Displaying 20 results from an estimated 600 matches for "introspected".
2020 Feb 07
0
[RFC PATCH v7 43/78] KVM: introspection: add KVMI_EVENT_UNHOOK
In certain situations (when the guest has to be paused, suspended,
migrated, etc.), userspace will use the KVM_INTROSPECTION_PREUNHOOK
ioctl in order to trigger the KVMI_EVENT_UNHOOK. If the event is sent
successfully (the VM has an active introspection channel), userspace
should delay the action (pause/suspend/...) to give the introspection
tool the chance to remove its hooks (eg. breakpoints)
2020 Feb 07
0
[RFC PATCH v7 41/78] KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT
These commands can be used by the introspection tool to check what
introspection commands and events are supported (by KVMi) and allowed
(by userspace).
The introspection tool will get one of the following error codes:
* -KVM_ENOSYS (unsupported command/event)
* -KVM_PERM (disallowed command/event)
* -KVM_EINVAL (the padding space, used for future extensions,
is not zero)
2020 Feb 07
0
[RFC PATCH v7 47/78] KVM: introspection: add a jobs list to every introspected vCPU
Every vCPU has a lock-protected list in which (mostly) the receiving
worker places the jobs that has to be done by the vCPU once it is kicked
(KVM_REQ_INTROSPECTION) out of guest.
A job is defined by a "do" function, a "free" function and a pointer
(context).
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at
2020 Feb 07
0
[RFC PATCH v7 40/78] KVM: introspection: add KVMI_GET_VERSION
This command should be used by the introspection tool to identify the
commands/events supported by the KVMi subsystem and, most important,
what messages must be used for event replies. These messages might be
extended in future versions. The kernel side will accept smaller/older
or bigger/newer command messages, but not bigger/newer event replies.
The KVMI_GET_VERSION command is always allowed
2020 Feb 07
0
[RFC PATCH v7 44/78] KVM: introspection: add KVMI_VM_CONTROL_EVENTS
With this command the introspection tool enables/disables VM events
(ie. KVMI_EVENT_UNHOOK), because no event (neither VM event, nor vCPU
event) will be sent to the introspection tool unless enabled/requested.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 44 +++++++++++++++--
include/linux/kvmi_host.h | 2
2020 Jul 21
0
[PATCH v9 44/84] KVM: introspection: add KVMI_EVENT_UNHOOK
...OK
+---------------------------------
+
+:Capability: KVM_CAP_INTROSPECTION
+:Architectures: x86
+:Type: vm ioctl
+:Parameters: none
+:Returns: 0 on success, a negative value on error
+
+Errors:
+
+ ====== ============================================================
+ EFAULT the VM is not introspected yet (use KVM_INTROSPECTION_HOOK)
+ ENOENT the socket (passed with KVM_INTROSPECTION_HOOK) had an error
+ ENOENT the introspection tool didn't subscribed
+ to this type of introspection event (unhook)
+ ====== ===========================================================...
2020 Jul 21
0
[PATCH v9 45/84] KVM: introspection: add KVMI_VM_CONTROL_EVENTS
By default, all introspection VM events are disabled. The introspection
tool must explicitly enable the VM events it wants to receive. With
this command (KVMI_VM_CONTROL_EVENTS) it can enable/disable any VM event
(e.g. KVMI_EVENT_UNHOOK) if allowed by the device manager.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 44
2020 Feb 07
0
[RFC PATCH v7 73/78] KVM: introspection: extend KVMI_GET_VERSION with struct kvmi_features
This is used by the introspection tool to check the hardware support
for single step.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 13 ++++++++++++-
arch/x86/include/uapi/asm/kvmi.h | 5 +++++
arch/x86/kvm/kvmi.c | 5 +++++
include/uapi/linux/kvmi.h | 1 +
2020 Feb 07
0
[RFC PATCH v7 53/78] KVM: introspection: add KVMI_VCPU_CONTROL_EVENTS
...diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index 8bf9b8f6dd7c..c48abc8f5c97 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -504,13 +504,56 @@ Use *KVMI_VM_CHECK_EVENT* first.
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
* -KVM_EBUSY - the selected vCPU has too many queued *KVMI_EVENT_PAUSE_VCPU* events
+10. KVMI_VCPU_CONTROL_EVENTS
+----------------------------
+
+:Architectures: all
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_vcpu_control_events {
+ __u16 event_id;
+...
2019 Aug 09
0
[RFC PATCH v6 02/92] kvm: introspection: add basic ioctls (hook/unhook)
...+ __u32 padding;
+ __u8 uuid[16];
+};
+
+fd is the file handle of a socket connected to the introspection tool,
+
+padding must be zero (it might be used in the future),
+
+uuid is used for debug and error messages.
+
+It can fail with -EFAULT if:
+ - memory allocation failed
+ - this VM is already introspected
+ - the file handle doesn't correspond to an active socket
+
+It will fail with -EINVAL if padding is not zero.
+
+The KVMI version can be retrieved using the KVM_CAP_INTROSPECTION of
+the KVM_CHECK_EXTENSION ioctl() at run-time.
+
+4.997 KVM_INTROSPECTION_UNHOOK
+
+Capability: KVM_CAP_INTROSPE...
2020 Jul 21
0
[PATCH v9 42/84] KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT
These commands are used to check what introspection commands and events
are supported (kernel) and allowed (device manager).
These are alternative methods to KVMI_GET_VERSION in checking if the
introspection supports a specific command/event.
As with the KVMI_GET_VERSION command, these two commands can never be
disallowed by the device manager.
Signed-off-by: Adalbert Laz?r <alazar at
2020 Feb 07
0
[RFC PATCH v7 57/78] KVM: introspection: add KVMI_EVENT_HYPERCALL
From: Mihai Don?u <mdontu at bitdefender.com>
This event is sent on a specific user hypercall.
It is used by the code residing inside the introspected guest to call the
introspection tool and to report certain details about its operation.
For example, a classic antimalware remediation tool can report
what it has found during a scan.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefe...
2020 Jul 22
0
[RFC PATCH v1 13/34] KVM: introspection: add KVMI_VCPU_GET_EPT_VIEW
...rst b/Documentation/virt/kvm/kvmi.rst
index 234eacec4db1..76a2d0125f78 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -1120,6 +1120,40 @@ the address cannot be translated.
* -KVM_EINVAL - the padding is not zero
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+26. KVMI_VCPU_GET_EPT_VIEW
+--------------------------
+
+:Architecture: x86
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+ struct kvmi_vcpu_get_ept_view_reply {
+ __u16 view;
+ __u16 padding1;
+ __u32 padding2;
+ };
+
+R...
2006 Apr 25
5
XenAccess Library: Introspection for Xen
I''m pleased to announce a new project called XenAccess. The project
goals are to provide a full featured introspection library for Xen.
Introspection is a technique where applications in one domain can
view memory from another domain. For example, you can run an
application in dom0 to list the processes or LKMs in a domU. More
information is available on the website:
2020 Feb 07
0
[RFC PATCH v7 76/78] KVM: introspection: add KVMI_VCPU_TRANSLATE_GVA
.../kvm/kvmi.rst
index 3515fea1eb75..bbe33cf7bd6e 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -962,6 +962,37 @@ if the hardware supports singlestep (see **KVMI_GET_VERSION**).
* -KVM_EINVAL - padding is not zero
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
+21. KVMI_VCPU_TRANSLATE_GVA
+---------------------------
+
+:Architecture: all
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_vcpu_translate_gva {
+ __u64 gva;
+ };
+
+:Returns:
+
+::
+
+ struct kvmi_error_code;
+ struct kvmi_vcpu_translate_gva_reply {
+ __...
2020 Feb 07
0
[RFC PATCH v7 63/78] KVM: introspection: add KVMI_VM_GET_MAX_GFN
From: ?tefan ?icleru <ssicleru at bitdefender.com>
The introspection tool can use this to set access restrictions for a
wide range of guest addresses.
Signed-off-by: ?tefan ?icleru <ssicleru at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at
2020 Jul 21
87
[PATCH v9 00/84] VM introspection
...tion: add the read/dispatch message function
KVM: introspection: add KVMI_GET_VERSION
KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT
KVM: introspection: add KVMI_EVENT_UNHOOK
KVM: introspection: add KVMI_VM_CONTROL_EVENTS
KVM: introspection: add a jobs list to every introspected vCPU
KVM: introspection: add KVMI_VCPU_PAUSE
KVM: introspection: add KVMI_EVENT_PAUSE_VCPU
KVM: introspection: add KVMI_VM_CONTROL_CLEANUP
KVM: introspection: add KVMI_VCPU_GET_XCR
KVM: introspection: add KVMI_VCPU_SET_XSAVE
KVM: introspection: extend KVMI_GET_VERSION with struct kvmi_f...
2020 Feb 07
78
[RFC PATCH v7 00/78] VM introspection
...tion: add the read/dispatch message function
KVM: introspection: add KVMI_GET_VERSION
KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT
KVM: introspection: add KVMI_EVENT_UNHOOK
KVM: introspection: add KVMI_VM_CONTROL_EVENTS
KVM: introspection: add a jobs list to every introspected vCPU
KVM: introspection: add KVMI_VCPU_PAUSE
KVM: introspection: add KVMI_EVENT_PAUSE_VCPU
KVM: introspection: extend KVMI_GET_VERSION with struct kvmi_features
KVM: introspection: add KVMI_VCPU_TRANSLATE_GVA
Marian Rotariu (1):
KVM: introspection: add KVMI_VCPU_GET_CPUID
Mathieu Tarral...
2020 Jul 21
0
[PATCH v9 58/84] KVM: introspection: add KVMI_VCPU_GET_CPUID
...f --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
index bd35002c3254..fc2e8c756191 100644
--- a/Documentation/virt/kvm/kvmi.rst
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -641,6 +641,42 @@ currently being handled is replied to.
* -KVM_EAGAIN - the selected vCPU can't be introspected yet
* -KVM_EOPNOTSUPP - the command hasn't been received during an introspection event
+13. KVMI_VCPU_GET_CPUID
+-----------------------
+
+:Architectures: x86
+:Versions: >= 1
+:Parameters:
+
+::
+
+ struct kvmi_vcpu_hdr;
+ struct kvmi_vcpu_get_cpuid {
+ __u32 function;
+ __u32 index;...
2020 Feb 07
0
[RFC PATCH v7 38/78] KVM: introspection: add permission access ioctls
KVM_INTROSPECTION_COMMAND and KVM_INTROSPECTION_EVENTS ioctls should be
used by userspace to allow access for specific (or all) introspection
commands and events.
By default, all the introspection events and almost all the introspection
commands are disallowed. Some commands are always allowed, those querying
the introspection capabilities.
Signed-off-by: Adalbert Laz?r <alazar at