ + return test_bit(id, kvmi->cmd_allow_mask); +} + +/* + * These commands are executed by the receiving thread/worker. + */ +static int(*const msg_vm[])(struct kvm_introspection *, + const struct kvmi_msg_hdr *, const void *) = { +}; + +static bool is_vm_message(u16 id) +{ + return id < ARRAY_SIZE(msg_vm) && !!msg_vm[id]; +}...

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VM-s (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VM-s (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place