search for: singlestep

From: Nicu?or C??u <ncitu at bitdefender.com> This event is sent after each instruction when the singlestep has been enabled for a vCPU. Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com> Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com> Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- Documentation/virt/kvm/kvmi.rst | 31 +++++++++ arch/x86/kv...

.../kvmi.rst +++ b/Documentation/virt/kvm/kvmi.rst @@ -930,6 +930,37 @@ In order to 'forget' an address, all the access bits ('rwx') must be set. * -KVM_EINVAL - the message size is invalid * -KVM_ENOMEM - not enough memory to add the page tracking structures +20. KVMI_VCPU_CONTROL_SINGLESTEP +-------------------------------- + +:Architectures: x86 (vmx) +:Versions: >= 1 +:Parameters: + +:: + + struct kvmi_vcpu_control_singlestep { + __u8 enable; + __u8 padding[7]; + }; + +:Returns: + +:: + + struct kvmi_error_code + +Enables/disables singlestep. + +The introspection tool can use *...

...git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst index ffa183745722..3515fea1eb75 100644 --- a/Documentation/virt/kvm/kvmi.rst +++ b/Documentation/virt/kvm/kvmi.rst @@ -547,6 +547,7 @@ the following events:: KVMI_EVENT_HYPERCALL KVMI_EVENT_MSR KVMI_EVENT_PF + KVMI_EVENT_SINGLESTEP KVMI_EVENT_TRAP KVMI_EVENT_XSETBV @@ -1352,3 +1353,30 @@ The *CONTINUE* action will continue the page fault handling via emulation. The *RETRY* action is used by the introspection tool to retry the execution of the current instruction, usually because it changed the instruction pointer or...

...nged, 13 insertions(+), 3 deletions(-) diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst index 62138fa4b65c..234eacec4db1 100644 --- a/Documentation/virt/kvm/kvmi.rst +++ b/Documentation/virt/kvm/kvmi.rst @@ -263,11 +263,13 @@ For x86 struct kvmi_features { __u8 singlestep; - __u8 padding[7]; + __u8 vmfunc; + __u8 eptp; + __u8 padding[5]; }; Returns the introspection API version and some of the features supported -by the hardware. +by the hardware (eg. alternate EPT views). This command is always allowed and successful. diff --git a/arch/x86/include/uap...

...b/Documentation/virt/kvm/kvmi.rst @@ -254,9 +254,20 @@ The commands related to vCPUs start with:: struct kvmi_get_version_reply { __u32 version; __u32 padding; + struct kvmi_features features; }; -Returns the introspection API version. +For x86 + +:: + + struct kvmi_features { + __u8 singlestep; + __u8 padding[7]; + }; + +Returns the introspection API version and some of the features supported +by the hardware. This command is always allowed and successful (if the introspection is built in kernel). diff --git a/arch/x86/include/uapi/asm/kvmi.h b/arch/x86/include/uapi/asm/kvmi.h index...

...to 'address' -R size QEMU_RESERVED_VA reserve 'size' bytes for guest virtual address space -d options QEMU_LOG activate log -D logfile QEMU_LOG_FILENAME override default logfile location -p pagesize QEMU_PAGESIZE set the host page size to 'pagesize' -singlestep QEMU_SINGLESTEP run in singlestep mode -strace QEMU_STRACE log system calls -version QEMU_VERSION display version information and exit Defaults: QEMU_LD_PREFIX = /usr/gnemul/qemu-x86_64 QEMU_STACK_SIZE = 8388608 byte QEMU_LOG = /tmp/qemu.log You can use -E and -U op...

...n current parts, the hypervisor can set up debug facilities on behalf of the guest (or behind its back) as the DR state is unencrypted, but that attempting to intercept #DB will redirect to #VC inside the guest and cause fun. (Also spare a thought for 32bit kernels which have to cope with userspace singlestepping the SYSENTER path with every #DB turning into #VC.) >> Besides that, I am not a fan of delegating problems I already see coming >> to future-Joerg and future-Peter, but if at all possible deal with them >> now and be safe later. > Well, we could just say no :-) At some poi...

From: Marian Rotariu <marian.c.rotariu at gmail.com> The introspection tool uses this function to check the hardware support for VMFUNC, which can be used either to singlestep vCPUs on a unprotected EPT view or to use #VE in order to filter out VM-exits caused by EPT violations. Signed-off-by: Marian Rotariu <marian.c.rotariu at gmail.com> Co-developed-by: ?tefan ?icleru <ssicleru at bitdefender.com> Signed-off-by: ?tefan ?icleru <ssicleru at bitdefender....

...hypervisor can set up debug > facilities on behalf of the guest (or behind its back) as the DR state > is unencrypted, but that attempting to intercept #DB will redirect to > #VC inside the guest and cause fun. (Also spare a thought for 32bit > kernels which have to cope with userspace singlestepping the SYSENTER > path with every #DB turning into #VC.) What do you mean 32-bit? 64-bit kernels have exactly the same problem. At least the stack is okay, though. Anyway, since I'm way behind on this thread, here are some thoughts: First, I plan to implement actual precise recursion...

From: Marian Rotariu <marian.c.rotariu at gmail.com> The introspection tool uses this function to check the hardware support for EPT switching, which can be used either to singlestep vCPUs on a unprotected EPT view or to use #VE in order to avoid filter out VM-exits caused by EPT violations. Signed-off-by: Marian Rotariu <marian.c.rotariu at gmail.com> Co-developed-by: ?tefan ?icleru <ssicleru at bitdefender.com> Signed-off-by: ?tefan ?icleru <ssicleru at bitdef...

This patch series is based on the VM introspection patches (https://lore.kernel.org/kvm/20200721210922.7646-1-alazar at bitdefender.com/), extending the introspection API with EPT Views and Virtualization Exceptions (#VE) support. The purpose of this series is to get an initial feedback and to see if we are on the right track, especially because the changes made to add the EPT views are not small

...| 16 ++++++++++ 6 files changed, 93 insertions(+) diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst index 3515fea1eb75..bbe33cf7bd6e 100644 --- a/Documentation/virt/kvm/kvmi.rst +++ b/Documentation/virt/kvm/kvmi.rst @@ -962,6 +962,37 @@ if the hardware supports singlestep (see **KVMI_GET_VERSION**). * -KVM_EINVAL - padding is not zero * -KVM_EAGAIN - the selected vCPU can't be introspected yet +21. KVMI_VCPU_TRANSLATE_GVA +--------------------------- + +:Architecture: all +:Versions: >= 1 +:Parameters: + +:: + + struct kvmi_vcpu_hdr; + struct kvmi_vcpu_tr...

From: ?tefan ?icleru <ssicleru at bitdefender.com> The introspection tool uses this function to check the hardware support for EPT switching, which can be used either to singlestep vCPUs on a unprotected EPT view or to use #VE in order to avoid filter out VM-exits caused by EPT violations. Signed-off-by: ?tefan ?icleru <ssicleru at bitdefender.com> Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com> --- Documentation/virt/kvm/kvmi.rst | 34 ++...

...nitor dev redirect the monitor to char device 'dev' -qmp dev like -monitor but opens in 'control' mode -mon chardev=[name][,mode=readline|control][,default] -debugcon dev redirect the debug console to char device 'dev' -pidfile file write PID to 'file' -singlestep always run in singlestep mode -S freeze CPU at startup (use 'c' to start execution) -gdb dev wait for gdb connection on 'dev' -s shorthand for -gdb tcp::1234 -d item1,... output log to /tmp/qemu.log (use -d ? for a list of log items) -D logfil...

From: Marian Rotariu <marian.c.rotariu at gmail.com> The introspection tool uses this function to check the hardware support for EPT switching, which can be used either to singlestep vCPUs on a unprotected EPT view or to use #VE in order to avoid filter out VM-exits caused by EPT violations. Signed-off-by: Marian Rotariu <marian.c.rotariu at gmail.com> Co-developed-by: ?tefan ?icleru <ssicleru at bitdefender.com> Signed-off-by: ?tefan ?icleru <ssicleru at bitdef...

On Tue, Jun 23, 2020 at 01:50:14PM +0200, Peter Zijlstra wrote: > If SNP is the sole reason #VC needs to be IST, then I'd strongly urge > you to only make it IST if/when you try and make SNP happen, not before. It is not the only reason, when ES guests gain debug register support then #VC also needs to be IST, because #DB can be promoted into #VC then, and as #DB is IST for a reason,

Hello, I''m interested in using the mem_event API (or it''s LibVMI wrapper), but I''m interested in capturing write events anywhere in a domU guest''s memory, _and_ not just once for each page write, but every time a page is being written to. To this end, I''ve looked at the xen-access.c example, where at first all the pages are being monitored:

Hi guys, I am new to QEMU-KVM, libvmi and libvirt stuff. Libvmi uses libvirt. I am trying to to run process-list example of libvmi and getting error as below. It seems that this error may be due to libvirt as it is not able to find domain. I seek your kind help on below error: spanhal1@seclab2:~/KVMModule/libvmi-0.10.1$ sudo ./examples/process-list ubuntu libvir: QEMU error : Domain not found:

...ven on emulation failures (when the read/write callbacks used by the emulator, kvm_page_preread/kvm_page_prewrite, are not invoked) Changes since v8: - rebase on 5.8 - fix non-x86 builds (avoid including the UAPI headers from kvmi_host.h) - fix the clean-up for KVMI_VCPU_SINGLESTEP [Mathieu] - extend KVMI_VM_SET_PAGE_ACCESS with the 'visible' option - improve KVMI_VM_GET_MAX_GFN (skip read-only, invalid or non-user memslots) - add KVMI_VM_CONTROL_CLEANUP [Tamas, Mathieu] - add KVMI_VCPU_GET_XCR and KVMI_VCPU_SET_XSAVE (SSE emulation) - move KVM_REQ_INTROSPEC...

...port on the guest side kvm: introspection: use remote mapping Nicu?or C??u (5): kvm: x86: block any attempt to disable MSR interception if tracked by introspection kvm: introspection: add KVMI_EVENT_DESCRIPTOR kvm: introspection: add single-stepping kvm: introspection: add KVMI_EVENT_SINGLESTEP kvm: x86: add tracepoints for interrupt and exception injections Yang Weijiang (9): Documentation: Introduce EPT based Subpage Protection KVM: VMX: Add control flags for SPP enabling KVM: VMX: Implement functions for SPPT paging setup KVM: VMX: Introduce SPP access bitmap and operation f...