From: Mihai Donțu
These callbacks return a boolean value. If false, the emulation should
stop and the instruction should be reexecuted in guest. The preread
callback can return the bytes needed by the read operation.
CC: Xiao Guangrong
CC: Sean Christopherson
Signed-off-by: Mihai Donțu
From: Mihai Donțu
This command sets the spte access bits (rwx) for an array of guest
physical addresses (through the page track subsystem).
These pages, with the requested access bits, are also kept in a radix
tree in order to filter out the #PF events which are of no interest to
the
From: Mircea Cîrjaliu
An opaque pointer is added to struct kvm_vcpu, pointing to its
coresponding introspection structure, allocated (a) when the introspection
socket is connected or (b) when the vCPU is hotpluged and deallocated
when the introspection socket is disconnected.
Signed-off-by:
The connection of the introspection socket with the introspection tool
is initialized by userspace/QEMU. Once the handshake is done, the file
descriptor is passed to KVMi using the KVM_INTROSPECTION_HOOK ioctl. A
new thread will be created to handle/dispatch all introspection commands
or replies
From: Mihai Donțu
KVM doesn't normally need to keep track that closely to page access bits,
however for the introspection subsystem this is essential.
Suggested-by: Paolo Bonzini
Link: https://marc.info/?l=kvm=149804987417131=2
CC: Sean Christopherson
Signed-off-by: Mihai Donțu
From: Mihai Donțu
These are needed by the introspection subsystem.
CC: Sean Christopherson
CC: Joerg Roedel
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/asm/kvm_emulate.h | 1 +
arch/x86/kvm/emulate.c | 10 +-
arch/x86/kvm/mmu.c
In certain situations (when the guest has to be paused, suspended,
migrated, etc.), userspace/QEMU will use the KVM_INTROSPECTION_UNHOOK
ioctl in order to trigger the KVMI_EVENT_UNHOOK. If the event is sent
successfully (the VM has an active introspection channel), userspace
should delay the
From: Mihai Donțu
This adds support for all encoding variants of lfence (0x0f 0xae 0xe[8-f]).
I did not use rmb() in case it will be made to use a different instruction
on future architectures.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/emulate.c | 8 +++-
From: Mihai Donțu
This command enables/disables vCPU introspection events.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 53 ++
include/uapi/linux/kvmi.h | 7
virt/kvm/kvmi.c|
From: Mihai Donțu
The introspection requests (KVM_REQ_INTROSPECTION) are checked by any
introspected vCPU in two places:
* on its way to guest - vcpu_enter_guest()
* when halted - kvm_vcpu_block()
In kvm_vcpu_block(), we check to see if there are any introspection
requests during the swait
From: Mihai Donțu
For now, this command returns the TSC frequency (in HZ) for the specified
vCPU if available (otherwise it returns zero).
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 29 +
arch/x86/kvm/kvmi.c
From: Mihai Donțu
All events are sent by the vCPU thread, which will handle any
introspection command while waiting for the reply.
The event reply messages contain a common strucure (kvmi_vcpu_hdr), as
any vCPU related command, which allows the receiving worker to dispatch
the reply as it does
From: Mihai Donțu
From preread, prewrite and preexec callbacks we will send the
KVMI_EVENT_PF events caused by access rights enforced by the introspection
tool.
Signed-off-by: Mihai Donțu
Co-developed-by: Nicușor Cîțu
Signed-off-by: Nicușor Cîțu
Co-developed-by: Marian Rotariu
KVM_INTROSPECTION_COMMAND and KVM_INTROSPECTION_EVENTS should be used
by userspace/QEMU to allow access to specific (or all) introspection
commands and events.
By default, all introspection events and almost all introspection commands
are disallowed. There are a couple of commands that are always
From: Mihai Donțu
Returns the spte access bits (rwx) for an array of guest physical
addresses.
It does this by checking the radix tree in which only the spte bits
"enforced" by the introspection tool are saved. This information should
already be known by the tool. Not to mention that the
From: Mihai Donțu
This event is sent when a #PF occurs due to a failed permission check
in the shadow page tables, for a page in which the introspection tool
has shown interest.
The introspection tool can respond to a KVMI_EVENT_PF event with custom
input for the current instruction. This input
From: Mihai Donțu
Using the KVMI_CONTROL_CR command, the introspection tool subscribes to
KVMI_EVENT_CR events that will be sent when CR{0,3,4} is going to
be changed.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 70 ++
From: Mircea Cîrjaliu
The following two new mm exports are introduced:
* mm_remote_map(struct mm_struct *req_mm,
unsigned long req_hva,
unsigned long map_hva)
* mm_remote_unmap(unsigned long map_hva)
* mm_remote_reset(void)
* rmap_walk_remote(struct page
From: Mihai Donțu
Following the common structure used for all messages (kvmi_msg_hdr), all
vCPU related commands have another common structure (kvmi_vcpu_hdr). This
allows the receiving worker to validate and dispatch the message to the
proper vCPU (adding the handling function to its jobs
This will allow us to use the subpage protection feature.
Signed-off-by: Adalbert Lazăr
---
virt/kvm/kvmi.c | 46 +
virt/kvm/kvmi_int.h | 1 +
2 files changed, 39 insertions(+), 8 deletions(-)
diff --git a/virt/kvm/kvmi.c b/virt/kvm/kvmi.c
index
From: Mihai Donțu
It can happened for us to end up emulating the VMCALL instruction as a
result of the handling of an EPT write fault. In this situation, the
emulator will try to unconditionally patch the correct hypercall opcode
bytes using emulator_write_emulated(). However, this last call
From: Yang Weijiang
Check SPP capability in MSR_IA32_VMX_PROCBASED_CTLS2, its 23-bit
indicates SPP support. Mark SPP bit in CPU capabilities bitmap if
it's supported.
Co-developed-by: He Chen
Signed-off-by: He Chen
Co-developed-by: Zhang Yi
Signed-off-by: Zhang Yi
Co-developed-by: Yang
From: Yang Weijiang
Co-developed-by: yi.z.zh...@linux.intel.com
Signed-off-by: yi.z.zh...@linux.intel.com
Co-developed-by: Yang Weijiang
Signed-off-by: Yang Weijiang
Message-Id: <20190717133751.12910-2-weijiang.y...@intel.com>
Signed-off-by: Adalbert Lazăr
---
From: Mihai Donțu
This is needed because the emulator calls the page tracking code
irrespective of the current VMEXIT reason or available information.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/asm/kvm_host.h | 2 +-
No introspection event (neither VM event, nor vCPU event) will be sent
to the introspection tool unless enabled/requested.
This command enables/disables VM events. For now, these events are:
* KVMI_EVENT_UNHOOK
* KVMI_EVENT_CREATE_VCPU
The first event is initiated by userspace/QEMU in order
Every vCPU has a lock-protected list in which (mostly) the receiving
worker places the jobs to be done by the vCPU once it is kicked
(KVM_REQ_INTROSPECTION) out of guest.
A job is defined by a "do" function, a pointer (context) and a "free"
function.
Co-developed-by: Nicușor Cîțu
Signed-off-by:
Usually, the vCPU thread will run the functions from its jobs list
(unless the thread is SIGKILL-ed) and continue to guest when the
list is empty. But, there are cases when it has to wait for something
(e.g. another vCPU runs in single-step mode, or the current vCPU waits
for an event reply from
From: Mihai Donțu
This patch adds support for lock cmpxchg16b m128 by extending the
existent emulation for lock cmpxchg8b m64.
For implementing the atomic operation, we use an explicit assembler
statement, as cmpxchg_double() does not provide the contents of the
memory on failure. As before,
From: Mihai Donțu
All vCPU event replies contains the action requested by the introspection
tool, which can be one of the following:
* KVMI_EVENT_ACTION_CONTINUE
* KVMI_EVENT_ACTION_RETRY
* KVMI_EVENT_ACTION_CRASH
The CONTINUE action can be seen as "continue with the old KVM code
path",
From: Mihai Donțu
This adds support for xorpd xmm2/m128, xmm1.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/emulate.c | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index
From: Mihai Donțu
This is used to add page access notifications as soon as a slot appears.
CC: Xiao Guangrong
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/asm/kvm_page_track.h | 5 -
arch/x86/kvm/page_track.c | 18 --
If the EPT violation was caused by an execute restriction imposed by the
introspection tool, gpa_available will point to the instruction pointer,
not the to the read/write location that has to be used to emulate the
current instruction.
This optimization should be disabled only when the VM is
From: Mihai Donțu
On emulation failures, we notify the introspection tool for read/write
operations if needed. Unless it responds with RETRY (to re-enter guest),
we continue single stepping the vCPU.
Signed-off-by: Mihai Donțu
Co-developed-by: Nicușor Cîțu
Signed-off-by: Nicușor Cîțu
This patch might be obsolete thanks to single-stepping.
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/x86.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 2c06de73a784..06f44ce8ed07 100644
--- a/arch/x86/kvm/x86.c
+++
From: Nicușor Cîțu
This event is sent when IDTR, GDTR, LDTR or TR are accessed.
These could be used to implement a tiny agent which runs in the context
of an introspected guest and uses virtualized exceptions (#VE) and
alternate EPT views (VMFUNC #0) to filter converted VMEXITS. The events
of
This is needed for the introspection subsystem to track the changes to
descriptor table registers.
CC: Joerg Roedel
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/x86.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index
From: Mihai Donțu
This is needed to filter #PF introspection events.
Signed-off-by: Mihai Donțu
Co-developed-by: Nicușor Cîțu
Signed-off-by: Nicușor Cîțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/include/asm/kvm_host.h | 4
arch/x86/kvm/mmu.c | 5 +
From: Mircea Cîrjaliu
This event is sent when a vCPU is ready to be introspected.
Signed-off-by: Mircea Cîrjaliu
Co-developed-by: Adalbert Lazăr
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 23 +++
virt/kvm/kvmi.c| 47
From: Yang Weijiang
If SPP subpages are set while the physical page are not
available in EPT leaf entry, the mapping is first stored
in SPP access bitmap buffer. SPPT setup is deferred to
access to the protected page, in EPT page fault handler,
the SPPT enries are set up.
Signed-off-by: Yang
From: Mihai Donțu
This is needed in order to be able to support guest code that uses movd to
write into pages that are marked for write tracking.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/emulate.c | 12 +++-
1 file changed, 11 insertions(+), 1
From: Nicușor Cîțu
This event is sent when the current instruction has been single stepped
as a result of a KVMI_EVENT_PF event to which the introspection tool
set the singlestep field and responded with CONTINUE.
Signed-off-by: Nicușor Cîțu
Signed-off-by: Adalbert Lazăr
---
From: Nicușor Cîțu
Intercept all calls that might disable the MSR interception (writes) and
do nothing if that specific MSR is currently tracked by the introspection
tool.
CC: Sean Christopherson
CC: Jim Mattson
CC: Joerg Roedel
CC: Vitaly Kuznetsov
Signed-off-by: Nicușor Cîțu
This command sets the subpage protection (SPP) write bitmap for an array
of guest physical addresses of 4KB bytes.
Co-developed-by: Yang Weijiang
Signed-off-by: Yang Weijiang
Co-developed-by: Adalbert Lazăr
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 66
From: Mihai Donțu
This is needed in order to be able to support guest code that uses movsd to
write into pages that are marked for write tracking.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/emulate.c | 32 +++-
1 file changed, 27
From: Yang Weijiang
User application, e.g., QEMU or VMI, must initialize SPP
before gets/sets SPP subpages, the dynamic initialization is to
reduce the extra storage cost if the SPP feature is not not used.
Co-developed-by: He Chen
Signed-off-by: He Chen
Co-developed-by: Zhang Yi
From: Mihai Donțu
This command is allowed only during a vCPU event (an event has been sent
and the vCPU is waiting for the reply). The registers will be set only
when the reply has been received.
Suggested-by: Paolo Bonzini
Signed-off-by: Mihai Donțu
Co-developed-by: Mircea Cîrjaliu
From: Mihai Donțu
This command is used to get kvm_regs and kvm_sregs structures,
plus the list of struct kvm_msrs.
Signed-off-by: Mihai Donțu
Co-developed-by: Adalbert Lazăr
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 43
From: Mihai Donțu
This event is sent when the extended control register XCR0 is going to
be changed.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 25 +++
arch/x86/include/asm/kvmi_host.h | 5
arch/x86/kvm/kvmi.c
From: Mircea Cîrjaliu
This commit adds the missing KVMI_GET_MAP_TOKEN command and handle the
hypercalls used to map/unmap guest pages.
Suggested-by: Paolo Bonzini
Signed-off-by: Mircea Cîrjaliu
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 39
From: Mihai Donțu
This is needed in order to be able to support guest code that uses movss to
write into pages that are marked for write tracking.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/emulate.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
From: Nicușor Cîțu
This patch introduces additional tracepoints that are meant to help
in following the flow of interrupts and exceptions queued to a guest
VM. At the same time the kvm_exit tracepoint is enhanced with the
vCPU ID.
One scenario in which these help is debugging lost interrupts
From: Mihai Donțu
On SPT page faults caused by guest page table walks, use the existing
guest page table walk code to make the necessary adjustments to the A/D
bits and return to guest. This effectively bypasses the x86 emulator
who was making the wrong modifications leading one OS (Windows 8.1
From: Mihai Donțu
This adds support for fst m64fp and fstp m64fp.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/emulate.c | 23 ++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
From: Mihai Donțu
These commands allows the introspection tool to read/write from/to the
guest memory.
Signed-off-by: Mihai Donțu
Co-developed-by: Adalbert Lazăr
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 60
include/uapi/linux/kvmi.h |
From: Yang Weijiang
Host page swapping/migration may change the translation in
EPT leaf entry, if the target page is SPP protected,
re-enable SPP protection in MMU notifier. If SPPT shadow
page is reclaimed, the level1 pages don't have rmap to clear.
Signed-off-by: Yang Weijiang
Message-Id:
It should complete the commit fd34a9518173 ("kvm: x86: consult the page
tracking from kvm_mmu_get_page() and __direct_map()")
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/mmu.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index
This function is need in order to intercept breakpoints and send
KVMI_EVENT_BREAKPOINT events to the introspection tool.
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/x86.c | 18 +-
include/linux/kvm_host.h | 2 ++
2 files changed, 15 insertions(+), 5 deletions(-)
diff
From: Mihai Donțu
This is needed in order to be able to support guest code that uses movq to
write into pages that are marked for write tracking.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/emulate.c | 24 +++-
1 file changed, 15
From: Mihai Donțu
This event is sent when a breakpoint was reached. It has to
be enabled with the KVMI_CONTROL_EVENTS command first.
The introspection tool can place breakpoints and use them as notification
for when the OS or an application has reached a certain state or is
trying to perform a
From: Mihai Donțu
This extends the previous xorpd by creating a dedicated group, something
I should have done since the very beginning.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/emulate.c | 22 +-
1 file changed, 21 insertions(+), 1
From: Mihai Donțu
The KVMI_CONTROL_MSR is used to enable/disable introspection for a
specific MSR. The KVMI_EVENT_MSR is send when the tracked MSR is going
to be changed. The introspection tool can respond by allowing the guest
to continue with normal execution or by discarding the change.
This
From: Mihai Donțu
This command returns the memory type for a guest physical address.
Signed-off-by: Mihai Donțu
Co-developed-by: Nicușor Cîțu
Signed-off-by: Nicușor Cîțu
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 32 ++
From: Mihai Donțu
A previous patch added emulation support for these instructions with a
register source and memory destination. This patch adds the variants
with a memory source and a register destination.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/emulate.c |
From: Mihai Donțu
For now, this command returns only the number of online vCPUs.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 18 ++
include/uapi/linux/kvmi.h | 5 +
virt/kvm/kvmi_msg.c| 14
These commands can be used by the introspection tool to check what
introspection commands and events are supported (by KVMi) and allowed
(by userspace/QEMU).
The introspection tool will get one of the following error codes:
* -KVM_EOPNOTSUPP (unsupported command/event)
* -KVM_PERM (disallowed
On Fri, Aug 09, 2019 at 07:00:26PM +0300, Adalbert Lazăr wrote:
> +++ b/include/linux/page-flags.h
> @@ -417,8 +417,10 @@ PAGEFLAG(Idle, idle, PF_ANY)
> */
> #define PAGE_MAPPING_ANON0x1
> #define PAGE_MAPPING_MOVABLE 0x2
> +#define PAGE_MAPPING_REMOTE 0x4
Uh. How do you know
From: Yang Weijiang
SPPT is a 4-level paging structure similar to EPT, when SPP is
kicked for target physical page, bit 61 of the corresponding
EPT enty will be flaged, then SPPT is traversed with the gfn to
build up entries, the leaf entry of SPPT contains the access
bitmap for subpages inside
From: Mihai Donțu
The current emulation takes place in two steps: the first does all the
actions that an cmpxchg would do, sets ZF and saves all results in a
temporary storage (the emulation context). It's the second step that
does the actual atomic operation (actually uses cmpxchg). The problem
The introspection tool can respond to a KVMI_EVENT_PF event with custom
input for the current instruction. This input is used to trick the guest
software into believing it has read certain data, in order to hide the
content of certain memory areas (eg. hide injected code from integrity
checkers).
From: Yang Weijiang
If write to subpage is not allowed, EPT violation is generated,
it's propagated to QEMU or VMI to handle.
If the target page is SPP protected, however SPPT missing is
encoutered while traversing with gfn, vmexit is generated so
that KVM can handle the issue. Any SPPT
From: Yang Weijiang
Create access bitmap for SPP subpages, 4KB/128B = 32bits,
for each 4KB physical page, 32bits are required. The bitmap can
be easily accessed with a gfn. The initial access bitmap for each
physical page is 0x, meaning SPP is not enabled for the
subpages.
This function is needed for the KVMI_PAUSE_VCPU command. There are
cases when it is easier for the introspection tool if it knows that
the vCPU doesn't run guest code when the command is completed, without
waiting for the KVMI_EVENT_PAUSE_VCPU event.
Signed-off-by: Adalbert Lazăr
---
From: Mihai Donțu
The KVMI_INJECT_EXCEPTION command is used by the introspection tool to
inject exceptions (eg. get a page from swap). The exception is queued
right before entering the guest. If there is already an event pending
(exception, interrupt or NMI) we notify the introspection tool with
From: Mihai Donțu
This vCPU command is used to get the XSAVE area.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 31 ++
arch/x86/include/uapi/asm/kvmi.h | 4
arch/x86/kvm/kvmi.c| 21
From: Mihai Donțu
As it was the case for lock cmpxchg, lock cmpxchg8b was emulated in two
steps the first one setting/clearing the zero flag and the last one
making the actual atomic operation.
This patch fixes that by combining the two, ie. the writeback step is
no longer necessary as the
Co-developed-by: Nicușor Cîțu
Signed-off-by: Nicușor Cîțu
Co-developed-by: Mircea Cîrjaliu
Signed-off-by: Mircea Cîrjaliu
Co-developed-by: Marian Rotariu
Signed-off-by: Marian Rotariu
Co-developed-by: Adalbert Lazăr
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/kvmi.c | 63
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/vmx/vmx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index dc648ba47df3..152c58b63f69 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7718,7 +7718,7 @@
From: Nicușor Cîțu
This would be used either if the introspection tool request it as a
reply to a KVMI_EVENT_PF event or to cope with instructions that cannot
be handled by the x86 emulator during the handling of a VMEXIT. In
these situations, all other vCPU-s are kicked and held, the EPT-based
From: Marian Rotariu
This command returns a CPUID leaf (as seen by the guest OS).
Signed-off-by: Marian Rotariu
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 36 ++
arch/x86/include/uapi/asm/kvmi.h | 12 ++
arch/x86/kvm/kvmi.c
From: Mihai Donțu
There are cases where we need to emulate a CMPXCHG that touches two
pages (4 in one and another 4 in the next, for example). Because it
is not easy to map two pages in the kernel so that we can directly
execute the exchange instruction, we fallback to single-stepping.
Luckly,
From: Mircea Cîrjaliu
An introspection tool running in a dedicated VM can use the new device
(/dev/kvmmem) to map memory from other introspected VM-s.
Two ioctl operations are supported:
- KVM_HC_MEM_MAP/struct kvmi_mem_map
- KVM_HC_MEM_UNMAP/unsigned long
In order to map an introspected
From: Yang Weijiang
init_spp() must be called before {get, set}_subpage
functions, it creates subpage access bitmaps for memory pages
and issues a KVM request to setup SPPT root pages.
kvm_mmu_set_subpages() is to enable SPP bit in EPT leaf page
and setup corresponding SPPT entries. The
This is the only vCPU command handled by the receiving worker.
It increments a pause request counter and kicks the vCPU.
This event is send by the vCPU thread, but has a low priority. It
will be sent after any other vCPU introspection event and when no vCPU
introspection command is queued.
This command returns subpage protection (SPP) write bitmaps for an array
of guest physical addresses of 4KB size.
Like the KVMI_GET_PAGE_ACCESS command, it checks only the radix tree,
not the SPP tables. So, either we change it to check the SPP tables
or we drop it. Given the fact that the
From: Mihai Donțu
This event is sent on a specific user hypercall.
It is used by the code residing inside the introspected guest to call the
introspection tool and to report certain details about its operation. For
example, a classic antimalware remediation tool can report what it has
found
Obviously, the KVMI_GET_VERSION command must not be used when the command
reply is disabled by a previous KVMI_CONTROL_CMD_RESPONSE command.
This commit changes the code path in order to check the reply option
(enabled/disabled) before trying to reply to this command. If the command
reply is
This command enables/disables subpage protection (SPP) for the current VM.
Signed-off-by: Adalbert Lazăr
---
Documentation/virtual/kvm/kvmi.rst | 33 ++
arch/x86/kvm/kvmi.c| 4
include/uapi/linux/kvmi.h | 7 +++
virt/kvm/kvmi_int.h
From: Mihai Donțu
This adds support for movq r, xmm. It introduces a new flag (GPRModRM)
to indicate decode_modrm() that the encoded register is a general purpose
one.
Signed-off-by: Mihai Donțu
Signed-off-by: Adalbert Lazăr
---
arch/x86/kvm/emulate.c | 15 +--
1 file changed, 13
The KVM introspection subsystem provides a facility for applications running
on the host or in a separate VM, to control the execution of other VM-s
(pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.),
alter the page access bits in the shadow page tables (only for the
This command enables/disables the command replies. It is useful when
the introspection tool send multiple messages with one write() call and
doesn't have to wait for a reply.
IIRC, the speed improvment seen during UnixBench tests in a VM
introspected through vsock (the introspection tool was
Based on the common header used by all messages (struct kvmi_msg_hdr),
the worker will read/validate all messages, execute the VM introspection
commands (eg. KVMI_GET_GUEST_INFO) and dispatch to vCPUs the vCPU
introspection commands (eg. KVMI_GET_REGISTERS) and the replies to
vCPU events. The vCPU
From: Mihai Donțu
Besides the pointer to the new structure, the patch adds to the kvm
structure a reference counter (the new object will be used by the thread
receiving introspection commands/events) and a completion variable
(to signal that the VM can be hooked by the introspection tool).
This command should be used by the introspection tool to identify the
commands/events supported by the KVMi subsystem and, most important,
what messages must be used for event replies. The kernel side will accept
smaller or bigger command messages, but it can be more strict with bigger
event reply
We must make sure our scatterlist segments are not too big, otherwise
we might see swiotlb failures (happens with sev, also reproducable with
swiotlb=force).
Suggested-by: Laszlo Ersek
Signed-off-by: Gerd Hoffmann
---
drivers/gpu/drm/virtio/virtgpu_object.c | 10 --
1 file changed, 8
The commit a7a69ec0d8e4 ("virtio_console: free buffers after reset")
deferred detaching of unused buffer to virtio device unplug time.
This causes unplug/replug of single port in virtio device with an
error "Error allocating inbufs\n". As we don't free the unused buffers
attached with the port.
This patch decrements 'next_avail_idx' count when detaching a buffer
from vq for packed ring code. Split ring code already does this in
virtqueue_detach_unused_buf_split function. This updates the
'next_avail_idx' to the previous correct index after an unused buffer
is detatched from the vq.
This patch series fixes the issue with unplug/replug of a port in virtio
console driver which fails with an error "Error allocating inbufs\n".
Patch 1 makes use of 'virtqueue_detach_unused_buf' function to detach
the unused buffers during port hotunplug time.
Patch 2 updates the next avail index
97 matches
Mail list logo