search for: is_command_allow

...tatic int handle_get_version(struct kvmi *ikvm, + const struct kvmi_msg_hdr *msg, const void *req) +{ + struct kvmi_get_version_reply rpl; + + memset(&rpl, 0, sizeof(rpl)); + rpl.version = KVMI_VERSION; + + return kvmi_msg_vm_reply(ikvm, msg, 0, &rpl, sizeof(rpl)); +} + static bool is_command_allowed(struct kvmi *ikvm, int id) { return test_bit(id, ikvm->cmd_allow_mask); @@ -139,6 +151,7 @@ static bool is_command_allowed(struct kvmi *ikvm, int id) */ static int(*const msg_vm[])(struct kvmi *, const struct kvmi_msg_hdr *, const void *) = { + [KVMI_GET_VERSION] = hand...

...mi_msg.c @@ -169,7 +169,7 @@ static int handle_get_version(struct kvmi *ikvm, memset(&rpl, 0, sizeof(rpl)); rpl.version = KVMI_VERSION; - return kvmi_msg_vm_reply(ikvm, msg, 0, &rpl, sizeof(rpl)); + return kvmi_msg_vm_maybe_reply(ikvm, msg, 0, &rpl, sizeof(rpl)); } static bool is_command_allowed(struct kvmi *ikvm, int id)

...izeof(ec)); + ec.err = err; + + return kvmi_sock_write(ikvm, vec, n, size); +} + +static int kvmi_msg_vm_reply(struct kvmi *ikvm, + const struct kvmi_msg_hdr *msg, int err, + const void *rpl, size_t rpl_size) +{ + return kvmi_msg_reply(ikvm, msg, err, rpl, rpl_size); +} + +static bool is_command_allowed(struct kvmi *ikvm, int id) +{ + return test_bit(id, ikvm->cmd_allow_mask); +} + +/* + * These commands are executed on the receiving thread/worker. + */ +static int(*const msg_vm[])(struct kvmi *, const struct kvmi_msg_hdr *, + const void *) = { +}; + +static bool is_vm_message(u16 id) +...

...err; + + return kvmi_sock_write(kvmi, vec, n, size); +} + +static int kvmi_msg_vm_reply(struct kvm_introspection *kvmi, + const struct kvmi_msg_hdr *msg, + int err, const void *rpl, + size_t rpl_size) +{ + return kvmi_msg_reply(kvmi, msg, err, rpl, rpl_size); +} + +static bool is_command_allowed(struct kvm_introspection *kvmi, int id) +{ + return test_bit(id, kvmi->cmd_allow_mask); +} + +/* + * These commands are executed by the receiving thread/worker. + */ +static int(*const msg_vm[])(struct kvm_introspection *, + const struct kvmi_msg_hdr *, const void *) = { +}; + +static bo...

...i_validate_no_reply(ikvm, msg, rpl_size, err)) + return -KVM_EINVAL; + return 0; + } + + return kvmi_msg_vm_reply(ikvm, msg, err, rpl, rpl_size); +} + static int handle_get_version(struct kvmi *ikvm, const struct kvmi_msg_hdr *msg, const void *req) { @@ -146,11 +177,37 @@ static bool is_command_allowed(struct kvmi *ikvm, int id) return test_bit(id, ikvm->cmd_allow_mask); } +static int handle_control_cmd_response(struct kvmi *ikvm, + const struct kvmi_msg_hdr *msg, + const void *_req) +{ + const struct kvmi_control_cmd_response *req = _req; + bool disabled, now; + int err; + + if...

...- a/virt/kvm/introspection/kvmi_msg.c +++ b/virt/kvm/introspection/kvmi_msg.c @@ -9,6 +9,7 @@ #include "kvmi_int.h" static const char *const msg_IDs[] = { + [KVMI_GET_VERSION] = "KVMI_GET_VERSION", }; static bool is_known_message(u16 id) @@ -116,11 +117,23 @@ static bool is_command_allowed(struct kvm_introspection *kvmi, int id) return test_bit(id, kvmi->cmd_allow_mask); } +static int handle_get_version(struct kvm_introspection *kvmi, + const struct kvmi_msg_hdr *msg, const void *req) +{ + struct kvmi_get_version_reply rpl; + + memset(&rpl, 0, sizeof(rpl)); + rp...

...uct { + struct kvmi_msg_hdr hdr; + struct kvmi_vcpu_hdr cmd; + } *msg; + struct kvm_vcpu *vcpu; +}; + static const char *const msg_IDs[] = { [KVMI_GET_VERSION] = "KVMI_GET_VERSION", [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND", @@ -123,6 +131,28 @@ static bool is_command_allowed(struct kvm_introspection *kvmi, int id) return test_bit(id, kvmi->cmd_allow_mask); } +static bool invalid_vcpu_hdr(const struct kvmi_vcpu_hdr *hdr) +{ + return hdr->padding1 || hdr->padding2; +} + +static int kvmi_get_vcpu(struct kvm_introspection *kvmi, unsigned int vcpu_idx, +...

...kvm_introspection *kvmi, + const struct kvmi_msg_hdr *msg, + const void *_req) +{ + const struct kvmi_vm_check_command *req = _req; + int ec = 0; + + if (req->padding1 || req->padding2) + ec = -KVM_EINVAL; + else if (req->id >= KVMI_NUM_COMMANDS) + ec = -KVM_EINVAL; + else if (!is_command_allowed(kvmi, req->id)) + ec = -KVM_EPERM; + + return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0); +} + +static bool is_event_allowed(struct kvm_introspection *kvmi, int id) +{ + return test_bit(id, kvmi->event_allow_mask); +} + +static int handle_check_event(struct kvm_introspection *kvmi, +...

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VM-s (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VM-s (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place