search for: mcirjaliu

From: Mircea C?rjaliu <mcirjaliu at bitdefender.com> This change is needed because the introspection tool can write-protect guest page tables, exec-protect heap/stack pages and let KVM emulate the instruction that caused these violations. Signed-off-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com> Signed-off-by: Adalb...

...guest() * when halted - kvm_vcpu_block() In kvm_vcpu_block(), we check to see if there are any introspection requests during the swait loop, handle them outside of swait loop and start swait again. Signed-off-by: Mihai Don?u <mdontu at bitdefender.com> Co-developed-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com> Signed-off-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com> Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- arch/x86/kvm/x86.c | 3 +++ include/linux/kvmi.h | 2 ++ virt/kvm/kvm_main.c | 28 ++++++++++++++++++++++------ 3 files changed, 27 in...

From: Mircea C?rjaliu <mcirjaliu at bitdefender.com> This change is needed because the introspection tool can write-protect guest page tables or exec-protect heap/stack pages. Signed-off-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com> Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com> Signed-off-by: Ad...

From: Mihai Don?u <mdontu at bitdefender.com> The introspection requests (KVM_REQ_INTROSPECTION) are checked before entering guest or when the vCPU is halted. Signed-off-by: Mihai Don?u <mdontu at bitdefender.com> Co-developed-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com> Signed-off-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com> Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com> Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/x86.c |...

...>> vcpu->arch.gpa_val = cr2; >> } > > Sure, but I think we'll have to extend the check. > > Searching the logs I've found: > > kvm/x86: re-translate broken translation that caused EPT violation > > Signed-off-by: Mircea Cirjaliu <mcirjaliu at bitdefender.com> > > arch/x86/kvm/x86.c | 1 + > 1 file changed, 1 insertion(+) > > /home/b/kvmi at 9cad844~1/arch/x86/kvm/x86.c:4757,4762 - /home/b/kvmi at 9cad844/arch/x86/kvm/x86.c:4757,4763 > */ > if (vcpu->arch.gpa_available && > emulat...

...cture a reference counter (the new object will be used by the thread receiving introspection commands/events) and a completion variable (to signal that the VM can be hooked by the introspection tool). Signed-off-by: Mihai Don?u <mdontu at bitdefender.com> Co-developed-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com> Signed-off-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com> Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- Documentation/virtual/kvm/kvmi.rst | 75 ++++++++++++++++++++++++++++++ arch/x86/kvm/Kconfig | 7 +++ arch/x86/kvm/Makefile...

On 09/08/19 18:00, Adalbert Laz?r wrote: > If the EPT violation was caused by an execute restriction imposed by the > introspection tool, gpa_available will point to the instruction pointer, > not the to the read/write location that has to be used to emulate the > current instruction. > > This optimization should be disabled only when the VM is introspected, > not just

...eg. breakpoints). Suggested-by: Stefan Hajnoczi <stefanha at redhat.com> Suggested-by: Paolo Bonzini <pbonzini at redhat.com> Co-developed-by: Mihai Don?u <mdontu at bitdefender.com> Signed-off-by: Mihai Don?u <mdontu at bitdefender.com> Co-developed-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com> Signed-off-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com> Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com> Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- Documentation/virtual/kvm/api.txt | 50 ++++++++++ Documentation/virtua...

From: Mircea C?rjaliu <mcirjaliu at bitdefender.com> The following two new mm exports are introduced: * mm_remote_map(struct mm_struct *req_mm, unsigned long req_hva, unsigned long map_hva) * mm_remote_unmap(unsigned long map_hva) * mm_remote_reset(void) * rmap_walk_remote(struct page *pag...

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VM-s (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VM-s (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place

The KVM introspection subsystem provides a facility for applications running on the host or in a separate VM, to control the execution of other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits in the shadow page tables (only for the hardware backed ones, eg. Intel's EPT) and receive notifications when events of interest have taken place