Displaying 20 results from an estimated 2000 matches similar to: "[PATCH v9 00/84] VM introspection"
2020 Feb 07
78
[RFC PATCH v7 00/78] VM introspection
The KVM introspection subsystem provides a facility for applications
running on the host or in a separate VM, to control the execution of
other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs,
MSRs etc.), alter the page access bits in the shadow page tables (only
for the hardware backed ones, eg. Intel's EPT) and receive notifications
when events of interest have taken place
2020 Jul 22
34
[RFC PATCH v1 00/34] VM introspection - EPT Views and Virtualization Exceptions
This patch series is based on the VM introspection patches
(https://lore.kernel.org/kvm/20200721210922.7646-1-alazar at bitdefender.com/),
extending the introspection API with EPT Views and Virtualization
Exceptions (#VE) support.
The purpose of this series is to get an initial feedback and to see if
we are on the right track, especially because the changes made to add
the EPT views are not small
2019 Aug 09
117
[RFC PATCH v6 00/92] VM introspection
The KVM introspection subsystem provides a facility for applications running
on the host or in a separate VM, to control the execution of other VM-s
(pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.),
alter the page access bits in the shadow page tables (only for the hardware
backed ones, eg. Intel's EPT) and receive notifications when events of
interest have taken place
2019 Aug 09
117
[RFC PATCH v6 00/92] VM introspection
The KVM introspection subsystem provides a facility for applications running
on the host or in a separate VM, to control the execution of other VM-s
(pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.),
alter the page access bits in the shadow page tables (only for the hardware
backed ones, eg. Intel's EPT) and receive notifications when events of
interest have taken place
2019 Aug 12
2
[RFC PATCH v6 01/92] kvm: introduce KVMI (VM introspection subsystem)
On Fri, Aug 09, 2019 at 06:59:16PM +0300, Adalbert Laz?r wrote:
> diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
> index 72fa955f4a15..f70a6a1b6814 100644
> --- a/arch/x86/kvm/Kconfig
> +++ b/arch/x86/kvm/Kconfig
> @@ -96,6 +96,13 @@ config KVM_MMU_AUDIT
> This option adds a R/W kVM module parameter 'mmu_audit', which allows
> auditing of KVM MMU events
2020 Feb 07
0
[RFC PATCH v7 52/78] KVM: introspection: add KVMI_EVENT_PAUSE_VCPU
This event is send by the vCPU thread and has a low priority. It
will be sent after any other vCPU introspection event and when no vCPU
introspection command is queued.
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 23 ++-
arch/x86/kvm/kvmi.c | 53 ++++++
include/linux/kvmi_host.h
2020 Feb 07
0
[RFC PATCH v7 60/78] KVM: introspection: add KVMI_VCPU_CONTROL_CR and KVMI_EVENT_CR
From: Mihai Don?u <mdontu at bitdefender.com>
Using the KVMI_VCPU_CONTROL_CR command, the introspection tool subscribes
to KVMI_EVENT_CR events that will be sent when CR{0,3,4} is going to
be changed.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
2020 Feb 07
0
[RFC PATCH v7 47/78] KVM: introspection: add a jobs list to every introspected vCPU
Every vCPU has a lock-protected list in which (mostly) the receiving
worker places the jobs that has to be done by the vCPU once it is kicked
(KVM_REQ_INTROSPECTION) out of guest.
A job is defined by a "do" function, a "free" function and a pointer
(context).
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at
2019 Aug 12
1
[RFC PATCH v6 64/92] kvm: introspection: add single-stepping
On Fri, Aug 09, 2019 at 07:00:19PM +0300, Adalbert Laz?r wrote:
> From: Nicu?or C??u <ncitu at bitdefender.com>
>
> This would be used either if the introspection tool request it as a
> reply to a KVMI_EVENT_PF event or to cope with instructions that cannot
> be handled by the x86 emulator during the handling of a VMEXIT. In
> these situations, all other vCPU-s are kicked
2020 Feb 07
0
[RFC PATCH v7 57/78] KVM: introspection: add KVMI_EVENT_HYPERCALL
From: Mihai Don?u <mdontu at bitdefender.com>
This event is sent on a specific user hypercall.
It is used by the code residing inside the introspected guest to call the
introspection tool and to report certain details about its operation.
For example, a classic antimalware remediation tool can report
what it has found during a scan.
Signed-off-by: Mihai Don?u <mdontu at
2020 Feb 07
0
[RFC PATCH v7 48/78] KVM: introspection: handle vCPU introspection requests
From: Mihai Don?u <mdontu at bitdefender.com>
The introspection requests (KVM_REQ_INTROSPECTION) are checked before
entering guest or when the vCPU is halted.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com>
Signed-off-by: Mircea C?rjaliu <mcirjaliu at bitdefender.com>
Co-developed-by: Adalbert Laz?r
2020 Jul 21
0
[PATCH v9 77/84] KVM: introspection: add KVMI_VM_SET_PAGE_ACCESS
From: Mihai Don?u <mdontu at bitdefender.com>
This command sets the spte access bits (rwx) for an array of guest
physical addresses (through the page tracking subsystem).
These GPAs, with the requested access bits, are also kept in a radix
tree in order to filter out the #PF events which are of no interest to
the introspection tool.
The access restrictions for pages that are not visible
2020 Jul 21
0
[PATCH v9 81/84] KVM: introspection: add KVMI_EVENT_SINGLESTEP
From: Nicu?or C??u <ncitu at bitdefender.com>
This event is sent after each instruction when the singlestep has been
enabled for a vCPU.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 31
2020 Feb 07
0
[RFC PATCH v7 75/78] KVM: introspection: add KVMI_EVENT_SINGLESTEP
From: Nicu?or C??u <ncitu at bitdefender.com>
This event is sent when the current instruction has been single stepped
with or without success.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 28
2020 Feb 07
0
[RFC PATCH v7 59/78] KVM: introspection: restore the state of #BP interception on unhook
From: Nicu?or C??u <ncitu at bitdefender.com>
This commit also ensures that only the userspace or the introspection
tool can control the #BP interception exclusively at one time.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
arch/x86/include/asm/kvm_host.h | 3 +
arch/x86/include/asm/kvmi_host.h | 22
2020 Feb 07
0
[RFC PATCH v7 53/78] KVM: introspection: add KVMI_VCPU_CONTROL_EVENTS
From: Mihai Don?u <mdontu at bitdefender.com>
This command enables/disables vCPU introspection events.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 45 +++++++++-
include/linux/kvmi_host.h
2020 Feb 07
0
[RFC PATCH v7 74/78] KVM: introspection: add KVMI_VCPU_CONTROL_SINGLESTEP
From: Nicu?or C??u <ncitu at bitdefender.com>
This command is extremely useful for debuggers.
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Co-developed-by: Adalbert Laz?r <alazar at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 31 ++++++
arch/x86/kvm/kvmi.c
2019 Aug 13
1
[RFC PATCH v6 75/92] kvm: x86: disable gpa_available optimization in emulator_read_write_onepage()
On 09/08/19 18:00, Adalbert Laz?r wrote:
> If the EPT violation was caused by an execute restriction imposed by the
> introspection tool, gpa_available will point to the instruction pointer,
> not the to the read/write location that has to be used to emulate the
> current instruction.
>
> This optimization should be disabled only when the VM is introspected,
> not just
2019 Aug 09
0
[RFC PATCH v6 27/92] kvm: introspection: use page track
From: Mihai Don?u <mdontu at bitdefender.com>
>From preread, prewrite and preexec callbacks we will send the
KVMI_EVENT_PF events caused by access rights enforced by the introspection
tool.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
2020 Feb 07
0
[RFC PATCH v7 64/78] KVM: introspection: add KVMI_EVENT_XSETBV
From: Mihai Don?u <mdontu at bitdefender.com>
This event is sent when the extended control register XCR0 is going to
be changed.
Signed-off-by: Mihai Don?u <mdontu at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---