Virtualization Archive on lore.kernel.org
 help / color / Atom feed
From: "Adalbert Lazăr" <alazar@bitdefender.com>
To: kvm@vger.kernel.org
Cc: virtualization@lists.linux-foundation.org,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Mihai Donțu" <mdontu@bitdefender.com>,
	"Marian Rotariu" <marian.c.rotariu@gmail.com>,
	"Adalbert Lazăr" <alazar@bitdefender.com>
Subject: [PATCH v9 37/84] KVM: introduce VM introspection
Date: Wed, 22 Jul 2020 00:08:35 +0300
Message-ID: <20200721210922.7646-38-alazar@bitdefender.com> (raw)
In-Reply-To: <20200721210922.7646-1-alazar@bitdefender.com>

From: Mihai Donțu <mdontu@bitdefender.com>

The KVM introspection subsystem provides a facility for applications
to control the execution of any running VMs (pause, resume, shutdown),
query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits
in the shadow page tables and receive notifications when events of interest
have taken place (shadow page table level faults, key MSR writes,
hypercalls etc.). Some notifications can be responded to with an action
(like preventing an MSR from being written), others are mere informative
(like breakpoint events which can be used for execution tracing).

Signed-off-by: Mihai Donțu <mdontu@bitdefender.com>
Co-developed-by: Marian Rotariu <marian.c.rotariu@gmail.com>
Signed-off-by: Marian Rotariu <marian.c.rotariu@gmail.com>
Signed-off-by: Adalbert Lazăr <alazar@bitdefender.com>
---
 Documentation/virt/kvm/kvmi.rst   | 140 ++++++++++++++++++++++++++++++
 arch/x86/kvm/Kconfig              |  13 +++
 arch/x86/kvm/Makefile             |   2 +
 include/linux/kvmi_host.h         |  21 +++++
 virt/kvm/introspection/kvmi.c     |  25 ++++++
 virt/kvm/introspection/kvmi_int.h |   7 ++
 virt/kvm/kvm_main.c               |  15 ++++
 7 files changed, 223 insertions(+)
 create mode 100644 Documentation/virt/kvm/kvmi.rst
 create mode 100644 include/linux/kvmi_host.h
 create mode 100644 virt/kvm/introspection/kvmi.c
 create mode 100644 virt/kvm/introspection/kvmi_int.h

diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
new file mode 100644
index 000000000000..3a1b6c655de7
--- /dev/null
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -0,0 +1,140 @@
+.. SPDX-License-Identifier: GPL-2.0
+
+=========================================================
+KVMI - The kernel virtual machine introspection subsystem
+=========================================================
+
+The KVM introspection subsystem provides a facility for applications running
+on the host or in a separate VM, to control the execution of any running VMs
+(pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.),
+alter the page access bits in the shadow page tables (only for the hardware
+backed ones, eg. Intel's EPT) and receive notifications when events of
+interest have taken place (shadow page table level faults, key MSR writes,
+hypercalls etc.). Some notifications can be responded to with an action
+(like preventing an MSR from being written), others are mere informative
+(like breakpoint events which can be used for execution tracing).
+With few exceptions, all events are optional. An application using this
+subsystem will explicitly register for them.
+
+The use case that gave way for the creation of this subsystem is to monitor
+the guest OS and as such the ABI/API is highly influenced by how the guest
+software (kernel, applications) sees the world. For example, some events
+provide information specific for the host CPU architecture
+(eg. MSR_IA32_SYSENTER_EIP) merely because its leveraged by guest software
+to implement a critical feature (fast system calls).
+
+At the moment, the target audience for KVMI are security software authors
+that wish to perform forensics on newly discovered threats (exploits) or
+to implement another layer of security like preventing a large set of
+kernel rootkits simply by "locking" the kernel image in the shadow page
+tables (ie. enforce .text r-x, .rodata rw- etc.). It's the latter case that
+made KVMI a separate subsystem, even though many of these features are
+available in the device manager (eg. QEMU). The ability to build a security
+application that does not interfere (in terms of performance) with the
+guest software asks for a specialized interface that is designed for minimum
+overhead.
+
+API/ABI
+=======
+
+This chapter describes the VMI interface used to monitor and control local
+guests from a user application.
+
+Overview
+--------
+
+The interface is socket based, one connection for every VM. One end is in the
+host kernel while the other is held by the user application (introspection
+tool).
+
+The initial connection is established by an application running on the host
+(eg. QEMU) that connects to the introspection tool and after a handshake
+the socket is passed to the host kernel making all further communication
+take place between it and the introspection tool.
+
+The socket protocol allows for commands and events to be multiplexed over
+the same connection. As such, it is possible for the introspection tool to
+receive an event while waiting for the result of a command. Also, it can
+send a command while the host kernel is waiting for a reply to an event.
+
+The kernel side of the socket communication is blocking and will wait
+for an answer from its peer indefinitely or until the guest is powered
+off (killed), restarted or the peer goes away, at which point it will
+wake up and properly cleanup as if the introspection subsystem has never
+been used on that guest (if requested). Obviously, whether the guest can
+really continue normal execution depends on whether the introspection
+tool has made any modifications that require an active KVMI channel.
+
+Handshake
+---------
+
+Although this falls out of the scope of the introspection subsystem, below
+is a proposal of a handshake that can be used by implementors.
+
+Based on the system administration policies, the management tool
+(eg. libvirt) starts device managers (eg. QEMU) with some extra arguments:
+what introspection tool could monitor/control that specific guest (and
+how to connect to) and what introspection commands/events are allowed.
+
+The device manager will connect to the introspection tool and wait for a
+cryptographic hash of a cookie that should be known by both peers. If the
+hash is correct (the destination has been "authenticated"), the device
+manager will send another cryptographic hash and random salt. The peer
+recomputes the hash of the cookie bytes including the salt and if they match,
+the device manager has been "authenticated" too. This is a rather crude
+system that makes it difficult for device manager exploits to trick the
+introspection tool into believing its working OK.
+
+The cookie would normally be generated by a management tool (eg. libvirt)
+and make it available to the device manager and to a properly authenticated
+client. It is the job of a third party to retrieve the cookie from the
+management application and pass it over a secure channel to the introspection
+tool.
+
+Once the basic "authentication" has taken place, the introspection tool
+can receive information on the guest (its UUID) and other flags (endianness
+or features supported by the host kernel).
+
+In the end, the device manager will pass the file handle (plus the allowed
+commands/events) to KVM. It will detect when the socket is shutdown
+and it will reinitiate the handshake.
+
+Unhooking
+---------
+
+During a VMI session it is possible for the guest to be patched and for
+some of these patches to "talk" with the introspection tool. It thus
+becomes necessary to remove them before the guest is suspended, moved
+(migrated) or a snapshot with memory is created.
+
+The actions are normally performed by the device manager. In the case
+of QEMU, it will use another ioctl to notify the introspection tool and
+wait for a limited amount of time (a few seconds) for a confirmation that
+is OK to proceed (it is enough for the introspection tool to close
+the connection).
+
+Live migrations
+---------------
+
+Before the live migration takes place, the introspection tool has to be
+notified and have a chance to unhook (see **Unhooking**).
+
+The QEMU instance on the receiving end, if configured for KVMI, will need
+to establish a connection to the introspection tool after the migration
+has been completed.
+
+Obviously, this creates a window in which the guest is not introspected.
+The user has to be aware of this detail. Future introspection technologies
+can choose not to disconnect and instead transfer the necessary context
+to the introspection tool at the migration destination via a separate
+channel.
+
+Memory access safety
+--------------------
+
+The KVMI API gives access to the entire guest physical address space but
+provides no information on which parts of it are system RAM and which are
+device-specific memory (DMA, emulated MMIO, reserved by a passthrough
+device etc.). It is up to the user to determine, using the guest operating
+system data structures, the areas that are safe to access (code, stack, heap
+etc.).
diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
index b277a2db6267..34d0b1bbab95 100644
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@@ -107,4 +107,17 @@ config KVM_MMU_AUDIT
 	 This option adds a R/W kVM module parameter 'mmu_audit', which allows
 	 auditing of KVM MMU events at runtime.
 
+config KVM_INTROSPECTION
+	bool "KVM Introspection"
+	depends on KVM && (KVM_INTEL || KVM_AMD)
+	default n
+	help
+	  Provides the introspection interface, which allows the control
+	  of any running VM. It must be explicitly enabled by setting
+	  the module parameter 'kvm.introspection'.
+
+# OK, it's a little counter-intuitive to do this, but it puts it neatly under
+# the virtualization menu.
+source "drivers/vhost/Kconfig"
+
 endif # VIRTUALIZATION
diff --git a/arch/x86/kvm/Makefile b/arch/x86/kvm/Makefile
index 4a3081e9f4b5..880b028c7f86 100644
--- a/arch/x86/kvm/Makefile
+++ b/arch/x86/kvm/Makefile
@@ -8,10 +8,12 @@ OBJECT_FILES_NON_STANDARD_vmenter.o := y
 endif
 
 KVM := ../../../virt/kvm
+KVMI := $(KVM)/introspection
 
 kvm-y			+= $(KVM)/kvm_main.o $(KVM)/coalesced_mmio.o \
 				$(KVM)/eventfd.o $(KVM)/irqchip.o $(KVM)/vfio.o
 kvm-$(CONFIG_KVM_ASYNC_PF)	+= $(KVM)/async_pf.o
+kvm-$(CONFIG_KVM_INTROSPECTION) += $(KVMI)/kvmi.o
 
 kvm-y			+= x86.o emulate.o i8259.o irq.o lapic.o \
 			   i8254.o ioapic.o irq_comm.o cpuid.o pmu.o mtrr.o \
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
new file mode 100644
index 000000000000..1e0a73c2a190
--- /dev/null
+++ b/include/linux/kvmi_host.h
@@ -0,0 +1,21 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef __KVMI_HOST_H
+#define __KVMI_HOST_H
+
+#ifdef CONFIG_KVM_INTROSPECTION
+
+int kvmi_init(void);
+void kvmi_uninit(void);
+void kvmi_create_vm(struct kvm *kvm);
+void kvmi_destroy_vm(struct kvm *kvm);
+
+#else
+
+static inline int kvmi_init(void) { return 0; }
+static inline void kvmi_uninit(void) { }
+static inline void kvmi_create_vm(struct kvm *kvm) { }
+static inline void kvmi_destroy_vm(struct kvm *kvm) { }
+
+#endif /* CONFIG_KVM_INTROSPECTION */
+
+#endif
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
new file mode 100644
index 000000000000..af53bdcb7ec8
--- /dev/null
+++ b/virt/kvm/introspection/kvmi.c
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * KVM Introspection
+ *
+ * Copyright (C) 2017-2020 Bitdefender S.R.L.
+ *
+ */
+#include "kvmi_int.h"
+
+int kvmi_init(void)
+{
+	return 0;
+}
+
+void kvmi_uninit(void)
+{
+}
+
+void kvmi_create_vm(struct kvm *kvm)
+{
+}
+
+void kvmi_destroy_vm(struct kvm *kvm)
+{
+}
diff --git a/virt/kvm/introspection/kvmi_int.h b/virt/kvm/introspection/kvmi_int.h
new file mode 100644
index 000000000000..34af926f9838
--- /dev/null
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -0,0 +1,7 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __KVMI_INT_H__
+#define __KVMI_INT_H__
+
+#include <linux/kvm_host.h>
+
+#endif
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 8c4bccf33c8c..a2b424fd2efd 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -51,6 +51,7 @@
 #include <linux/io.h>
 #include <linux/lockdep.h>
 #include <linux/kthread.h>
+#include <linux/kvmi_host.h>
 
 #include <asm/processor.h>
 #include <asm/ioctl.h>
@@ -89,6 +90,9 @@ unsigned int halt_poll_ns_shrink;
 module_param(halt_poll_ns_shrink, uint, 0644);
 EXPORT_SYMBOL_GPL(halt_poll_ns_shrink);
 
+static bool enable_introspection;
+module_param_named(introspection, enable_introspection, bool, 0644);
+
 /*
  * Ordering of locks:
  *
@@ -745,6 +749,9 @@ static struct kvm *kvm_create_vm(unsigned long type)
 	if (r)
 		goto out_err;
 
+	if (enable_introspection)
+		kvmi_create_vm(kvm);
+
 	mutex_lock(&kvm_lock);
 	list_add(&kvm->vm_list, &vm_list);
 	mutex_unlock(&kvm_lock);
@@ -797,6 +804,8 @@ static void kvm_destroy_vm(struct kvm *kvm)
 	int i;
 	struct mm_struct *mm = kvm->mm;
 
+	if (enable_introspection)
+		kvmi_destroy_vm(kvm);
 	kvm_uevent_notify_change(KVM_EVENT_DESTROY_VM, kvm);
 	kvm_destroy_vm_debugfs(kvm);
 	kvm_arch_sync_events(kvm);
@@ -4811,6 +4820,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
 	r = kvm_vfio_ops_init();
 	WARN_ON(r);
 
+	if (enable_introspection) {
+		r = kvmi_init();
+		WARN_ON(r);
+	}
+
 	return 0;
 
 out_unreg:
@@ -4835,6 +4849,7 @@ EXPORT_SYMBOL_GPL(kvm_init);
 
 void kvm_exit(void)
 {
+	kvmi_uninit();
 	debugfs_remove_recursive(kvm_debugfs_dir);
 	misc_deregister(&kvm_dev);
 	kmem_cache_destroy(kvm_vcpu_cache);

  parent reply index

Thread overview: 88+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-21 21:07 [PATCH v9 00/84] " Adalbert Lazăr
2020-07-21 21:07 ` [PATCH v9 01/84] signal: export kill_pid_info() Adalbert Lazăr
2020-07-22  6:36   ` Christoph Hellwig
2020-07-21 21:08 ` [PATCH v9 02/84] KVM: UAPI: add error codes used by the VM introspection code Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 03/84] KVM: add kvm_vcpu_kick_and_wait() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 04/84] KVM: add kvm_get_max_gfn() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 05/84] KVM: doc: fix the hypercall numbering Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 06/84] KVM: x86: add kvm_arch_vcpu_get_regs() and kvm_arch_vcpu_get_sregs() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 07/84] KVM: x86: add kvm_arch_vcpu_set_regs() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 08/84] KVM: x86: avoid injecting #PF when emulate the VMCALL instruction Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 09/84] KVM: x86: add .bp_intercepted() to struct kvm_x86_ops Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 10/84] KVM: x86: add .control_cr3_intercept() " Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 11/84] KVM: x86: add .cr3_write_intercepted() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 12/84] KVM: x86: add .desc_ctrl_supported() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 13/84] KVM: svm: add support for descriptor-table exits Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 14/84] KVM: x86: add .control_desc_intercept() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 15/84] KVM: x86: add .desc_intercepted() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 16/84] KVM: x86: export .msr_write_intercepted() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 17/84] KVM: x86: use MSR_TYPE_R, MSR_TYPE_W and MSR_TYPE_RW with AMD Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 18/84] KVM: svm: pass struct kvm_vcpu to set_msr_interception() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 19/84] KVM: vmx: pass struct kvm_vcpu to the intercept msr related functions Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 20/84] KVM: x86: add .control_msr_intercept() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 21/84] KVM: x86: vmx: use a symbolic constant when checking the exit qualifications Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 22/84] KVM: x86: save the error code during EPT/NPF exits handling Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 23/84] KVM: x86: add .fault_gla() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 24/84] KVM: x86: add .spt_fault() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 25/84] KVM: x86: add .gpt_translation_fault() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 26/84] KVM: x86: add .control_singlestep() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 27/84] KVM: x86: export kvm_arch_vcpu_set_guest_debug() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 28/84] KVM: x86: extend kvm_mmu_gva_to_gpa_system() with the 'access' parameter Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 29/84] KVM: x86: export kvm_inject_pending_exception() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 30/84] KVM: x86: export kvm_vcpu_ioctl_x86_get_xsave() Adalbert Lazăr
2020-07-22  1:31   ` kernel test robot
2020-07-21 21:08 ` [PATCH v9 31/84] KVM: x86: export kvm_vcpu_ioctl_x86_set_xsave() Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 32/84] KVM: x86: page track: provide all callbacks with the guest virtual address Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 33/84] KVM: x86: page track: add track_create_slot() callback Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 34/84] KVM: x86: page_track: add support for preread, prewrite and preexec Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 35/84] KVM: x86: wire in the preread/prewrite/preexec page trackers Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 36/84] KVM: x86: disable gpa_available optimization for fetch and page-walk SPT violations Adalbert Lazăr
2020-07-21 21:08 ` Adalbert Lazăr [this message]
2020-07-21 21:08 ` [PATCH v9 38/84] KVM: introspection: add hook/unhook ioctls Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 39/84] KVM: introspection: add permission access ioctls Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 40/84] KVM: introspection: add the read/dispatch message function Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 41/84] KVM: introspection: add KVMI_GET_VERSION Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 42/84] KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 43/84] KVM: introspection: add KVMI_VM_GET_INFO Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 44/84] KVM: introspection: add KVMI_EVENT_UNHOOK Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 45/84] KVM: introspection: add KVMI_VM_CONTROL_EVENTS Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 46/84] KVM: introspection: add KVMI_VM_READ_PHYSICAL/KVMI_VM_WRITE_PHYSICAL Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 47/84] KVM: introspection: add vCPU related data Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 48/84] KVM: introspection: add a jobs list to every introspected vCPU Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 49/84] KVM: introspection: handle vCPU introspection requests Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 50/84] KVM: introspection: handle vCPU commands Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 51/84] KVM: introspection: add KVMI_VCPU_GET_INFO Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 52/84] KVM: introspection: add KVMI_VCPU_PAUSE Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 53/84] KVM: introspection: add KVMI_EVENT_PAUSE_VCPU Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 54/84] KVM: introspection: add the crash action handling on the event reply Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 55/84] KVM: introspection: add KVMI_VCPU_CONTROL_EVENTS Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 56/84] KVM: introspection: add KVMI_VCPU_GET_REGISTERS Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 57/84] KVM: introspection: add KVMI_VCPU_SET_REGISTERS Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 58/84] KVM: introspection: add KVMI_VCPU_GET_CPUID Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 59/84] KVM: introspection: add KVMI_EVENT_HYPERCALL Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 60/84] KVM: introspection: add KVMI_EVENT_BREAKPOINT Adalbert Lazăr
2020-07-21 21:08 ` [PATCH v9 61/84] KVM: introspection: add cleanup support for vCPUs Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 62/84] KVM: introspection: restore the state of #BP interception on unhook Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 63/84] KVM: introspection: add KVMI_VM_CONTROL_CLEANUP Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 64/84] KVM: introspection: add KVMI_VCPU_CONTROL_CR and KVMI_EVENT_CR Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 65/84] KVM: introspection: restore the state of CR3 interception on unhook Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 66/84] KVM: introspection: add KVMI_VCPU_INJECT_EXCEPTION + KVMI_EVENT_TRAP Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 67/84] KVM: introspection: add KVMI_VM_GET_MAX_GFN Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 68/84] KVM: introspection: add KVMI_EVENT_XSETBV Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 69/84] KVM: introspection: add KVMI_VCPU_GET_XCR Adalbert Lazăr
2020-07-22  8:25   ` kernel test robot
2020-07-21 21:09 ` [PATCH v9 70/84] KVM: introspection: add KVMI_VCPU_GET_XSAVE Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 71/84] KVM: introspection: add KVMI_VCPU_SET_XSAVE Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 72/84] KVM: introspection: add KVMI_VCPU_GET_MTRR_TYPE Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 73/84] KVM: introspection: add KVMI_EVENT_DESCRIPTOR Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 74/84] KVM: introspection: restore the state of descriptor-table register interception on unhook Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 75/84] KVM: introspection: add KVMI_VCPU_CONTROL_MSR and KVMI_EVENT_MSR Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 76/84] KVM: introspection: restore the state of MSR interception on unhook Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 77/84] KVM: introspection: add KVMI_VM_SET_PAGE_ACCESS Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 78/84] KVM: introspection: add KVMI_EVENT_PF Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 79/84] KVM: introspection: extend KVMI_GET_VERSION with struct kvmi_features Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 80/84] KVM: introspection: add KVMI_VCPU_CONTROL_SINGLESTEP Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 81/84] KVM: introspection: add KVMI_EVENT_SINGLESTEP Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 82/84] KVM: introspection: add KVMI_VCPU_TRANSLATE_GVA Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 83/84] KVM: introspection: emulate a guest page table walk on SPT violations due to A/D bit updates Adalbert Lazăr
2020-07-21 21:09 ` [PATCH v9 84/84] KVM: x86: call the page tracking code on emulation failure Adalbert Lazăr

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200721210922.7646-38-alazar@bitdefender.com \
    --to=alazar@bitdefender.com \
    --cc=kvm@vger.kernel.org \
    --cc=marian.c.rotariu@gmail.com \
    --cc=mdontu@bitdefender.com \
    --cc=pbonzini@redhat.com \
    --cc=virtualization@lists.linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Virtualization Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/virtualization/0 virtualization/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 virtualization virtualization/ https://lore.kernel.org/virtualization \
		virtualization@lists.linuxfoundation.org virtualization@lists.linux-foundation.org
	public-inbox-index virtualization

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.linuxfoundation.lists.virtualization


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git