kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Mathieu Tarral <mathieu.tarral@protonmail.com>
To: "kvm@vger.kernel.org" <kvm@vger.kernel.org>
Subject: KVM interest in VM introspection
Date: Tue, 15 Oct 2019 12:14:28 +0000	[thread overview]
Message-ID: <byBCKRwxXzjlR_VKlzJct5taU98vNs1H_88eLnU38HPgS96vnoCixR-x7O5WZxpVeB0SHaAD7RzuCxWTkXKgHFcydlmRkSGWSD5CQraK-Pg=@protonmail.com> (raw)

Dear KVM maintainers,

As I'm preparing a talk about the new introspection API proposed by BitDefender,
that you are currently reviewing, I wanted to better understand your opinion and
goals on offering VMI on KVM.

I'm asking you this because today, there is no consensus that hypervisor vendors
should provide this type of API and what benefits they might get.

Looking at the hypervisor support, we have the following situation:
- Xen: upstream since 2011 (and even before)
- KVM: patches under review since 2017
- VirtualBox: unofficial patches available, no interest for integration and
  support by Oracle
- VMware: no public interest
- Hyper-V: no public interest

Therefore I would like to better understand your point of view about this
technology:
- What are the concrete benefits for the KVM community ?
- What are your targeted users or use case ? (enabling OS research, advanced
  debugging, malware analysis, live forensics, OS hardening, cloud monitoring ?)
- What's your vision about this technology, considering that new trends like
  AMD's Secure Encrypted Virtualization and Intel's SGX wants to lock down the
  VM state, even for the hypervisor underneath ?

Note: The title of my talk is "Leveraging KVM as a debugging platform".

I have been working on LibVMI to rewrite the KVM driver[1], and I built a GDB stub
on top of it, improved with introspection capabilities to understand the
execution context.[2]

I'm planning to present a demo of my debugger running on top of KVM, and
debugging user processes.

Note2: I will be at the next KVM Forum, in Lyon, and I would be delighted to
continue our discussions in person !

[1] KVM-VMI:  https://github.com/KVM-VMI/kvm-vmi
[2] pyvmidbg: https://github.com/Wenzel/pyvmidbg


Thanks,
Mathieu Tarral

                 reply	other threads:[~2019-10-15 12:14 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='byBCKRwxXzjlR_VKlzJct5taU98vNs1H_88eLnU38HPgS96vnoCixR-x7O5WZxpVeB0SHaAD7RzuCxWTkXKgHFcydlmRkSGWSD5CQraK-Pg=@protonmail.com' \
    --to=mathieu.tarral@protonmail.com \
    --cc=kvm@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).