search for: kvmi_event_unhook

In certain situations (when the guest has to be paused, suspended, migrated, etc.), userspace will use the KVM_INTROSPECTION_PREUNHOOK ioctl in order to trigger the KVMI_EVENT_UNHOOK. If the event is sent successfully (the VM has an active introspection channel), userspace should delay the action (pause/suspend/...) to give the introspection tool the chance to remove its hooks (eg. breakpoints) while the guest is still running. Once a timeout is reached or the introspection too...

In certain situations (when the guest has to be paused, suspended, migrated, etc.), the device manager will use the KVM_INTROSPECTION_PREUNHOOK ioctl in order to trigger the KVMI_EVENT_UNHOOK event. If the event is sent successfully (the VM has an active introspection channel), the device manager should delay the action (pause/suspend/...) to give the introspection tool the chance to remove its hooks (eg. breakpoints) while the guest is still running. Once a timeout is reached or the in...

With this command the introspection tool enables/disables VM events (ie. KVMI_EVENT_UNHOOK), because no event (neither VM event, nor vCPU event) will be sent to the introspection tool unless enabled/requested. Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- Documentation/virt/kvm/kvmi.rst | 44 +++++++++++++++-- include/linux/kvmi_host.h...

By default, all introspection VM events are disabled. The introspection tool must explicitly enable the VM events it wants to receive. With this command (KVMI_VM_CONTROL_EVENTS) it can enable/disable any VM event (e.g. KVMI_EVENT_UNHOOK) if allowed by the device manager. Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- Documentation/virt/kvm/kvmi.rst | 44 +++++++++++++-- include/linux/kvmi_host.h | 2 + include/uapi/linux/kvmi.h | 16 ++++-- .../testing/s...

...cept the KVMI_EVENT_ACTION_CONTINUE action, which +lets the instruction that caused the event to continue (unless specified +otherwise). + +Some of the events accept the KVMI_EVENT_ACTION_RETRY action, to continue +by re-entering the guest. + Specific data can follow these common structures. 1. KVMI_EVENT_UNHOOK @@ -570,7 +591,7 @@ for this event (see **KVMI_VM_CONTROL_EVENTS**). The introspection tool has a chance to unhook and close the KVMI channel (signaling that the operation can proceed). -1. KVMI_EVENT_PAUSE_VCPU +2. KVMI_EVENT_PAUSE_VCPU ------------------------ :Architectures: all diff --g...

...isables vCPU introspection events. + +When an event is enabled, the introspection tool is notified and it +must reply with: continue, retry, crash, etc. (see **Events** below). + +The *KVMI_EVENT_PAUSE_VCPU* event is always allowed, +because it is triggered by the *KVMI_VCPU_PAUSE* command. + +The *KVMI_EVENT_UNHOOK* event is controlled +by the *KVMI_VM_CONTROL_EVENTS* command. + +:Errors: + +* -KVM_EINVAL - the selected vCPU is invalid +* -KVM_EINVAL - the event ID is invalid/unknown (use *KVMI_VM_CHECK_EVENT* first) +* -KVM_EINVAL - padding is not zero +* -KVM_EAGAIN - the selected vCPU can't be introspe...

...HVM_OP 34 /* Xen's __HYPERVISOR_hvm_op */ /* * hypercalls use architecture specific diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h index 05535a7d9313..20e2f154ab88 100644 --- a/include/uapi/linux/kvmi.h +++ b/include/uapi/linux/kvmi.h @@ -39,6 +39,7 @@ enum { enum { KVMI_EVENT_UNHOOK = 0, KVMI_EVENT_PAUSE_VCPU = 1, + KVMI_EVENT_HYPERCALL = 2, KVMI_NUM_EVENTS }; diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c b/tools/testing/selftests/kvm/x86_64/kvmi_test.c index fa23ca0ed0d7..ef4e33e92fff 100644 --- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c +++ b/...

...4 --- a/Documentation/virt/kvm/kvmi.rst +++ b/Documentation/virt/kvm/kvmi.rst @@ -576,6 +576,7 @@ because these are sent as a result of certain commands (but they can be disallowed by the device manager) :: KVMI_EVENT_PAUSE_VCPU + KVMI_EVENT_SINGLESTEP KVMI_EVENT_TRAP The VM events (e.g. *KVMI_EVENT_UNHOOK*) are controlled with @@ -1075,8 +1076,12 @@ Enables/disables singlestep for the selected vCPU. The introspection tool should use *KVMI_GET_VERSION*, to check if the hardware supports singlestep (see **KVMI_GET_VERSION**). +After every instruction, a *KVMI_EVENT_SINGLESTEP* event is sent +to th...

...nts +for the current VM. By default, all events are disallowed. + +struct kvm_introspection_feature { + __u32 allow; + __s32 id; +}; + +If allow is 1, the event specified by id is allowed. If allow is 0, +the event is disallowed. + +Unless set to -1 (meaning all event), id must be a event ID +(e.g. KVMI_EVENT_UNHOOK, KVMI_EVENT_CR, etc.) + 5. The kvm_run structure ------------------------ diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h index c8b9c87ecff2..4e77a0227c08 100644 --- a/include/linux/kvmi_host.h +++ b/include/linux/kvmi_host.h @@ -8,6 +8,8 @@ struct kvm; #include <asm/kv...

...s KVM: introspection: add hook/unhook ioctls KVM: introspection: add permission access ioctls KVM: introspection: add the read/dispatch message function KVM: introspection: add KVMI_GET_VERSION KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT KVM: introspection: add KVMI_EVENT_UNHOOK KVM: introspection: add KVMI_VM_CONTROL_EVENTS KVM: introspection: add a jobs list to every introspected vCPU KVM: introspection: add KVMI_VCPU_PAUSE KVM: introspection: add KVMI_EVENT_PAUSE_VCPU KVM: introspection: extend KVMI_GET_VERSION with struct kvmi_features KVM: introspection: a...

...) KVM: introspection: add hook/unhook ioctls KVM: introspection: add permission access ioctls KVM: introspection: add the read/dispatch message function KVM: introspection: add KVMI_GET_VERSION KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT KVM: introspection: add KVMI_EVENT_UNHOOK KVM: introspection: add KVMI_VM_CONTROL_EVENTS KVM: introspection: add a jobs list to every introspected vCPU KVM: introspection: add KVMI_VCPU_PAUSE KVM: introspection: add KVMI_EVENT_PAUSE_VCPU KVM: introspection: add KVMI_VM_CONTROL_CLEANUP KVM: introspection: add KVMI_VCPU_GET_XCR...

...20, + KVMI_SET_PAGE_ACCESS = 21, + KVMI_GET_MAP_TOKEN = 22, + KVMI_GET_MTRR_TYPE = 23, + KVMI_CONTROL_SPP = 24, + KVMI_GET_PAGE_WRITE_BITMAP = 25, + KVMI_SET_PAGE_WRITE_BITMAP = 26, + KVMI_CONTROL_CMD_RESPONSE = 27, + + KVMI_NEXT_AVAILABLE_COMMAND, + +}; + +enum { + KVMI_EVENT_UNHOOK = 0, + KVMI_EVENT_CR = 1, + KVMI_EVENT_MSR = 2, + KVMI_EVENT_XSETBV = 3, + KVMI_EVENT_BREAKPOINT = 4, + KVMI_EVENT_HYPERCALL = 5, + KVMI_EVENT_PF = 6, + KVMI_EVENT_TRAP = 7, + KVMI_EVENT_DESCRIPTOR = 8, + KVMI_EVENT_CREATE_VCPU = 9, + KVMI_EVENT_PAUSE_VCPU...

...vCPU events are sent using the *KVMI_EVENT* message id. No event +will be sent unless explicitly enabled with a *KVMI_CONTROL_EVENTS* +or a *KVMI_CONTROL_VM_EVENTS* command or requested, as it is the case +with the *KVMI_EVENT_PAUSE_VCPU* event (see **KVMI_PAUSE_VCPU**). + +There is one VM event, *KVMI_EVENT_UNHOOK*, which doesn't have a reply, +but shares the kvmi_event structure, for consistency with the vCPU events. + +The message data begins with a common structure, having the size of the +structure, the vCPU index and the event id:: + + struct kvmi_event { + __u16 size; + __u16 vcpu; + __u8 event;...

...e introspection tool. It thus +becomes necessary to remove them before the guest is suspended, moved +(migrated) or a snapshot with memory is created. + +The actions are normally performed by the device manager. In the case +of QEMU, it will use the *KVM_INTROSPECTION_UNHOOK* ioctl to trigger +the *KVMI_EVENT_UNHOOK* event and wait for a limited amount of time (a +few seconds) for a confirmation from the introspection tool +that is OK to proceed. + +Live migrations +--------------- + +Before the live migration takes place, the introspection tool has to be +notified and have a chance to unhook (see **Unhooking*...

...e the scope of the command in the name, e.g. VM vs. vCPU. Why are VM and vCPU commands smushed together? > + > + KVMI_NEXT_AVAILABLE_COMMAND, Why not KVMI_NR_COMMANDS or KVM_NUM_COMMANDS? At least be consistent between COMMANDS and EVENTS below. > + > +}; > + > +enum { > + KVMI_EVENT_UNHOOK = 0, > + KVMI_EVENT_CR = 1, > + KVMI_EVENT_MSR = 2, > + KVMI_EVENT_XSETBV = 3, > + KVMI_EVENT_BREAKPOINT = 4, > + KVMI_EVENT_HYPERCALL = 5, > + KVMI_EVENT_PF = 6, > + KVMI_EVENT_TRAP = 7, > + KVMI_EVENT_DESCRIPTOR = 8, > + KVMI_EV...

...VERSION command kvm: introspection: add KVMI_CHECK_COMMAND and KVMI_CHECK_EVENT kvm: introspection: add KVMI_CONTROL_VM_EVENTS kvm: introspection: add a jobs list to every introspected vCPU kvm: introspection: make the vCPU wait even when its jobs list is empty kvm: introspection: add KVMI_EVENT_UNHOOK kvm: x86: intercept the write access on sidt and other emulated instructions kvm: introspection: add KVMI_CONTROL_SPP kvm: introspection: extend the internal database of tracked pages with write_bitmap info kvm: introspection: add KVMI_GET_PAGE_WRITE_BITMAP kvm: introspection: add...

...VERSION command kvm: introspection: add KVMI_CHECK_COMMAND and KVMI_CHECK_EVENT kvm: introspection: add KVMI_CONTROL_VM_EVENTS kvm: introspection: add a jobs list to every introspected vCPU kvm: introspection: make the vCPU wait even when its jobs list is empty kvm: introspection: add KVMI_EVENT_UNHOOK kvm: x86: intercept the write access on sidt and other emulated instructions kvm: introspection: add KVMI_CONTROL_SPP kvm: introspection: extend the internal database of tracked pages with write_bitmap info kvm: introspection: add KVMI_GET_PAGE_WRITE_BITMAP kvm: introspection: add...