Il 06/03/2014 11:31, Alexander Binun ha scritto:
Then - more questions :
1. How can I access the Qemu process (relevant to a given VM) from within in
the kernel context (being in a kernel module) ?
The struct pid for the VCPU is in the "pid" field of struct kvm_vcpu.
From there if needed you can get the task (with pid_task) and the
task's thread group leader (the task's group_leader), and send a signal
to it.
2. Should I uninitialize some internal structures for the VM being killed ?
No, it will happen automatically. When QEMU is terminated, the VM's
file descriptor is closed and this frees all internal structures.
3. My module detects malicious activities at a VCPU. How can one get the VM
owning this VCPU ?
Field "kvm" in struct kvm_vcpu points to the struct kvm for the VM.
Paolo
