From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2637EC32757 for ; Fri, 9 Aug 2019 16:20:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D17F1214C6 for ; Fri, 9 Aug 2019 16:20:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2437015AbfHIQUD (ORCPT ); Fri, 9 Aug 2019 12:20:03 -0400 Received: from mx01.bbu.dsd.mx.bitdefender.com ([91.199.104.161]:53324 "EHLO mx01.bbu.dsd.mx.bitdefender.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2437114AbfHIQUB (ORCPT ); Fri, 9 Aug 2019 12:20:01 -0400 Received: from smtp.bitdefender.com (smtp02.buh.bitdefender.net [10.17.80.76]) by mx01.bbu.dsd.mx.bitdefender.com (Postfix) with ESMTPS id 99999305D340; Fri, 9 Aug 2019 19:01:04 +0300 (EEST) Received: from localhost.localdomain (unknown [89.136.169.210]) by smtp.bitdefender.com (Postfix) with ESMTPSA id 3DF27305B7AB; Fri, 9 Aug 2019 19:01:04 +0300 (EEST) From: =?UTF-8?q?Adalbert=20Laz=C4=83r?= To: kvm@vger.kernel.org Cc: linux-mm@kvack.org, virtualization@lists.linux-foundation.org, Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Konrad Rzeszutek Wilk , Tamas K Lengyel , Mathieu Tarral , =?UTF-8?q?Samuel=20Laur=C3=A9n?= , Patrick Colp , Jan Kiszka , Stefan Hajnoczi , Weijiang Yang , Zhang@vger.kernel.org, Yu C , =?UTF-8?q?Mihai=20Don=C8=9Bu?= , =?UTF-8?q?Adalbert=20Laz=C4=83r?= Subject: [RFC PATCH v6 32/92] kvm: introspection: add KVMI_GET_PAGE_ACCESS Date: Fri, 9 Aug 2019 18:59:47 +0300 Message-Id: <20190809160047.8319-33-alazar@bitdefender.com> In-Reply-To: <20190809160047.8319-1-alazar@bitdefender.com> References: <20190809160047.8319-1-alazar@bitdefender.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Mihai Donțu Returns the spte access bits (rwx) for an array of guest physical addresses. It does this by checking the radix tree in which only the spte bits "enforced" by the introspection tool are saved. This information should already be known by the tool. Not to mention that the KVMI_EVENT_PF events are sent only for EPT violation caused by these restrictions. So, we might drop this command. Signed-off-by: Mihai Donțu Signed-off-by: Adalbert Lazăr --- Documentation/virtual/kvm/kvmi.rst | 54 ++++++++++++++++++++++++++++++ arch/x86/kvm/kvmi.c | 41 +++++++++++++++++++++++ include/uapi/linux/kvmi.h | 11 ++++++ virt/kvm/kvmi.c | 9 +++++ virt/kvm/kvmi_int.h | 6 ++++ virt/kvm/kvmi_msg.c | 17 ++++++++++ 6 files changed, 138 insertions(+) diff --git a/Documentation/virtual/kvm/kvmi.rst b/Documentation/virtual/kvm/kvmi.rst index 0fc51b57b1e8..c27fea73ccfb 100644 --- a/Documentation/virtual/kvm/kvmi.rst +++ b/Documentation/virtual/kvm/kvmi.rst @@ -509,6 +509,60 @@ by the *KVMI_CONTROL_VM_EVENTS* command. * -KVM_EPERM - the access is restricted by the host * -KVM_EOPNOTSUPP - one the events can't be intercepted in the current setup +9. KVMI_GET_PAGE_ACCESS +----------------------- + +:Architectures: all +:Versions: >= 1 +:Parameters: + +:: + + struct kvmi_get_page_access { + __u16 view; + __u16 count; + __u32 padding; + __u64 gpa[0]; + }; + +:Returns: + +:: + + struct kvmi_error_code; + struct kvmi_get_page_access_reply { + __u8 access[0]; + }; + +Returns the spte access bits (rwx) for an array of ``count`` guest +physical addresses. + +The valid access bits for *KVMI_GET_PAGE_ACCESS* and *KVMI_SET_PAGE_ACCESS* +are:: + + KVMI_PAGE_ACCESS_R + KVMI_PAGE_ACCESS_W + KVMI_PAGE_ACCESS_X + +By default, for any guest physical address, the returned access mode will +be 'rwx' (all the above bits). If the introspection tool must prevent +the code execution from a guest page, for example, it should use the +KVMI_SET_PAGE_ACCESS command to set the 'rw' bits for any guest physical +addresses contained in that page. Of course, in order to receive +page fault events when these violations take place, the KVMI_CONTROL_EVENTS +command must be used to enable this type of event (KVMI_EVENT_PF). + +On Intel hardware with multiple EPT views, the ``view`` argument selects the +EPT view (0 is primary). On all other hardware it must be zero. + +:Errors: + +* -KVM_EINVAL - the selected SPT view is invalid +* -KVM_EINVAL - padding is not zero +* -KVM_EOPNOTSUPP - a SPT view was selected but the hardware doesn't support it +* -KVM_EAGAIN - the selected vCPU can't be introspected yet +* -KVM_ENOMEM - not enough memory to allocate the reply + Events ====== diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c index 121819f9c487..59cf33127b4b 100644 --- a/arch/x86/kvm/kvmi.c +++ b/arch/x86/kvm/kvmi.c @@ -183,3 +183,44 @@ void kvmi_arch_update_page_tracking(struct kvm *kvm, } } } + +int kvmi_arch_cmd_get_page_access(struct kvmi *ikvm, + const struct kvmi_msg_hdr *msg, + const struct kvmi_get_page_access *req, + struct kvmi_get_page_access_reply **dest, + size_t *dest_size) +{ + struct kvmi_get_page_access_reply *rpl = NULL; + size_t rpl_size = 0; + size_t k, n = req->count; + int ec = 0; + + if (req->padding) + return -KVM_EINVAL; + + if (msg->size < sizeof(*req) + req->count * sizeof(req->gpa[0])) + return -KVM_EINVAL; + + if (req->view != 0) /* TODO */ + return -KVM_EOPNOTSUPP; + + rpl_size = sizeof(*rpl) + sizeof(rpl->access[0]) * n; + rpl = kvmi_msg_alloc_check(rpl_size); + if (!rpl) + return -KVM_ENOMEM; + + for (k = 0; k < n && ec == 0; k++) + ec = kvmi_cmd_get_page_access(ikvm, req->gpa[k], + &rpl->access[k]); + + if (ec) { + kvmi_msg_free(rpl); + return ec; + } + + *dest = rpl; + *dest_size = rpl_size; + + return 0; +} + diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h index 40a5c304c26f..047436a0bdc0 100644 --- a/include/uapi/linux/kvmi.h +++ b/include/uapi/linux/kvmi.h @@ -116,6 +116,17 @@ struct kvmi_get_guest_info_reply { __u32 padding[3]; }; +struct kvmi_get_page_access { + __u16 view; + __u16 count; + __u32 padding; + __u64 gpa[0]; +}; + +struct kvmi_get_page_access_reply { + __u8 access[0]; +}; + struct kvmi_get_vcpu_info_reply { __u64 tsc_speed; }; diff --git a/virt/kvm/kvmi.c b/virt/kvm/kvmi.c index 0264115a7f4d..20505e4c4b5f 100644 --- a/virt/kvm/kvmi.c +++ b/virt/kvm/kvmi.c @@ -1072,6 +1072,15 @@ void kvmi_handle_requests(struct kvm_vcpu *vcpu) kvmi_put(vcpu->kvm); } +int kvmi_cmd_get_page_access(struct kvmi *ikvm, u64 gpa, u8 *access) +{ + gfn_t gfn = gpa_to_gfn(gpa); + + kvmi_get_gfn_access(ikvm, gfn, access); + + return 0; +} + int kvmi_cmd_control_events(struct kvm_vcpu *vcpu, unsigned int event_id, bool enable) { diff --git a/virt/kvm/kvmi_int.h b/virt/kvm/kvmi_int.h index d478d9a2e769..00dc5cf72f88 100644 --- a/virt/kvm/kvmi_int.h +++ b/virt/kvm/kvmi_int.h @@ -159,6 +159,7 @@ int kvmi_msg_send_unhook(struct kvmi *ikvm); void *kvmi_msg_alloc(void); void *kvmi_msg_alloc_check(size_t size); void kvmi_msg_free(void *addr); +int kvmi_cmd_get_page_access(struct kvmi *ikvm, u64 gpa, u8 *access); int kvmi_cmd_control_events(struct kvm_vcpu *vcpu, unsigned int event_id, bool enable); int kvmi_cmd_control_vm_events(struct kvmi *ikvm, unsigned int event_id, @@ -174,6 +175,11 @@ void kvmi_handle_common_event_actions(struct kvm_vcpu *vcpu, u32 action, void kvmi_arch_update_page_tracking(struct kvm *kvm, struct kvm_memory_slot *slot, struct kvmi_mem_access *m); +int kvmi_arch_cmd_get_page_access(struct kvmi *ikvm, + const struct kvmi_msg_hdr *msg, + const struct kvmi_get_page_access *req, + struct kvmi_get_page_access_reply **dest, + size_t *dest_size); void kvmi_arch_setup_event(struct kvm_vcpu *vcpu, struct kvmi_event *ev); bool kvmi_arch_pf_event(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva, u8 access); diff --git a/virt/kvm/kvmi_msg.c b/virt/kvm/kvmi_msg.c index 0642356d4e04..09ad17479abb 100644 --- a/virt/kvm/kvmi_msg.c +++ b/virt/kvm/kvmi_msg.c @@ -29,6 +29,7 @@ static const char *const msg_IDs[] = { [KVMI_EVENT] = "KVMI_EVENT", [KVMI_EVENT_REPLY] = "KVMI_EVENT_REPLY", [KVMI_GET_GUEST_INFO] = "KVMI_GET_GUEST_INFO", + [KVMI_GET_PAGE_ACCESS] = "KVMI_GET_PAGE_ACCESS", [KVMI_GET_VCPU_INFO] = "KVMI_GET_VCPU_INFO", [KVMI_GET_VERSION] = "KVMI_GET_VERSION", }; @@ -323,6 +324,21 @@ static int handle_control_cmd_response(struct kvmi *ikvm, return err; } +static int handle_get_page_access(struct kvmi *ikvm, + const struct kvmi_msg_hdr *msg, + const void *req) +{ + struct kvmi_get_page_access_reply *rpl = NULL; + size_t rpl_size = 0; + int err, ec; + + ec = kvmi_arch_cmd_get_page_access(ikvm, msg, req, &rpl, &rpl_size); + + err = kvmi_msg_vm_maybe_reply(ikvm, msg, ec, rpl, rpl_size); + kvmi_msg_free(rpl); + return err; +} + static bool invalid_vcpu_hdr(const struct kvmi_vcpu_hdr *hdr) { return hdr->padding1 || hdr->padding2; @@ -338,6 +354,7 @@ static int(*const msg_vm[])(struct kvmi *, const struct kvmi_msg_hdr *, [KVMI_CONTROL_CMD_RESPONSE] = handle_control_cmd_response, [KVMI_CONTROL_VM_EVENTS] = handle_control_vm_events, [KVMI_GET_GUEST_INFO] = handle_get_guest_info, + [KVMI_GET_PAGE_ACCESS] = handle_get_page_access, [KVMI_GET_VERSION] = handle_get_version, }; From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B80F2C31E40 for ; Fri, 9 Aug 2019 16:06:14 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 53920214C6 for ; Fri, 9 Aug 2019 16:06:14 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 53920214C6 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=bitdefender.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id E9AE96B02E1; Fri, 9 Aug 2019 12:02:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E733E6B02E2; Fri, 9 Aug 2019 12:02:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D61D26B02E3; Fri, 9 Aug 2019 12:02:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by kanga.kvack.org (Postfix) with ESMTP id 859CD6B02E1 for ; Fri, 9 Aug 2019 12:02:48 -0400 (EDT) Received: by mail-wm1-f69.google.com with SMTP id b135so1065849wmg.1 for ; Fri, 09 Aug 2019 09:02:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=5dYm/m2ik1q9vsz+PfO5GkzWEFmR5EG17a+eqHO9q/c=; b=mJTVclRjI20j80fSsCO13M8CReifhoJX/yfsgiVFapnpKXDLrCMluENT4uBZtNEf/8 5OFT4+2AcS2QhKlUdHVSI0li1peye18a6aL/P9gppBNXaIAMl7UuHqgCqyHLBLFqbjqy 956h/l3uJ4eQn8oaKmbVFNCTjTkcHSK3izVR/TjDlrI39OcziJ4bDxjKWVIyNJKlSTK4 iyz7aQSiV2+LY0bTpWspLTdsrpXRrxDVhW1rOMChwJprDntlsd9E4GxSZQ5yLsyj9GZU Auh6UYvqf57kcFQGZQhP7GI+YwCnwzZkynMXqoD/eRydsbT8g9LgX4kjXV34+1JWvGgh D22g== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of alazar@bitdefender.com designates 91.199.104.161 as permitted sender) smtp.mailfrom=alazar@bitdefender.com X-Gm-Message-State: APjAAAXRwBmnaSUOMDmXsZdBnu8oa+H3FyCYV4BchUDycQirly/kQDa7 KyWQoIv7uhYDrxmJVsXlqtlpYDbO9MrURpz5cz8gPz2T3NKzbtsbAxlkE5ya6k/I6MS/sZLF2Of GB23ZYsrGI5dcdNtv6WKIJLDCFeIhkpq8Oraz3pMx6pnKI4vkLklU87rVmdMt/bFqSg== X-Received: by 2002:adf:e40e:: with SMTP id g14mr23070579wrm.161.1565366568093; Fri, 09 Aug 2019 09:02:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqxsPKpDE4yQYqKroQzAX5qDemZViEEkVdigpuT79zwxXQOXG9yruCvKUK/JE2+MWZ/2qP9J X-Received: by 2002:adf:e40e:: with SMTP id g14mr23060887wrm.161.1565366465221; Fri, 09 Aug 2019 09:01:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565366465; cv=none; d=google.com; s=arc-20160816; b=vEy8paknZb+Ya8FrH8QwMSD87wqWc9vihbREXMfGO4XWUVndynKwOj6fp97dKYIutA Qh0ARJYmEa0pxZi7DkXyxKicNIN2ugbokEa2XVB+5TPOUeGnqsDIPQQNZ4UeCsJWbj6i IEgDdCMQewSiLkMNH2wsgNZLx2FgVS40cM6ctLeQYO8BVww1Ghz55u7JiYAjODfWksmx bUkL/v11wwQfaHo2rKIBvDSgpXek9VDPNQFZuOf8UPs70f7NZWz3TfGHa3CCURc3Y5G7 8QOQnIoF7QdnAX8Ikn8RGItJPcZ7Wt5Mn/xN5OIBlaa+dZBQytDuVxeMxLZF1mHc7+/H +OYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=5dYm/m2ik1q9vsz+PfO5GkzWEFmR5EG17a+eqHO9q/c=; b=vYaXVUoq9WH7GCZk9wDMfGo1TYZW8vlC6xdGyU9KSLvMxeLCsOUyKhZe8IJjCIitGk B3RdKmWOwnROIgAJgM9EEaieKVM0OBjISm+0+ExkGxRUKaP3M284A7tVGltv001alyhV 3l0MV0kTK4Z/uSGP02h6CH+G7/7RN6RA2e5QM4jH4Jj8mLl2p5ZYu0TsGtE4mw6KiG30 uv8kZcnF6XlaRbdSb+gneowhAgiGvwgX1boGnirLj//exZYSR+sZifnCvTOkc2WmNMPc QhchAYil2UVIjYcVFyr65EprBBbFKznsBQ+Vq9rsORVYMgOox0JwUlnhTmYyqUncC3dI B4SQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of alazar@bitdefender.com designates 91.199.104.161 as permitted sender) smtp.mailfrom=alazar@bitdefender.com Received: from mx01.bbu.dsd.mx.bitdefender.com (mx01.bbu.dsd.mx.bitdefender.com. [91.199.104.161]) by mx.google.com with ESMTPS id g6si4054016wrv.368.2019.08.09.09.01.05 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Aug 2019 09:01:05 -0700 (PDT) Received-SPF: pass (google.com: domain of alazar@bitdefender.com designates 91.199.104.161 as permitted sender) client-ip=91.199.104.161; Authentication-Results: mx.google.com; spf=pass (google.com: domain of alazar@bitdefender.com designates 91.199.104.161 as permitted sender) smtp.mailfrom=alazar@bitdefender.com Received: from smtp.bitdefender.com (smtp02.buh.bitdefender.net [10.17.80.76]) by mx01.bbu.dsd.mx.bitdefender.com (Postfix) with ESMTPS id 99999305D340; Fri, 9 Aug 2019 19:01:04 +0300 (EEST) Received: from localhost.localdomain (unknown [89.136.169.210]) by smtp.bitdefender.com (Postfix) with ESMTPSA id 3DF27305B7AB; Fri, 9 Aug 2019 19:01:04 +0300 (EEST) From: =?UTF-8?q?Adalbert=20Laz=C4=83r?= To: kvm@vger.kernel.org Cc: linux-mm@kvack.org, virtualization@lists.linux-foundation.org, Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Konrad Rzeszutek Wilk , Tamas K Lengyel , Mathieu Tarral , =?UTF-8?q?Samuel=20Laur=C3=A9n?= , Patrick Colp , Jan Kiszka , Stefan Hajnoczi , Weijiang Yang , Zhang@kvack.org, Yu C , =?UTF-8?q?Mihai=20Don=C8=9Bu?= , =?UTF-8?q?Adalbert=20Laz=C4=83r?= Subject: [RFC PATCH v6 32/92] kvm: introspection: add KVMI_GET_PAGE_ACCESS Date: Fri, 9 Aug 2019 18:59:47 +0300 Message-Id: <20190809160047.8319-33-alazar@bitdefender.com> In-Reply-To: <20190809160047.8319-1-alazar@bitdefender.com> References: <20190809160047.8319-1-alazar@bitdefender.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Mihai Donțu Returns the spte access bits (rwx) for an array of guest physical addresses. It does this by checking the radix tree in which only the spte bits "enforced" by the introspection tool are saved. This information should already be known by the tool. Not to mention that the KVMI_EVENT_PF events are sent only for EPT violation caused by these restrictions. So, we might drop this command. Signed-off-by: Mihai Donțu Signed-off-by: Adalbert Lazăr --- Documentation/virtual/kvm/kvmi.rst | 54 ++++++++++++++++++++++++++++++ arch/x86/kvm/kvmi.c | 41 +++++++++++++++++++++++ include/uapi/linux/kvmi.h | 11 ++++++ virt/kvm/kvmi.c | 9 +++++ virt/kvm/kvmi_int.h | 6 ++++ virt/kvm/kvmi_msg.c | 17 ++++++++++ 6 files changed, 138 insertions(+) diff --git a/Documentation/virtual/kvm/kvmi.rst b/Documentation/virtual/kvm/kvmi.rst index 0fc51b57b1e8..c27fea73ccfb 100644 --- a/Documentation/virtual/kvm/kvmi.rst +++ b/Documentation/virtual/kvm/kvmi.rst @@ -509,6 +509,60 @@ by the *KVMI_CONTROL_VM_EVENTS* command. * -KVM_EPERM - the access is restricted by the host * -KVM_EOPNOTSUPP - one the events can't be intercepted in the current setup +9. KVMI_GET_PAGE_ACCESS +----------------------- + +:Architectures: all +:Versions: >= 1 +:Parameters: + +:: + + struct kvmi_get_page_access { + __u16 view; + __u16 count; + __u32 padding; + __u64 gpa[0]; + }; + +:Returns: + +:: + + struct kvmi_error_code; + struct kvmi_get_page_access_reply { + __u8 access[0]; + }; + +Returns the spte access bits (rwx) for an array of ``count`` guest +physical addresses. + +The valid access bits for *KVMI_GET_PAGE_ACCESS* and *KVMI_SET_PAGE_ACCESS* +are:: + + KVMI_PAGE_ACCESS_R + KVMI_PAGE_ACCESS_W + KVMI_PAGE_ACCESS_X + +By default, for any guest physical address, the returned access mode will +be 'rwx' (all the above bits). If the introspection tool must prevent +the code execution from a guest page, for example, it should use the +KVMI_SET_PAGE_ACCESS command to set the 'rw' bits for any guest physical +addresses contained in that page. Of course, in order to receive +page fault events when these violations take place, the KVMI_CONTROL_EVENTS +command must be used to enable this type of event (KVMI_EVENT_PF). + +On Intel hardware with multiple EPT views, the ``view`` argument selects the +EPT view (0 is primary). On all other hardware it must be zero. + +:Errors: + +* -KVM_EINVAL - the selected SPT view is invalid +* -KVM_EINVAL - padding is not zero +* -KVM_EOPNOTSUPP - a SPT view was selected but the hardware doesn't support it +* -KVM_EAGAIN - the selected vCPU can't be introspected yet +* -KVM_ENOMEM - not enough memory to allocate the reply + Events ====== diff --git a/arch/x86/kvm/kvmi.c b/arch/x86/kvm/kvmi.c index 121819f9c487..59cf33127b4b 100644 --- a/arch/x86/kvm/kvmi.c +++ b/arch/x86/kvm/kvmi.c @@ -183,3 +183,44 @@ void kvmi_arch_update_page_tracking(struct kvm *kvm, } } } + +int kvmi_arch_cmd_get_page_access(struct kvmi *ikvm, + const struct kvmi_msg_hdr *msg, + const struct kvmi_get_page_access *req, + struct kvmi_get_page_access_reply **dest, + size_t *dest_size) +{ + struct kvmi_get_page_access_reply *rpl = NULL; + size_t rpl_size = 0; + size_t k, n = req->count; + int ec = 0; + + if (req->padding) + return -KVM_EINVAL; + + if (msg->size < sizeof(*req) + req->count * sizeof(req->gpa[0])) + return -KVM_EINVAL; + + if (req->view != 0) /* TODO */ + return -KVM_EOPNOTSUPP; + + rpl_size = sizeof(*rpl) + sizeof(rpl->access[0]) * n; + rpl = kvmi_msg_alloc_check(rpl_size); + if (!rpl) + return -KVM_ENOMEM; + + for (k = 0; k < n && ec == 0; k++) + ec = kvmi_cmd_get_page_access(ikvm, req->gpa[k], + &rpl->access[k]); + + if (ec) { + kvmi_msg_free(rpl); + return ec; + } + + *dest = rpl; + *dest_size = rpl_size; + + return 0; +} + diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h index 40a5c304c26f..047436a0bdc0 100644 --- a/include/uapi/linux/kvmi.h +++ b/include/uapi/linux/kvmi.h @@ -116,6 +116,17 @@ struct kvmi_get_guest_info_reply { __u32 padding[3]; }; +struct kvmi_get_page_access { + __u16 view; + __u16 count; + __u32 padding; + __u64 gpa[0]; +}; + +struct kvmi_get_page_access_reply { + __u8 access[0]; +}; + struct kvmi_get_vcpu_info_reply { __u64 tsc_speed; }; diff --git a/virt/kvm/kvmi.c b/virt/kvm/kvmi.c index 0264115a7f4d..20505e4c4b5f 100644 --- a/virt/kvm/kvmi.c +++ b/virt/kvm/kvmi.c @@ -1072,6 +1072,15 @@ void kvmi_handle_requests(struct kvm_vcpu *vcpu) kvmi_put(vcpu->kvm); } +int kvmi_cmd_get_page_access(struct kvmi *ikvm, u64 gpa, u8 *access) +{ + gfn_t gfn = gpa_to_gfn(gpa); + + kvmi_get_gfn_access(ikvm, gfn, access); + + return 0; +} + int kvmi_cmd_control_events(struct kvm_vcpu *vcpu, unsigned int event_id, bool enable) { diff --git a/virt/kvm/kvmi_int.h b/virt/kvm/kvmi_int.h index d478d9a2e769..00dc5cf72f88 100644 --- a/virt/kvm/kvmi_int.h +++ b/virt/kvm/kvmi_int.h @@ -159,6 +159,7 @@ int kvmi_msg_send_unhook(struct kvmi *ikvm); void *kvmi_msg_alloc(void); void *kvmi_msg_alloc_check(size_t size); void kvmi_msg_free(void *addr); +int kvmi_cmd_get_page_access(struct kvmi *ikvm, u64 gpa, u8 *access); int kvmi_cmd_control_events(struct kvm_vcpu *vcpu, unsigned int event_id, bool enable); int kvmi_cmd_control_vm_events(struct kvmi *ikvm, unsigned int event_id, @@ -174,6 +175,11 @@ void kvmi_handle_common_event_actions(struct kvm_vcpu *vcpu, u32 action, void kvmi_arch_update_page_tracking(struct kvm *kvm, struct kvm_memory_slot *slot, struct kvmi_mem_access *m); +int kvmi_arch_cmd_get_page_access(struct kvmi *ikvm, + const struct kvmi_msg_hdr *msg, + const struct kvmi_get_page_access *req, + struct kvmi_get_page_access_reply **dest, + size_t *dest_size); void kvmi_arch_setup_event(struct kvm_vcpu *vcpu, struct kvmi_event *ev); bool kvmi_arch_pf_event(struct kvm_vcpu *vcpu, gpa_t gpa, gva_t gva, u8 access); diff --git a/virt/kvm/kvmi_msg.c b/virt/kvm/kvmi_msg.c index 0642356d4e04..09ad17479abb 100644 --- a/virt/kvm/kvmi_msg.c +++ b/virt/kvm/kvmi_msg.c @@ -29,6 +29,7 @@ static const char *const msg_IDs[] = { [KVMI_EVENT] = "KVMI_EVENT", [KVMI_EVENT_REPLY] = "KVMI_EVENT_REPLY", [KVMI_GET_GUEST_INFO] = "KVMI_GET_GUEST_INFO", + [KVMI_GET_PAGE_ACCESS] = "KVMI_GET_PAGE_ACCESS", [KVMI_GET_VCPU_INFO] = "KVMI_GET_VCPU_INFO", [KVMI_GET_VERSION] = "KVMI_GET_VERSION", }; @@ -323,6 +324,21 @@ static int handle_control_cmd_response(struct kvmi *ikvm, return err; } +static int handle_get_page_access(struct kvmi *ikvm, + const struct kvmi_msg_hdr *msg, + const void *req) +{ + struct kvmi_get_page_access_reply *rpl = NULL; + size_t rpl_size = 0; + int err, ec; + + ec = kvmi_arch_cmd_get_page_access(ikvm, msg, req, &rpl, &rpl_size); + + err = kvmi_msg_vm_maybe_reply(ikvm, msg, ec, rpl, rpl_size); + kvmi_msg_free(rpl); + return err; +} + static bool invalid_vcpu_hdr(const struct kvmi_vcpu_hdr *hdr) { return hdr->padding1 || hdr->padding2; @@ -338,6 +354,7 @@ static int(*const msg_vm[])(struct kvmi *, const struct kvmi_msg_hdr *, [KVMI_CONTROL_CMD_RESPONSE] = handle_control_cmd_response, [KVMI_CONTROL_VM_EVENTS] = handle_control_vm_events, [KVMI_GET_GUEST_INFO] = handle_get_guest_info, + [KVMI_GET_PAGE_ACCESS] = handle_get_page_access, [KVMI_GET_VERSION] = handle_get_version, }; From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?q?Adalbert=20Laz=C4=83r?= Subject: [RFC PATCH v6 32/92] kvm: introspection: add KVMI_GET_PAGE_ACCESS Date: Fri, 9 Aug 2019 18:59:47 +0300 Message-ID: <20190809160047.8319-33-alazar@bitdefender.com> References: <20190809160047.8319-1-alazar@bitdefender.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <20190809160047.8319-1-alazar@bitdefender.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: virtualization-bounces@lists.linux-foundation.org Errors-To: virtualization-bounces@lists.linux-foundation.org To: kvm@vger.kernel.org Cc: Tamas K Lengyel , Weijiang Yang , Yu C , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Jan Kiszka , =?UTF-8?q?Samuel=20Laur=C3=A9n?= , Konrad Rzeszutek Wilk , virtualization@lists.linux-foundation.org, =?UTF-8?q?Adalbert=20Laz=C4=83r?= , linux-mm@kvack.org, Patrick Colp , Mathieu Tarral , Stefan Hajnoczi , Paolo Bonzini , Zhang@mail.linuxfoundation.org, =?UTF-8?q?Mihai=20Don=C8=9Bu?= List-Id: virtualization@lists.linuxfoundation.org RnJvbTogTWloYWkgRG9uyJt1IDxtZG9udHVAYml0ZGVmZW5kZXIuY29tPgoKUmV0dXJucyB0aGUg c3B0ZSBhY2Nlc3MgYml0cyAocnd4KSBmb3IgYW4gYXJyYXkgb2YgZ3Vlc3QgcGh5c2ljYWwKYWRk cmVzc2VzLgoKSXQgZG9lcyB0aGlzIGJ5IGNoZWNraW5nIHRoZSByYWRpeCB0cmVlIGluIHdoaWNo IG9ubHkgdGhlIHNwdGUgYml0cwoiZW5mb3JjZWQiIGJ5IHRoZSBpbnRyb3NwZWN0aW9uIHRvb2wg YXJlIHNhdmVkLiBUaGlzIGluZm9ybWF0aW9uIHNob3VsZAphbHJlYWR5IGJlIGtub3duIGJ5IHRo ZSB0b29sLiBOb3QgdG8gbWVudGlvbiB0aGF0IHRoZSBLVk1JX0VWRU5UX1BGCmV2ZW50cyBhcmUg c2VudCBvbmx5IGZvciBFUFQgdmlvbGF0aW9uIGNhdXNlZCBieSB0aGVzZSByZXN0cmljdGlvbnMu ClNvLCB3ZSBtaWdodCBkcm9wIHRoaXMgY29tbWFuZC4KClNpZ25lZC1vZmYtYnk6IE1paGFpIERv bsibdSA8bWRvbnR1QGJpdGRlZmVuZGVyLmNvbT4KU2lnbmVkLW9mZi1ieTogQWRhbGJlcnQgTGF6 xINyIDxhbGF6YXJAYml0ZGVmZW5kZXIuY29tPgotLS0KIERvY3VtZW50YXRpb24vdmlydHVhbC9r dm0va3ZtaS5yc3QgfCA1NCArKysrKysrKysrKysrKysrKysrKysrKysrKysrKysKIGFyY2gveDg2 L2t2bS9rdm1pLmMgICAgICAgICAgICAgICAgfCA0MSArKysrKysrKysrKysrKysrKysrKysrKwog aW5jbHVkZS91YXBpL2xpbnV4L2t2bWkuaCAgICAgICAgICB8IDExICsrKysrKwogdmlydC9rdm0v a3ZtaS5jICAgICAgICAgICAgICAgICAgICB8ICA5ICsrKysrCiB2aXJ0L2t2bS9rdm1pX2ludC5o ICAgICAgICAgICAgICAgIHwgIDYgKysrKwogdmlydC9rdm0va3ZtaV9tc2cuYyAgICAgICAgICAg ICAgICB8IDE3ICsrKysrKysrKysKIDYgZmlsZXMgY2hhbmdlZCwgMTM4IGluc2VydGlvbnMoKykK CmRpZmYgLS1naXQgYS9Eb2N1bWVudGF0aW9uL3ZpcnR1YWwva3ZtL2t2bWkucnN0IGIvRG9jdW1l bnRhdGlvbi92aXJ0dWFsL2t2bS9rdm1pLnJzdAppbmRleCAwZmM1MWI1N2IxZTguLmMyN2ZlYTcz Y2NmYiAxMDA2NDQKLS0tIGEvRG9jdW1lbnRhdGlvbi92aXJ0dWFsL2t2bS9rdm1pLnJzdAorKysg Yi9Eb2N1bWVudGF0aW9uL3ZpcnR1YWwva3ZtL2t2bWkucnN0CkBAIC01MDksNiArNTA5LDYwIEBA IGJ5IHRoZSAqS1ZNSV9DT05UUk9MX1ZNX0VWRU5UUyogY29tbWFuZC4KICogLUtWTV9FUEVSTSAt IHRoZSBhY2Nlc3MgaXMgcmVzdHJpY3RlZCBieSB0aGUgaG9zdAogKiAtS1ZNX0VPUE5PVFNVUFAg LSBvbmUgdGhlIGV2ZW50cyBjYW4ndCBiZSBpbnRlcmNlcHRlZCBpbiB0aGUgY3VycmVudCBzZXR1 cAogCis5LiBLVk1JX0dFVF9QQUdFX0FDQ0VTUworLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KKwor OkFyY2hpdGVjdHVyZXM6IGFsbAorOlZlcnNpb25zOiA+PSAxCis6UGFyYW1ldGVyczoKKworOjoK KworCXN0cnVjdCBrdm1pX2dldF9wYWdlX2FjY2VzcyB7CisJCV9fdTE2IHZpZXc7CisJCV9fdTE2 IGNvdW50OworCQlfX3UzMiBwYWRkaW5nOworCQlfX3U2NCBncGFbMF07CisJfTsKKworOlJldHVy bnM6CisKKzo6CisKKwlzdHJ1Y3Qga3ZtaV9lcnJvcl9jb2RlOworCXN0cnVjdCBrdm1pX2dldF9w YWdlX2FjY2Vzc19yZXBseSB7CisJCV9fdTggYWNjZXNzWzBdOworCX07CisKK1JldHVybnMgdGhl IHNwdGUgYWNjZXNzIGJpdHMgKHJ3eCkgZm9yIGFuIGFycmF5IG9mIGBgY291bnRgYCBndWVzdAor cGh5c2ljYWwgYWRkcmVzc2VzLgorCitUaGUgdmFsaWQgYWNjZXNzIGJpdHMgZm9yICpLVk1JX0dF VF9QQUdFX0FDQ0VTUyogYW5kICpLVk1JX1NFVF9QQUdFX0FDQ0VTUyoKK2FyZTo6CisKKwlLVk1J X1BBR0VfQUNDRVNTX1IKKwlLVk1JX1BBR0VfQUNDRVNTX1cKKwlLVk1JX1BBR0VfQUNDRVNTX1gK KworQnkgZGVmYXVsdCwgZm9yIGFueSBndWVzdCBwaHlzaWNhbCBhZGRyZXNzLCB0aGUgcmV0dXJu ZWQgYWNjZXNzIG1vZGUgd2lsbAorYmUgJ3J3eCcgKGFsbCB0aGUgYWJvdmUgYml0cykuIElmIHRo ZSBpbnRyb3NwZWN0aW9uIHRvb2wgbXVzdCBwcmV2ZW50Cit0aGUgY29kZSBleGVjdXRpb24gZnJv bSBhIGd1ZXN0IHBhZ2UsIGZvciBleGFtcGxlLCBpdCBzaG91bGQgdXNlIHRoZQorS1ZNSV9TRVRf UEFHRV9BQ0NFU1MgY29tbWFuZCB0byBzZXQgdGhlICdydycgYml0cyBmb3IgYW55IGd1ZXN0IHBo eXNpY2FsCithZGRyZXNzZXMgY29udGFpbmVkIGluIHRoYXQgcGFnZS4gT2YgY291cnNlLCBpbiBv cmRlciB0byByZWNlaXZlCitwYWdlIGZhdWx0IGV2ZW50cyB3aGVuIHRoZXNlIHZpb2xhdGlvbnMg dGFrZSBwbGFjZSwgdGhlIEtWTUlfQ09OVFJPTF9FVkVOVFMKK2NvbW1hbmQgbXVzdCBiZSB1c2Vk IHRvIGVuYWJsZSB0aGlzIHR5cGUgb2YgZXZlbnQgKEtWTUlfRVZFTlRfUEYpLgorCitPbiBJbnRl bCBoYXJkd2FyZSB3aXRoIG11bHRpcGxlIEVQVCB2aWV3cywgdGhlIGBgdmlld2BgIGFyZ3VtZW50 IHNlbGVjdHMgdGhlCitFUFQgdmlldyAoMCBpcyBwcmltYXJ5KS4gT24gYWxsIG90aGVyIGhhcmR3 YXJlIGl0IG11c3QgYmUgemVyby4KKworOkVycm9yczoKKworKiAtS1ZNX0VJTlZBTCAtIHRoZSBz ZWxlY3RlZCBTUFQgdmlldyBpcyBpbnZhbGlkCisqIC1LVk1fRUlOVkFMIC0gcGFkZGluZyBpcyBu b3QgemVybworKiAtS1ZNX0VPUE5PVFNVUFAgLSBhIFNQVCB2aWV3IHdhcyBzZWxlY3RlZCBidXQg dGhlIGhhcmR3YXJlIGRvZXNuJ3Qgc3VwcG9ydCBpdAorKiAtS1ZNX0VBR0FJTiAtIHRoZSBzZWxl Y3RlZCB2Q1BVIGNhbid0IGJlIGludHJvc3BlY3RlZCB5ZXQKKyogLUtWTV9FTk9NRU0gLSBub3Qg ZW5vdWdoIG1lbW9yeSB0byBhbGxvY2F0ZSB0aGUgcmVwbHkKKwogRXZlbnRzCiA9PT09PT0KIApk aWZmIC0tZ2l0IGEvYXJjaC94ODYva3ZtL2t2bWkuYyBiL2FyY2gveDg2L2t2bS9rdm1pLmMKaW5k ZXggMTIxODE5ZjljNDg3Li41OWNmMzMxMjdiNGIgMTAwNjQ0Ci0tLSBhL2FyY2gveDg2L2t2bS9r dm1pLmMKKysrIGIvYXJjaC94ODYva3ZtL2t2bWkuYwpAQCAtMTgzLDMgKzE4Myw0NCBAQCB2b2lk IGt2bWlfYXJjaF91cGRhdGVfcGFnZV90cmFja2luZyhzdHJ1Y3Qga3ZtICprdm0sCiAJCX0KIAl9 CiB9CisKK2ludCBrdm1pX2FyY2hfY21kX2dldF9wYWdlX2FjY2VzcyhzdHJ1Y3Qga3ZtaSAqaWt2 bSwKKwkJCQkgIGNvbnN0IHN0cnVjdCBrdm1pX21zZ19oZHIgKm1zZywKKwkJCQkgIGNvbnN0IHN0 cnVjdCBrdm1pX2dldF9wYWdlX2FjY2VzcyAqcmVxLAorCQkJCSAgc3RydWN0IGt2bWlfZ2V0X3Bh Z2VfYWNjZXNzX3JlcGx5ICoqZGVzdCwKKwkJCQkgIHNpemVfdCAqZGVzdF9zaXplKQoreworCXN0 cnVjdCBrdm1pX2dldF9wYWdlX2FjY2Vzc19yZXBseSAqcnBsID0gTlVMTDsKKwlzaXplX3QgcnBs X3NpemUgPSAwOworCXNpemVfdCBrLCBuID0gcmVxLT5jb3VudDsKKwlpbnQgZWMgPSAwOworCisJ aWYgKHJlcS0+cGFkZGluZykKKwkJcmV0dXJuIC1LVk1fRUlOVkFMOworCisJaWYgKG1zZy0+c2l6 ZSA8IHNpemVvZigqcmVxKSArIHJlcS0+Y291bnQgKiBzaXplb2YocmVxLT5ncGFbMF0pKQorCQly ZXR1cm4gLUtWTV9FSU5WQUw7CisKKwlpZiAocmVxLT52aWV3ICE9IDApCS8qIFRPRE8gKi8KKwkJ cmV0dXJuIC1LVk1fRU9QTk9UU1VQUDsKKworCXJwbF9zaXplID0gc2l6ZW9mKCpycGwpICsgc2l6 ZW9mKHJwbC0+YWNjZXNzWzBdKSAqIG47CisJcnBsID0ga3ZtaV9tc2dfYWxsb2NfY2hlY2socnBs X3NpemUpOworCWlmICghcnBsKQorCQlyZXR1cm4gLUtWTV9FTk9NRU07CisKKwlmb3IgKGsgPSAw OyBrIDwgbiAmJiBlYyA9PSAwOyBrKyspCisJCWVjID0ga3ZtaV9jbWRfZ2V0X3BhZ2VfYWNjZXNz KGlrdm0sIHJlcS0+Z3BhW2tdLAorCQkJCQkgICAgICAmcnBsLT5hY2Nlc3Nba10pOworCisJaWYg KGVjKSB7CisJCWt2bWlfbXNnX2ZyZWUocnBsKTsKKwkJcmV0dXJuIGVjOworCX0KKworCSpkZXN0 ID0gcnBsOworCSpkZXN0X3NpemUgPSBycGxfc2l6ZTsKKworCXJldHVybiAwOworfQorCmRpZmYg LS1naXQgYS9pbmNsdWRlL3VhcGkvbGludXgva3ZtaS5oIGIvaW5jbHVkZS91YXBpL2xpbnV4L2t2 bWkuaAppbmRleCA0MGE1YzMwNGMyNmYuLjA0NzQzNmEwYmRjMCAxMDA2NDQKLS0tIGEvaW5jbHVk ZS91YXBpL2xpbnV4L2t2bWkuaAorKysgYi9pbmNsdWRlL3VhcGkvbGludXgva3ZtaS5oCkBAIC0x MTYsNiArMTE2LDE3IEBAIHN0cnVjdCBrdm1pX2dldF9ndWVzdF9pbmZvX3JlcGx5IHsKIAlfX3Uz MiBwYWRkaW5nWzNdOwogfTsKIAorc3RydWN0IGt2bWlfZ2V0X3BhZ2VfYWNjZXNzIHsKKwlfX3Ux NiB2aWV3OworCV9fdTE2IGNvdW50OworCV9fdTMyIHBhZGRpbmc7CisJX191NjQgZ3BhWzBdOwor fTsKKworc3RydWN0IGt2bWlfZ2V0X3BhZ2VfYWNjZXNzX3JlcGx5IHsKKwlfX3U4IGFjY2Vzc1sw XTsKK307CisKIHN0cnVjdCBrdm1pX2dldF92Y3B1X2luZm9fcmVwbHkgewogCV9fdTY0IHRzY19z cGVlZDsKIH07CmRpZmYgLS1naXQgYS92aXJ0L2t2bS9rdm1pLmMgYi92aXJ0L2t2bS9rdm1pLmMK aW5kZXggMDI2NDExNWE3ZjRkLi4yMDUwNWU0YzRiNWYgMTAwNjQ0Ci0tLSBhL3ZpcnQva3ZtL2t2 bWkuYworKysgYi92aXJ0L2t2bS9rdm1pLmMKQEAgLTEwNzIsNiArMTA3MiwxNSBAQCB2b2lkIGt2 bWlfaGFuZGxlX3JlcXVlc3RzKHN0cnVjdCBrdm1fdmNwdSAqdmNwdSkKIAlrdm1pX3B1dCh2Y3B1 LT5rdm0pOwogfQogCitpbnQga3ZtaV9jbWRfZ2V0X3BhZ2VfYWNjZXNzKHN0cnVjdCBrdm1pICpp a3ZtLCB1NjQgZ3BhLCB1OCAqYWNjZXNzKQoreworCWdmbl90IGdmbiA9IGdwYV90b19nZm4oZ3Bh KTsKKworCWt2bWlfZ2V0X2dmbl9hY2Nlc3MoaWt2bSwgZ2ZuLCBhY2Nlc3MpOworCisJcmV0dXJu IDA7Cit9CisKIGludCBrdm1pX2NtZF9jb250cm9sX2V2ZW50cyhzdHJ1Y3Qga3ZtX3ZjcHUgKnZj cHUsIHVuc2lnbmVkIGludCBldmVudF9pZCwKIAkJCSAgICBib29sIGVuYWJsZSkKIHsKZGlmZiAt LWdpdCBhL3ZpcnQva3ZtL2t2bWlfaW50LmggYi92aXJ0L2t2bS9rdm1pX2ludC5oCmluZGV4IGQ0 NzhkOWEyZTc2OS4uMDBkYzVjZjcyZjg4IDEwMDY0NAotLS0gYS92aXJ0L2t2bS9rdm1pX2ludC5o CisrKyBiL3ZpcnQva3ZtL2t2bWlfaW50LmgKQEAgLTE1OSw2ICsxNTksNyBAQCBpbnQga3ZtaV9t c2dfc2VuZF91bmhvb2soc3RydWN0IGt2bWkgKmlrdm0pOwogdm9pZCAqa3ZtaV9tc2dfYWxsb2Mo dm9pZCk7CiB2b2lkICprdm1pX21zZ19hbGxvY19jaGVjayhzaXplX3Qgc2l6ZSk7CiB2b2lkIGt2 bWlfbXNnX2ZyZWUodm9pZCAqYWRkcik7CitpbnQga3ZtaV9jbWRfZ2V0X3BhZ2VfYWNjZXNzKHN0 cnVjdCBrdm1pICppa3ZtLCB1NjQgZ3BhLCB1OCAqYWNjZXNzKTsKIGludCBrdm1pX2NtZF9jb250 cm9sX2V2ZW50cyhzdHJ1Y3Qga3ZtX3ZjcHUgKnZjcHUsIHVuc2lnbmVkIGludCBldmVudF9pZCwK IAkJCSAgICBib29sIGVuYWJsZSk7CiBpbnQga3ZtaV9jbWRfY29udHJvbF92bV9ldmVudHMoc3Ry dWN0IGt2bWkgKmlrdm0sIHVuc2lnbmVkIGludCBldmVudF9pZCwKQEAgLTE3NCw2ICsxNzUsMTEg QEAgdm9pZCBrdm1pX2hhbmRsZV9jb21tb25fZXZlbnRfYWN0aW9ucyhzdHJ1Y3Qga3ZtX3ZjcHUg KnZjcHUsIHUzMiBhY3Rpb24sCiB2b2lkIGt2bWlfYXJjaF91cGRhdGVfcGFnZV90cmFja2luZyhz dHJ1Y3Qga3ZtICprdm0sCiAJCQkJICAgIHN0cnVjdCBrdm1fbWVtb3J5X3Nsb3QgKnNsb3QsCiAJ CQkJICAgIHN0cnVjdCBrdm1pX21lbV9hY2Nlc3MgKm0pOworaW50IGt2bWlfYXJjaF9jbWRfZ2V0 X3BhZ2VfYWNjZXNzKHN0cnVjdCBrdm1pICppa3ZtLAorCQkJCSAgY29uc3Qgc3RydWN0IGt2bWlf bXNnX2hkciAqbXNnLAorCQkJCSAgY29uc3Qgc3RydWN0IGt2bWlfZ2V0X3BhZ2VfYWNjZXNzICpy ZXEsCisJCQkJICBzdHJ1Y3Qga3ZtaV9nZXRfcGFnZV9hY2Nlc3NfcmVwbHkgKipkZXN0LAorCQkJ CSAgc2l6ZV90ICpkZXN0X3NpemUpOwogdm9pZCBrdm1pX2FyY2hfc2V0dXBfZXZlbnQoc3RydWN0 IGt2bV92Y3B1ICp2Y3B1LCBzdHJ1Y3Qga3ZtaV9ldmVudCAqZXYpOwogYm9vbCBrdm1pX2FyY2hf cGZfZXZlbnQoc3RydWN0IGt2bV92Y3B1ICp2Y3B1LCBncGFfdCBncGEsIGd2YV90IGd2YSwKIAkJ CXU4IGFjY2Vzcyk7CmRpZmYgLS1naXQgYS92aXJ0L2t2bS9rdm1pX21zZy5jIGIvdmlydC9rdm0v a3ZtaV9tc2cuYwppbmRleCAwNjQyMzU2ZDRlMDQuLjA5YWQxNzQ3OWFiYiAxMDA2NDQKLS0tIGEv dmlydC9rdm0va3ZtaV9tc2cuYworKysgYi92aXJ0L2t2bS9rdm1pX21zZy5jCkBAIC0yOSw2ICsy OSw3IEBAIHN0YXRpYyBjb25zdCBjaGFyICpjb25zdCBtc2dfSURzW10gPSB7CiAJW0tWTUlfRVZF TlRdICAgICAgICAgICAgICAgICA9ICJLVk1JX0VWRU5UIiwKIAlbS1ZNSV9FVkVOVF9SRVBMWV0g ICAgICAgICAgID0gIktWTUlfRVZFTlRfUkVQTFkiLAogCVtLVk1JX0dFVF9HVUVTVF9JTkZPXSAg ICAgICAgPSAiS1ZNSV9HRVRfR1VFU1RfSU5GTyIsCisJW0tWTUlfR0VUX1BBR0VfQUNDRVNTXSAg ICAgICA9ICJLVk1JX0dFVF9QQUdFX0FDQ0VTUyIsCiAJW0tWTUlfR0VUX1ZDUFVfSU5GT10gICAg ICAgICA9ICJLVk1JX0dFVF9WQ1BVX0lORk8iLAogCVtLVk1JX0dFVF9WRVJTSU9OXSAgICAgICAg ICAgPSAiS1ZNSV9HRVRfVkVSU0lPTiIsCiB9OwpAQCAtMzIzLDYgKzMyNCwyMSBAQCBzdGF0aWMg aW50IGhhbmRsZV9jb250cm9sX2NtZF9yZXNwb25zZShzdHJ1Y3Qga3ZtaSAqaWt2bSwKIAlyZXR1 cm4gZXJyOwogfQogCitzdGF0aWMgaW50IGhhbmRsZV9nZXRfcGFnZV9hY2Nlc3Moc3RydWN0IGt2 bWkgKmlrdm0sCisJCQkJICBjb25zdCBzdHJ1Y3Qga3ZtaV9tc2dfaGRyICptc2csCisJCQkJICBj b25zdCB2b2lkICpyZXEpCit7CisJc3RydWN0IGt2bWlfZ2V0X3BhZ2VfYWNjZXNzX3JlcGx5ICpy cGwgPSBOVUxMOworCXNpemVfdCBycGxfc2l6ZSA9IDA7CisJaW50IGVyciwgZWM7CisKKwllYyA9 IGt2bWlfYXJjaF9jbWRfZ2V0X3BhZ2VfYWNjZXNzKGlrdm0sIG1zZywgcmVxLCAmcnBsLCAmcnBs X3NpemUpOworCisJZXJyID0ga3ZtaV9tc2dfdm1fbWF5YmVfcmVwbHkoaWt2bSwgbXNnLCBlYywg cnBsLCBycGxfc2l6ZSk7CisJa3ZtaV9tc2dfZnJlZShycGwpOworCXJldHVybiBlcnI7Cit9CisK IHN0YXRpYyBib29sIGludmFsaWRfdmNwdV9oZHIoY29uc3Qgc3RydWN0IGt2bWlfdmNwdV9oZHIg KmhkcikKIHsKIAlyZXR1cm4gaGRyLT5wYWRkaW5nMSB8fCBoZHItPnBhZGRpbmcyOwpAQCAtMzM4 LDYgKzM1NCw3IEBAIHN0YXRpYyBpbnQoKmNvbnN0IG1zZ192bVtdKShzdHJ1Y3Qga3ZtaSAqLCBj b25zdCBzdHJ1Y3Qga3ZtaV9tc2dfaGRyICosCiAJW0tWTUlfQ09OVFJPTF9DTURfUkVTUE9OU0Vd ICA9IGhhbmRsZV9jb250cm9sX2NtZF9yZXNwb25zZSwKIAlbS1ZNSV9DT05UUk9MX1ZNX0VWRU5U U10gICAgID0gaGFuZGxlX2NvbnRyb2xfdm1fZXZlbnRzLAogCVtLVk1JX0dFVF9HVUVTVF9JTkZP XSAgICAgICAgPSBoYW5kbGVfZ2V0X2d1ZXN0X2luZm8sCisJW0tWTUlfR0VUX1BBR0VfQUNDRVNT XSAgICAgICA9IGhhbmRsZV9nZXRfcGFnZV9hY2Nlc3MsCiAJW0tWTUlfR0VUX1ZFUlNJT05dICAg ICAgICAgICA9IGhhbmRsZV9nZXRfdmVyc2lvbiwKIH07CiAKX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18KVmlydHVhbGl6YXRpb24gbWFpbGluZyBsaXN0ClZp cnR1YWxpemF0aW9uQGxpc3RzLmxpbnV4LWZvdW5kYXRpb24ub3JnCmh0dHBzOi8vbGlzdHMubGlu dXhmb3VuZGF0aW9uLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3ZpcnR1YWxpemF0aW9u