search for: kvm

This morning I applied the recent updates to CentOS-5.6 on a test and development host and observed this: Updating : kmod-kvm 4/20 WARNING: Can't read module /lib/modules/2.6.18-194.32.1.el5/weak-updates/kmod-kvm/kvm.ko: No such file or directory WARNING: /lib/modules/2.6.18-194.32.1.el5/weak-updates/kmod-kvm/ksm.ko needs unknown symbol kvm_ksm_spte_count WARNING: /lib/mo...

...ng spelling/grammar mistakes suggested by Randy Dunlap - Changing the hypercall interface to be able to process multiple pages per one hypercall also suggested by Randy Dunlap. It turns out that this will save lots of vmexist/memory slot flushes when protecting many pages. [PATCH RFC V4 1/3] KVM: X86: Memory ROE documentation [PATCH RFC V4 2/3] KVM: X86: Adding arbitrary data pointer in kvm memslot iterator functions [PATCH RFC V4 3/3] KVM: X86: Adding skeleton for Memory ROE Summary: Documentation/virtual/kvm/hypercalls.txt | 14 ++++ arch/x86/include/asm/kvm_host.h | 11 ++-...

Hi. I have Centos 7 (updated) running as my host, and I?m using Qemu and KVM, version 2.0.0 and 2.6.0. I have a Trendnet TU-S9 USB serial dongle attached to the host, which uses the Prolific 2303 chipset. I blacklisted the pl2303 driver so the host doesn?t grab the device, and want to expose it to the guest. On the client, I see 2 USB hubs (3.0 and 2.0), and I see 2 USB...

The main change from the patches I sent out earlier this week is support for guests that use the PIC. A callback for PIC irq ack handling is also introduced. Currently, there's no mechanism to register/unregister callers to the irq ack callbacks, but they can be added when there's more than one user for the functionality. Please review.

The main change from the patches I sent out earlier this week is support for guests that use the PIC. A callback for PIC irq ack handling is also introduced. Currently, there's no mechanism to register/unregister callers to the irq ack callbacks, but they can be added when there's more than one user for the functionality. Please review.

...d registers - They don't protect guest TLB from malicious gva -> gpa page mappings. But they provide sketches for a basic working design. Note that I am totally noob and it took lots of time and effort to get to this point. So sorry in advance if I overlooked something. [PATCH 1/3] [RFC V3] KVM: X86: Memory ROE documentation [PATCH 2/3] [RFC V3] KVM: X86: Adding arbitrary data pointer in kvm memslot itterator functions [PATCH 3/3] [RFC V3] KVM: X86: Adding skeleton for Memory ROE Summery: Documentation/virtual/kvm/hypercalls.txt | 14 ++++ arch/x86/include/asm/kvm_host.h | 1...

...d registers - They don't protect guest TLB from malicious gva -> gpa page mappings. But they provide sketches for a basic working design. Note that I am totally noob and it took lots of time and effort to get to this point. So sorry in advance if I overlooked something. [PATCH 1/3] [RFC V3] KVM: X86: Memory ROE documentation [PATCH 2/3] [RFC V3] KVM: X86: Adding arbitrary data pointer in kvm memslot itterator functions [PATCH 3/3] [RFC V3] KVM: X86: Adding skeleton for Memory ROE Summery: Documentation/virtual/kvm/hypercalls.txt | 14 ++++ arch/x86/include/asm/kvm_host.h | 1...

The connection of the introspection socket with the introspection tool is initialized by userspace/QEMU. Once the handshake is done, the file descriptor is passed to KVMi using the KVM_INTROSPECTION_HOOK ioctl. A new thread will be created to handle/dispatch all introspection commands or replies to introspection events. This thread will finish when the socket is closed by userspace (eg. when the guest is restarted) or by the introspection tool. The uuid member of s...

Hey gang, I have been trying my hardest to get KVM running on a 32-bit CentOS 5. I know "upstream doesn't support it", but from what I gather, it *is* possible. I've tried downloading the KVM source, but get nailed on compile with: LINK i386-softmmu/qemu make -C /lib/modules/2.6.18-308.1.1.el5PAE/build M=`pwd` \...

This patch adds support for the new virtio-mmio transport layer added in 3.2-rc1. The purpose of this new layer is to allow virtio to work on systems which don't necessarily support PCI, such as embedded systems. To apply the patch on top of the KVM tools tree, you must first pull Linus' tree on top. Also, CONFIG_VIRTIO_MMIO=y should be set in the guest kernel. This is an early RFC, command line currently only supports virtio-net (although this can be easily extended). ioeventfds and VQ size/align still unsupported (but will work on x86)....

This patch adds support for the new virtio-mmio transport layer added in 3.2-rc1. The purpose of this new layer is to allow virtio to work on systems which don't necessarily support PCI, such as embedded systems. To apply the patch on top of the KVM tools tree, you must first pull Linus' tree on top. Also, CONFIG_VIRTIO_MMIO=y should be set in the guest kernel. This is an early RFC, command line currently only supports virtio-net (although this can be easily extended). ioeventfds and VQ size/align still unsupported (but will work on x86)....

This patch introduces a hypercall implemented for X86 that can assist against subset of kernel rootkits, it works by place readonly protection in shadow PTE. The end result protection is also kept in a bitmap for each kvm_memory_slot and is used as reference when updating SPTEs. The whole goal is to protect the guest kernel static data from modification if attacker is running from guest ring 0, for this reason there is no hypercall to revert effect of Memory ROE hypercall. This patch doesn't implement integrity...

This patch introduces a hypercall implemented for X86 that can assist against subset of kernel rootkits, it works by place readonly protection in shadow PTE. The end result protection is also kept in a bitmap for each kvm_memory_slot and is used as reference when updating SPTEs. The whole goal is to protect the guest kernel static data from modification if attacker is running from guest ring 0, for this reason there is no hypercall to revert effect of Memory ROE hypercall. This patch doesn't implement integrity...

This is a first go at adding support for the modern (based on the 1.0 virtio spec) virtio-pci implementation. kvmtool makes it simple to add additional transports such as this because of it's layering, so we are able to add it as a 3rd (after legacy virtio-pci and virtio-mmio) transport layer, and still allow users to choose to use either the legacy or the modern implementations (but setting the modern one...

This is a first go at adding support for the modern (based on the 1.0 virtio spec) virtio-pci implementation. kvmtool makes it simple to add additional transports such as this because of it's layering, so we are able to add it as a 3rd (after legacy virtio-pci and virtio-mmio) transport layer, and still allow users to choose to use either the legacy or the modern implementations (but setting the modern one...

...virtuozzo.com> Signed-off-by: Denis V. Lunev <den at openvz.org> CC: Vitaly Kuznetsov <vkuznets at redhat.com> CC: "K. Y. Srinivasan" <kys at microsoft.com> CC: Gleb Natapov <gleb at kernel.org> CC: Paolo Bonzini <pbonzini at redhat.com> --- arch/powerpc/kvm/mpic.c | 18 +++ arch/s390/kvm/interrupt.c | 18 +++ arch/x86/include/asm/kvm_host.h | 14 +++ arch/x86/kvm/hyperv.c | 266 ++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/hyperv.h | 20 +++ arch/x86/kvm/irq_comm.c | 16 +++ arch/x86/kvm/lapic.c...

This patchset implements the KVM part of the synthetic interrupt controller (SynIC) which is a building block of the Hyper-V paravirtualized device bus (vmbus). SynIC is a lapic extension, which is controlled via MSRs and maintains for each vCPU - 16 synthetic interrupt "lines" (SINT's); each can be configured to...

This patchset implements the KVM part of the synthetic interrupt controller (SynIC) which is a building block of the Hyper-V paravirtualized device bus (vmbus). SynIC is a lapic extension, which is controlled via MSRs and maintains for each vCPU - 16 synthetic interrupt "lines" (SINT's); each can be configured to...

...slice in a useful way - ipl functions, which a guest can use to reset and reboot itself In order to implement ipl functions, we also introduce an exit reason that causes userspace to perform various resets on the virtual machine. All resets are described in the principles of operation book, except KVM_S390_RESET_IPL which causes a reboot of the machine. Acked-by: Martin Schwidefsky <martin.schwidefsky at de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger at de.ibm.com> Signed-off-by: Carsten Otte <cotte at de.ibm.com> --- arch/s390/kvm/Makefile | 2 - arch/...

This patch series is based on the VM introspection patches (https://lore.kernel.org/kvm/20200721210922.7646-1-alazar at bitdefender.com/), extending the introspection API with EPT Views and Virtualization Exceptions (#VE) support. The purpose of this series is to get an initial feedback and to see if we are on the right track, especially because the changes made to add the EPT views...