Displaying 20 results from an estimated 5000 matches similar to: "[RFC PATCH v6 00/92] VM introspection"
2020 Feb 07
78
[RFC PATCH v7 00/78] VM introspection
The KVM introspection subsystem provides a facility for applications
running on the host or in a separate VM, to control the execution of
other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs,
MSRs etc.), alter the page access bits in the shadow page tables (only
for the hardware backed ones, eg. Intel's EPT) and receive notifications
when events of interest have taken place
2020 Jul 21
87
[PATCH v9 00/84] VM introspection
The KVM introspection subsystem provides a facility for applications
running on the host or in a separate VM, to control the execution of
other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs,
MSRs etc.), alter the page access bits in the shadow page tables (only
for the hardware backed ones, eg. Intel's EPT) and receive notifications
when events of interest have taken place
2020 Jul 22
34
[RFC PATCH v1 00/34] VM introspection - EPT Views and Virtualization Exceptions
This patch series is based on the VM introspection patches
(https://lore.kernel.org/kvm/20200721210922.7646-1-alazar at bitdefender.com/),
extending the introspection API with EPT Views and Virtualization
Exceptions (#VE) support.
The purpose of this series is to get an initial feedback and to see if
we are on the right track, especially because the changes made to add
the EPT views are not small
2019 Aug 12
1
[RFC PATCH v6 64/92] kvm: introspection: add single-stepping
On Fri, Aug 09, 2019 at 07:00:19PM +0300, Adalbert Laz?r wrote:
> From: Nicu?or C??u <ncitu at bitdefender.com>
>
> This would be used either if the introspection tool request it as a
> reply to a KVMI_EVENT_PF event or to cope with instructions that cannot
> be handled by the x86 emulator during the handling of a VMEXIT. In
> these situations, all other vCPU-s are kicked
2019 Aug 13
1
[RFC PATCH v6 75/92] kvm: x86: disable gpa_available optimization in emulator_read_write_onepage()
On 09/08/19 18:00, Adalbert Laz?r wrote:
> If the EPT violation was caused by an execute restriction imposed by the
> introspection tool, gpa_available will point to the instruction pointer,
> not the to the read/write location that has to be used to emulate the
> current instruction.
>
> This optimization should be disabled only when the VM is introspected,
> not just
2019 Aug 09
0
[RFC PATCH v6 16/92] kvm: introspection: handle events and event replies
From: Mihai Don?u <mdontu at bitdefender.com>
All events are sent by the vCPU thread, which will handle any
introspection command while waiting for the reply.
The event reply messages contain a common strucure (kvmi_vcpu_hdr), as
any vCPU related command, which allows the receiving worker to dispatch
the reply as it does with any other introspection command sent for a
specific vCPU.
The
2019 Aug 09
0
[RFC PATCH v6 64/92] kvm: introspection: add single-stepping
From: Nicu?or C??u <ncitu at bitdefender.com>
This would be used either if the introspection tool request it as a
reply to a KVMI_EVENT_PF event or to cope with instructions that cannot
be handled by the x86 emulator during the handling of a VMEXIT. In
these situations, all other vCPU-s are kicked and held, the EPT-based
protection is removed and the guest is single stepped by the vCPU that
2019 Aug 12
2
[RFC PATCH v6 01/92] kvm: introduce KVMI (VM introspection subsystem)
On Fri, Aug 09, 2019 at 06:59:16PM +0300, Adalbert Laz?r wrote:
> diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
> index 72fa955f4a15..f70a6a1b6814 100644
> --- a/arch/x86/kvm/Kconfig
> +++ b/arch/x86/kvm/Kconfig
> @@ -96,6 +96,13 @@ config KVM_MMU_AUDIT
> This option adds a R/W kVM module parameter 'mmu_audit', which allows
> auditing of KVM MMU events
2019 Aug 13
1
[RFC PATCH v6 13/92] kvm: introspection: make the vCPU wait even when its jobs list is empty
On 09/08/19 17:59, Adalbert Laz?r wrote:
> +void kvmi_handle_requests(struct kvm_vcpu *vcpu)
> +{
> + struct kvmi *ikvm;
> +
> + ikvm = kvmi_get(vcpu->kvm);
> + if (!ikvm)
> + return;
> +
> + for (;;) {
> + int err = kvmi_run_jobs_and_wait(vcpu);
> +
> + if (err)
> + break;
> + }
> +
> + kvmi_put(vcpu->kvm);
> +}
> +
Using
2019 Aug 09
0
[RFC PATCH v6 27/92] kvm: introspection: use page track
From: Mihai Don?u <mdontu at bitdefender.com>
>From preread, prewrite and preexec callbacks we will send the
KVMI_EVENT_PF events caused by access rights enforced by the introspection
tool.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
2019 Aug 09
0
[RFC PATCH v6 55/92] kvm: introspection: add KVMI_CONTROL_MSR and KVMI_EVENT_MSR
From: Mihai Don?u <mdontu at bitdefender.com>
The KVMI_CONTROL_MSR is used to enable/disable introspection for a
specific MSR. The KVMI_EVENT_MSR is send when the tracked MSR is going
to be changed. The introspection tool can respond by allowing the guest
to continue with normal execution or by discarding the change.
This is meant to prevent malicious changes to MSR-s
such as
2019 Sep 10
1
[RFC PATCH v6 69/92] kvm: x86: keep the page protected if tracked by the introspection tool
On Fri, Aug 09, 2019 at 07:00:24PM +0300, Adalbert Laz?r wrote:
> This patch might be obsolete thanks to single-stepping.
sooo should it be skipped from this large patchset to easy
review?
>
> Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
> ---
> arch/x86/kvm/x86.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git
2019 Aug 09
0
[RFC PATCH v6 13/92] kvm: introspection: make the vCPU wait even when its jobs list is empty
Usually, the vCPU thread will run the functions from its jobs list
(unless the thread is SIGKILL-ed) and continue to guest when the
list is empty. But, there are cases when it has to wait for something
(e.g. another vCPU runs in single-step mode, or the current vCPU waits
for an event reply from the introspection tool).
In these cases, it will append a "wait job" into its own list,
2019 Aug 13
1
[RFC PATCH v6 16/92] kvm: introspection: handle events and event replies
On 09/08/19 17:59, Adalbert Laz?r wrote:
>
> + reply->padding2);
> +
> + ivcpu->reply_waiting = false;
> + return expected->error;
> +}
> +
> /*
Is this missing a wakeup?
>
> +static bool need_to_wait(struct kvm_vcpu *vcpu)
> +{
> + struct kvmi_vcpu *ivcpu = IVCPU(vcpu);
> +
> + return ivcpu->reply_waiting;
> +}
> +
Do you
2020 Feb 07
0
[RFC PATCH v7 76/78] KVM: introspection: add KVMI_VCPU_TRANSLATE_GVA
This helps the introspection tool with the VGA to GPA translations
without the need to monitor the guest page tables.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 31 +++++++++++++++++++
arch/x86/kvm/kvmi.c | 4 +++
include/uapi/linux/kvmi.h | 9 ++++++
2020 Jul 21
0
[PATCH v9 72/84] KVM: introspection: add KVMI_VCPU_GET_MTRR_TYPE
From: Mihai Don?u <mdontu at bitdefender.com>
This command returns the memory type for a guest physical address.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
2020 Feb 07
0
[RFC PATCH v7 73/78] KVM: introspection: extend KVMI_GET_VERSION with struct kvmi_features
This is used by the introspection tool to check the hardware support
for single step.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 13 ++++++++++++-
arch/x86/include/uapi/asm/kvmi.h | 5 +++++
arch/x86/kvm/kvmi.c | 5 +++++
include/uapi/linux/kvmi.h | 1 +
2020 Jul 21
0
[PATCH v9 77/84] KVM: introspection: add KVMI_VM_SET_PAGE_ACCESS
From: Mihai Don?u <mdontu at bitdefender.com>
This command sets the spte access bits (rwx) for an array of guest
physical addresses (through the page tracking subsystem).
These GPAs, with the requested access bits, are also kept in a radix
tree in order to filter out the #PF events which are of no interest to
the introspection tool.
The access restrictions for pages that are not visible
2018 Jul 20
4
Memory Read Only Enforcement: VMM assisted kernel rootkit mitigation for KVM V4
Here is change log from V3 To V4:
- Fixing spelling/grammar mistakes suggested by Randy Dunlap
- Changing the hypercall interface to be able to process multiple pages
per one hypercall also suggested by Randy Dunlap. It turns out that
this will save lots of vmexist/memory slot flushes when protecting many
pages.
[PATCH RFC V4 1/3] KVM: X86: Memory ROE documentation
[PATCH RFC V4 2/3] KVM:
2020 Feb 07
0
[RFC PATCH v7 49/78] KVM: introspection: handle vCPU commands
From: Mihai Don?u <mdontu at bitdefender.com>
Based on the common structure (kvmi_vcpu_hdr) used for all vCPU commands,
the receiving thread validates and dispatches the message to the proper
vCPU (adding the handling function to its jobs list).
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or