Displaying 20 results from an estimated 1000 matches similar to: "[RFC PATCH v1 00/34] VM introspection - EPT Views and Virtualization Exceptions"
2020 Jul 21
87
[PATCH v9 00/84] VM introspection
The KVM introspection subsystem provides a facility for applications
running on the host or in a separate VM, to control the execution of
other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs,
MSRs etc.), alter the page access bits in the shadow page tables (only
for the hardware backed ones, eg. Intel's EPT) and receive notifications
when events of interest have taken place
2020 Feb 07
78
[RFC PATCH v7 00/78] VM introspection
The KVM introspection subsystem provides a facility for applications
running on the host or in a separate VM, to control the execution of
other VMs (pause, resume, shutdown), query the state of the vCPUs (GPRs,
MSRs etc.), alter the page access bits in the shadow page tables (only
for the hardware backed ones, eg. Intel's EPT) and receive notifications
when events of interest have taken place
2019 Aug 09
117
[RFC PATCH v6 00/92] VM introspection
The KVM introspection subsystem provides a facility for applications running
on the host or in a separate VM, to control the execution of other VM-s
(pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.),
alter the page access bits in the shadow page tables (only for the hardware
backed ones, eg. Intel's EPT) and receive notifications when events of
interest have taken place
2019 Aug 09
117
[RFC PATCH v6 00/92] VM introspection
The KVM introspection subsystem provides a facility for applications running
on the host or in a separate VM, to control the execution of other VM-s
(pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.),
alter the page access bits in the shadow page tables (only for the hardware
backed ones, eg. Intel's EPT) and receive notifications when events of
interest have taken place
2018 Jul 20
4
Memory Read Only Enforcement: VMM assisted kernel rootkit mitigation for KVM V4
Here is change log from V3 To V4:
- Fixing spelling/grammar mistakes suggested by Randy Dunlap
- Changing the hypercall interface to be able to process multiple pages
per one hypercall also suggested by Randy Dunlap. It turns out that
this will save lots of vmexist/memory slot flushes when protecting many
pages.
[PATCH RFC V4 1/3] KVM: X86: Memory ROE documentation
[PATCH RFC V4 2/3] KVM:
2018 Jul 19
8
Memory Read Only Enforcement: VMM assisted kernel rootkit mitigation for KVM
Hi,
This is my first set of patches that works as I would expect, and the
third revision I sent to mailing lists.
Following up with my previous discussions about kernel rootkit mitigation
via placing R/O protection on critical data structure, static data,
privileged registers with static content. These patches present the
first part where it is only possible to place these protections on
memory
2018 Jul 19
8
Memory Read Only Enforcement: VMM assisted kernel rootkit mitigation for KVM
Hi,
This is my first set of patches that works as I would expect, and the
third revision I sent to mailing lists.
Following up with my previous discussions about kernel rootkit mitigation
via placing R/O protection on critical data structure, static data,
privileged registers with static content. These patches present the
first part where it is only possible to place these protections on
memory
2019 Aug 12
1
[RFC PATCH v6 64/92] kvm: introspection: add single-stepping
On Fri, Aug 09, 2019 at 07:00:19PM +0300, Adalbert Laz?r wrote:
> From: Nicu?or C??u <ncitu at bitdefender.com>
>
> This would be used either if the introspection tool request it as a
> reply to a KVMI_EVENT_PF event or to cope with instructions that cannot
> be handled by the x86 emulator during the handling of a VMEXIT. In
> these situations, all other vCPU-s are kicked
2020 Feb 07
0
[RFC PATCH v7 63/78] KVM: introspection: add KVMI_VM_GET_MAX_GFN
From: ?tefan ?icleru <ssicleru at bitdefender.com>
The introspection tool can use this to set access restrictions for a
wide range of guest addresses.
Signed-off-by: ?tefan ?icleru <ssicleru at bitdefender.com>
Co-developed-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Nicu?or C??u <ncitu at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at
2020 Jul 21
0
[PATCH v9 04/84] KVM: add kvm_get_max_gfn()
From: ?tefan ?icleru <ssicleru at bitdefender.com>
This function is needed for the KVMI_VM_GET_MAX_GFN command.
Signed-off-by: ?tefan ?icleru <ssicleru at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
include/linux/kvm_host.h | 1 +
virt/kvm/kvm_main.c | 24 ++++++++++++++++++++++++
2 files changed, 25 insertions(+)
diff --git
2020 Jul 22
0
[RFC PATCH v1 13/34] KVM: introspection: add KVMI_VCPU_GET_EPT_VIEW
From: ?tefan ?icleru <ssicleru at bitdefender.com>
The introspection tool uses this function to check the hardware support
for EPT switching, which can be used either to singlestep vCPUs
on a unprotected EPT view or to use #VE in order to avoid filter out
VM-exits caused by EPT violations.
Signed-off-by: ?tefan ?icleru <ssicleru at bitdefender.com>
Signed-off-by: Adalbert Laz?r
2020 Jul 22
0
[RFC PATCH v1 12/34] KVM: introspection: extend struct kvmi_features with the EPT views status support
From: ?tefan ?icleru <ssicleru at bitdefender.com>
The introspection tool will use these new fields to check
the hardware support before using the related introspection commands.
Signed-off-by: ?tefan ?icleru <ssicleru at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
---
Documentation/virt/kvm/kvmi.rst | 6 ++++--
2019 Aug 13
1
[RFC PATCH v6 70/92] kvm: x86: filter out access rights only when tracked by the introspection tool
On 09/08/19 18:00, Adalbert Laz?r wrote:
> It should complete the commit fd34a9518173 ("kvm: x86: consult the page tracking from kvm_mmu_get_page() and __direct_map()")
>
> Signed-off-by: Adalbert Laz?r <alazar at bitdefender.com>
> ---
> arch/x86/kvm/mmu.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
2020 Jul 22
0
[RFC PATCH v1 01/34] KVM: x86: export .get_vmfunc_status()
From: Marian Rotariu <marian.c.rotariu at gmail.com>
The introspection tool uses this function to check the hardware support
for VMFUNC, which can be used either to singlestep vCPUs
on a unprotected EPT view or to use #VE in order to filter out
VM-exits caused by EPT violations.
Signed-off-by: Marian Rotariu <marian.c.rotariu at gmail.com>
Co-developed-by: ?tefan ?icleru <ssicleru
2019 Aug 13
1
[RFC PATCH v6 75/92] kvm: x86: disable gpa_available optimization in emulator_read_write_onepage()
On 09/08/19 18:00, Adalbert Laz?r wrote:
> If the EPT violation was caused by an execute restriction imposed by the
> introspection tool, gpa_available will point to the instruction pointer,
> not the to the read/write location that has to be used to emulate the
> current instruction.
>
> This optimization should be disabled only when the VM is introspected,
> not just
2020 Jul 22
0
[RFC PATCH v1 02/34] KVM: x86: export .get_eptp_switching_status()
From: Marian Rotariu <marian.c.rotariu at gmail.com>
The introspection tool uses this function to check the hardware support
for EPT switching, which can be used either to singlestep vCPUs
on a unprotected EPT view or to use #VE in order to avoid filter out
VM-exits caused by EPT violations.
Signed-off-by: Marian Rotariu <marian.c.rotariu at gmail.com>
Co-developed-by: ?tefan ?icleru
2020 Jul 22
0
[RFC PATCH v1 06/34] KVM: x86: mmu: add support for EPT switching
From: Marian Rotariu <marian.c.rotariu at gmail.com>
The introspection tool uses this function to check the hardware support
for EPT switching, which can be used either to singlestep vCPUs
on a unprotected EPT view or to use #VE in order to avoid filter out
VM-exits caused by EPT violations.
Signed-off-by: Marian Rotariu <marian.c.rotariu at gmail.com>
Co-developed-by: ?tefan ?icleru
2020 Jul 21
0
[PATCH v9 34/84] KVM: x86: page_track: add support for preread, prewrite and preexec
From: Mihai Don?u <mdontu at bitdefender.com>
The access to a tracked memory page leads to two types of actions from the
introspection tool: either the access is allowed (maybe with different
data for the source operand) or the vCPU should re-enter in guest
(the page is not tracked anymore, the instruction was skipped/emulated by
the introspection tool, etc.). These new callbacks must
2020 Jul 22
0
[RFC PATCH v1 11/34] KVM: x86: mmu: allow zapping shadow pages for specific EPT views
From: ?tefan ?icleru <ssicleru at bitdefender.com>
Add a view mask for kvm_mmu_zap_all() in order to allow zapping
shadow pages for specific EPT views. This is required when an
introspected VM is unhooked. In that case, shadow pages that
belong to non-default views will be zapped.
Signed-off-by: ?tefan ?icleru <ssicleru at bitdefender.com>
Signed-off-by: Adalbert Laz?r <alazar at
2020 Jul 21
0
[PATCH v9 77/84] KVM: introspection: add KVMI_VM_SET_PAGE_ACCESS
From: Mihai Don?u <mdontu at bitdefender.com>
This command sets the spte access bits (rwx) for an array of guest
physical addresses (through the page tracking subsystem).
These GPAs, with the requested access bits, are also kept in a radix
tree in order to filter out the #PF events which are of no interest to
the introspection tool.
The access restrictions for pages that are not visible