search for: kvm_introspection_command

KVM_INTROSPECTION_COMMAND and KVM_INTROSPECTION_EVENTS ioctls should be used by userspace to allow access for specific (or all) introspection commands and events. By default, all the introspection events and almost all the introspection commands are disallowed. Some commands are always allowed, those querying the introspec...

...d by the KVMi subsystem and, most important, what messages must be used for event replies. The kernel side will accept smaller or bigger command messages, but it can be more strict with bigger event reply messages. The command is always allowed and any attempt from userspace to disallow it through KVM_INTROSPECTION_COMMAND will get -EPERM (unless userspace choose to disable all commands, using id=-1, in which case KVMI_GET_VERSION is quietly allowed, without an error). Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- Documentation/virtual/kvm/kvmi.rst | 28 ++++++++++++++++++++++++++++ include/ua...

...nt replies. These messages might be extended in future versions. The kernel side will accept smaller/older or bigger/newer command messages, but not bigger/newer event replies. The KVMI_GET_VERSION command is always allowed and any attempt from userspace to explicitly disallow this command through KVM_INTROSPECTION_COMMAND will get -EPERM (unless userspace chooses to disable all commands, using id=-1, in which case KVMI_GET_VERSION is silently allowed, without an error). Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- Documentation/virt/kvm/kvmi.rst | 27 +++++++++++++++++++ includ...

...ser *argp); +int kvmi_ioctl_preunhook(struct kvm *kvm); #else diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index e2de987b5d8f..f745a3c60e02 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1571,6 +1571,8 @@ struct kvm_introspection_feature { #define KVM_INTROSPECTION_COMMAND _IOW(KVMIO, 0xc5, struct kvm_introspection_feature) #define KVM_INTROSPECTION_EVENT _IOW(KVMIO, 0xc6, struct kvm_introspection_feature) +#define KVM_INTROSPECTION_PREUNHOOK _IO(KVMIO, 0xc7) + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)...

...ure *feat); +int kvmi_ioctl_preunhook(struct kvm *kvm); #else diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 17df03ceb483..06d88157de20 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1630,6 +1630,8 @@ struct kvm_introspection_feature { #define KVM_INTROSPECTION_COMMAND _IOW(KVMIO, 0xc5, struct kvm_introspection_feature) #define KVM_INTROSPECTION_EVENT _IOW(KVMIO, 0xc6, struct kvm_introspection_feature) +#define KVM_INTROSPECTION_PREUNHOOK _IO(KVMIO, 0xc7) + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)...

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VM-s (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VM-s (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place