search for: kvmi_hook

...static int kvmi_recv_thread(void *arg) return 0; } +static bool ready_to_hook(struct kvm *kvm) +{ + struct kvm_vcpu *vcpu; + int i; + + if (kvm->kvmi) + return false; + + kvm_for_each_vcpu(i, vcpu, kvm) + if (kvmi_arch_vcpu_introspected(vcpu)) + return false; + + return true; +} + int kvmi_hook(struct kvm *kvm, const struct kvm_introspection_hook *hook) { struct kvm_introspection *kvmi; @@ -331,7 +348,7 @@ int kvmi_hook(struct kvm *kvm, const struct kvm_introspection_hook *hook) mutex_lock(&kvm->kvmi_lock); - if (kvm->kvmi) { + if (!ready_to_hook(kvm)) { err = -EEXIS...

...;> + complete(&kvm->kvmi_completed); >> Pretty sure you don't want to be calling complete() here. > The intention was to stop the hooking ioctl until the VM is > created. A better name for 'kvmi_completed' would have been > 'ready_to_be_introspected', as kvmi_hook() will wait for it. > > We'll see how we can get ride of the completion object. The ioctls are not accessible while kvm_create_vm runs (only after kvm_dev_ioctl_create_vm calls fd_install). Even if it were, however, you should have placed init_completion much earlier, otherwise wait_fo...

...spection ends. + */ + kvmi_put(kvm); +} + +static int kvmi_recv(void *arg) +{ + struct kvmi *ikvm = arg; + + kvmi_info(ikvm, "Hooking VM\n"); + + while (kvmi_msg_process(ikvm)) + ; + + kvmi_info(ikvm, "Unhooking VM\n"); + + kvmi_end_introspection(ikvm); + + return 0; +} + +int kvmi_hook(struct kvm *kvm, const struct kvm_introspection *qemu) +{ + struct kvmi *ikvm; + int err = 0; + + /* wait for the previous introspection to finish */ + err = wait_for_completion_killable(&kvm->kvmi_completed); + if (err) + return err; + + /* ensure no VCPU hotplug happens until we set the r...

...rospection * __must_check kvmi_get(struct kvm *kvm) +{ + if (refcount_inc_not_zero(&kvm->kvmi_ref)) + return kvm->kvmi; + + return NULL; +} + +void kvmi_put(struct kvm *kvm) +{ + if (refcount_dec_and_test(&kvm->kvmi_ref)) + complete(&kvm->kvmi_complete); +} + static int __kvmi_hook(struct kvm *kvm, const struct kvm_introspection_hook *hook) + { struct kvm_introspection *kvmi = KVMI(kvm); @@ -266,6 +291,7 @@ static int kvmi_recv_thread(void *arg) */ kvmi_sock_shutdown(kvmi); + kvmi_put(kvmi->kvm); return 0; } @@ -293,9 +319,18 @@ int kvmi_hook(str...

...reach a deadlock if called + * from kvm_mmu_load -> kvmi_tracked_gfn -> kvmi_put. + */ + kvmi_clear_mem_access(kvm); + /* * At this moment the socket is shut down, no more commands will come * from the introspector, and the only way into the introspection is @@ -351,6 +640,8 @@ int kvmi_hook(struct kvm *kvm, const struct kvm_introspection *qemu) goto err_alloc; } + kvm_page_track_register_notifier(kvm, &ikvm->kptn_node); + /* * Make sure all the KVM/KVMI structures are linked and no pointer * is read as NULL after the reference count has been set. diff --git a/vir...

On Fri, Aug 09, 2019 at 06:59:16PM +0300, Adalbert Laz?r wrote: > diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig > index 72fa955f4a15..f70a6a1b6814 100644 > --- a/arch/x86/kvm/Kconfig > +++ b/arch/x86/kvm/Kconfig > @@ -96,6 +96,13 @@ config KVM_MMU_AUDIT > This option adds a R/W kVM module parameter 'mmu_audit', which allows > auditing of KVM MMU events

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VM-s (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VM-s (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place