search for: kvmi_vm_check_command

...tation/virt/kvm/kvmi.rst index 36f8cd4a836d..9205f51fa5a0 100644 --- a/Documentation/virt/kvm/kvmi.rst +++ b/Documentation/virt/kvm/kvmi.rst @@ -251,3 +251,65 @@ Returns the introspection API version. This command is always allowed and successful (if the introspection is built in kernel). + +2. KVMI_VM_CHECK_COMMAND +------------------------ + +:Architectures: all +:Versions: >= 1 +:Parameters: + +:: + + struct kvmi_vm_check_command { + __u16 id; + __u16 padding1; + __u32 padding2; + }; + +:Returns: + +:: + + struct kvmi_error_code; + +Checks if the command specified by ``id`` is allowed. + +This command...

...a2cda3268da0 100644 --- a/Documentation/virt/kvm/kvmi.rst +++ b/Documentation/virt/kvm/kvmi.rst @@ -261,3 +261,65 @@ larger/newer messages. The introspection tool should use this command to identify the features supported by the kernel side and what messages must be used for event replies. + +2. KVMI_VM_CHECK_COMMAND +------------------------ + +:Architectures: all +:Versions: >= 1 +:Parameters: + +:: + + struct kvmi_vm_check_command { + __u16 id; + __u16 padding1; + __u32 padding2; + }; + +:Returns: + +:: + + struct kvmi_error_code; + +Checks if the command specified by ``id`` is supported and allowed. +...

...--git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h index e74240aff5b7..da9bf30ae513 100644 --- a/include/uapi/linux/kvmi.h +++ b/include/uapi/linux/kvmi.h @@ -15,12 +15,13 @@ enum { }; enum { - KVMI_EVENT = 1, + KVMI_EVENT = 1, - KVMI_GET_VERSION = 2, - KVMI_VM_CHECK_COMMAND = 3, - KVMI_VM_CHECK_EVENT = 4, - KVMI_VM_GET_INFO = 5, + KVMI_GET_VERSION = 2, + KVMI_VM_CHECK_COMMAND = 3, + KVMI_VM_CHECK_EVENT = 4, + KVMI_VM_GET_INFO = 5, + KVMI_VM_CONTROL_EVENTS = 6, KVMI_NUM_MESSAGES }; @@ -68,6 +69,13 @@ struct kvmi_vm_get_info_reply { __u32 p...

...ction { diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h index 2eb1e5b20d53..745503fb7378 100644 --- a/include/uapi/linux/kvmi.h +++ b/include/uapi/linux/kvmi.h @@ -18,16 +18,17 @@ enum { KVMI_EVENT_REPLY = 0, KVMI_EVENT = 1, - KVMI_GET_VERSION = 2, - KVMI_VM_CHECK_COMMAND = 3, - KVMI_VM_CHECK_EVENT = 4, - KVMI_VM_GET_INFO = 5, - KVMI_VM_CONTROL_EVENTS = 6, - KVMI_VM_READ_PHYSICAL = 7, - KVMI_VM_WRITE_PHYSICAL = 8, - - KVMI_VCPU_GET_INFO = 9, - KVMI_VCPU_PAUSE = 10, + KVMI_GET_VERSION = 2, + KVMI_VM_CHECK_COMMAND = 3, + KVMI_VM_CHECK_...

...ask; + atomic_t ev_seq; }; diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h index 9fbe52caf96c..f9e2cb8a2c5e 100644 --- a/include/uapi/linux/kvmi.h +++ b/include/uapi/linux/kvmi.h @@ -17,10 +17,11 @@ enum { enum { KVMI_EVENT = 0, - KVMI_GET_VERSION = 1, - KVMI_VM_CHECK_COMMAND = 2, - KVMI_VM_CHECK_EVENT = 3, - KVMI_VM_GET_INFO = 4, + KVMI_GET_VERSION = 1, + KVMI_VM_CHECK_COMMAND = 2, + KVMI_VM_CHECK_EVENT = 3, + KVMI_VM_GET_INFO = 4, + KVMI_VM_CONTROL_EVENTS = 5, KVMI_NUM_MESSAGES }; @@ -74,6 +75,13 @@ struct kvmi_vm_get_info_reply { __u32 p...

...- a/virt/kvm/introspection/kvmi_msg.c +++ b/virt/kvm/introspection/kvmi_msg.c @@ -17,27 +17,28 @@ struct kvmi_vcpu_cmd_job { }; static const char *const msg_IDs[] = { - [KVMI_EVENT_REPLY] = "KVMI_EVENT_REPLY", - [KVMI_GET_VERSION] = "KVMI_GET_VERSION", - [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND", - [KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT", - [KVMI_VM_CONTROL_EVENTS] = "KVMI_VM_CONTROL_EVENTS", - [KVMI_VM_GET_INFO] = "KVMI_VM_GET_INFO", - [KVMI_VM_GET_MAX_GFN] = "KVMI_VM_GET_MAX_GFN...

...clude <linux/net.h> #include "kvmi_int.h" +struct kvmi_vcpu_cmd_job { + struct { + struct kvmi_msg_hdr hdr; + struct kvmi_vcpu_hdr cmd; + } *msg; + struct kvm_vcpu *vcpu; +}; + static const char *const msg_IDs[] = { [KVMI_GET_VERSION] = "KVMI_GET_VERSION", [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND", @@ -123,6 +131,28 @@ static bool is_command_allowed(struct kvm_introspection *kvmi, int id) return test_bit(id, kvmi->cmd_allow_mask); } +static bool invalid_vcpu_hdr(const struct kvmi_vcpu_hdr *hdr) +{ + return hdr->padding1 || hdr->padding2; +}...

...6: intercept the write access on sidt and other emulated instructions KVM: introspection: add hook/unhook ioctls KVM: introspection: add permission access ioctls KVM: introspection: add the read/dispatch message function KVM: introspection: add KVMI_GET_VERSION KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT KVM: introspection: add KVMI_EVENT_UNHOOK KVM: introspection: add KVMI_VM_CONTROL_EVENTS KVM: introspection: add a jobs list to every introspected vCPU KVM: introspection: add KVMI_VCPU_PAUSE KVM: introspection: add KVMI_EVENT_PAUSE_VCPU KVM: introspection: exten...

...100644 --- a/include/uapi/linux/kvmi.h +++ b/include/uapi/linux/kvmi.h @@ -8,12 +8,15 @@ #include <linux/kernel.h> #include <linux/types.h> +#include <asm/kvmi.h> enum { KVMI_VERSION = 0x00000001 }; enum { + KVMI_EVENT = 1, + KVMI_GET_VERSION = 2, KVMI_VM_CHECK_COMMAND = 3, KVMI_VM_CHECK_EVENT = 4, @@ -23,6 +26,8 @@ enum { }; enum { + KVMI_EVENT_UNHOOK = 0, + KVMI_NUM_EVENTS }; @@ -63,4 +68,12 @@ struct kvmi_vm_get_info_reply { __u32 padding[3]; }; +struct kvmi_event { + __u16 size; + __u16 vcpu; + __u8 event; + __u8 padding[3]; + struct kvmi_ev...

...100644 --- a/virt/kvm/introspection/kvmi_msg.c +++ b/virt/kvm/introspection/kvmi_msg.c @@ -17,6 +17,7 @@ struct kvmi_vcpu_cmd_job { }; static const char *const msg_IDs[] = { + [KVMI_EVENT_REPLY] = "KVMI_EVENT_REPLY", [KVMI_GET_VERSION] = "KVMI_GET_VERSION", [KVMI_VM_CHECK_COMMAND] = "KVMI_VM_CHECK_COMMAND", [KVMI_VM_CHECK_EVENT] = "KVMI_VM_CHECK_EVENT", @@ -356,6 +357,56 @@ static int handle_get_vcpu_info(const struct kvmi_vcpu_cmd_job *job, return kvmi_msg_vcpu_reply(job, msg, 0, &rpl, sizeof(rpl)); } +static int handle_event_reply(const...

...nux/kvmi.h b/include/uapi/linux/kvmi.h index c74ded097efa..7cd41a815967 100644 --- a/include/uapi/linux/kvmi.h +++ b/include/uapi/linux/kvmi.h @@ -91,6 +91,7 @@ struct kvmi_error_code { struct kvmi_get_version_reply { __u32 version; __u32 padding; + struct kvmi_features features; }; struct kvmi_vm_check_command { diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c b/tools/testing/selftests/kvm/x86_64/kvmi_test.c index e8d3ccac1caa..a27588c27eb8 100644 --- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c +++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c @@ -55,6 +55,8 @@ struct vcpu_worker_data...

...100644 --- a/include/uapi/linux/kvmi.h +++ b/include/uapi/linux/kvmi.h @@ -8,12 +8,15 @@ #include <linux/kernel.h> #include <linux/types.h> +#include <asm/kvmi.h> enum { KVMI_VERSION = 0x00000001 }; enum { + KVMI_EVENT = 0, + KVMI_GET_VERSION = 1, KVMI_VM_CHECK_COMMAND = 2, KVMI_VM_CHECK_EVENT = 3, @@ -23,6 +26,8 @@ enum { }; enum { + KVMI_EVENT_UNHOOK = 0, + KVMI_NUM_EVENTS }; @@ -69,4 +74,12 @@ struct kvmi_vm_get_info_reply { __u32 padding[3]; }; +struct kvmi_event { + __u16 size; + __u16 vcpu; + __u8 event; + __u8 padding[3]; + struct kvmi_ev...

...manager will pass the file handle (plus the allowed commands/events) to KVM. It will detect when the socket is shutdown and it will reinitiate the handshake. +Once the file handle reaches KVM, the introspection tool should +use the *KVMI_GET_VERSION* command to get the API version and/or the +*KVMI_VM_CHECK_COMMAND* and *KVMI_VM_CHECK_EVENT* commands to see which +commands/events are allowed for this guest. The error code -KVM_EPERM +will be returned if the introspection tool uses a command or enables an +event which is disallowed. + Unhooking --------- diff --git a/include/uapi/linux/kvmi.h b/include/uap...

..., and forget about it. It will be notified by KVM when the introspection tool closes the file handle (in case of errors), and should reinitiate the handshake. +Once the file handle reaches KVM, the introspection tool should +use the *KVMI_GET_VERSION* command to get the API version and/or the +*KVMI_VM_CHECK_COMMAND* and *KVMI_VM_CHECK_EVENT* commands to see which +commands/events are allowed for this guest. The error code -KVM_EPERM +will be returned if the introspection tool uses a command or enables an +event which is disallowed. + Unhooking --------- diff --git a/include/uapi/linux/kvmi.h b/include/uap...

...ontrol_desc_intercept() KVM: x86: export kvm_vcpu_ioctl_x86_set_xsave() KVM: introspection: add hook/unhook ioctls KVM: introspection: add permission access ioctls KVM: introspection: add the read/dispatch message function KVM: introspection: add KVMI_GET_VERSION KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT KVM: introspection: add KVMI_EVENT_UNHOOK KVM: introspection: add KVMI_VM_CONTROL_EVENTS KVM: introspection: add a jobs list to every introspected vCPU KVM: introspection: add KVMI_VCPU_PAUSE KVM: introspection: add KVMI_EVENT_PAUSE_VCPU KVM: introspection: add K...