[v10,32/81] KVM: introduce VM introspection

Message ID	20201125093600.2766-33-alazar@bitdefender.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@kernel.org> From: =?utf-8?q?Adalbert_Laz=C4=83r?= <alazar@bitdefender.com> To: kvm@vger.kernel.org Cc: virtualization@lists.linux-foundation.org, Paolo Bonzini <pbonzini@redhat.com>, =?utf-8?q?Mihai_Don=C8=9Bu?= <mdontu@bitdefender.com>, Marian Rotariu <marian.c.rotariu@gmail.com>, =?utf-8?q?Adalbert_Laz=C4=83r?= <alazar@bitdefender.com> Subject: [PATCH v10 32/81] KVM: introduce VM introspection Date: Wed, 25 Nov 2020 11:35:11 +0200 Message-Id: <20201125093600.2766-33-alazar@bitdefender.com> In-Reply-To: <20201125093600.2766-1-alazar@bitdefender.com> References: <20201125093600.2766-1-alazar@bitdefender.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	VM introspection \| expand [v10,00/81] VM introspection [v10,01/81] KVM: UAPI: add error codes used by the VM introspection code [v10,02/81] KVM: add kvm_vcpu_kick_and_wait() [v10,03/81] KVM: add kvm_get_max_gfn() [v10,04/81] KVM: doc: fix the hypercalls numbering [v10,05/81] KVM: x86: add kvm_arch_vcpu_get_regs() and kvm_arch_vcpu_get_sregs() [v10,06/81] KVM: x86: add kvm_arch_vcpu_set_regs() [v10,07/81] KVM: x86: avoid injecting #PF when emulate the VMCALL instruction [v10,08/81] KVM: x86: add kvm_x86_ops.bp_intercepted() [v10,09/81] KVM: x86: add kvm_x86_ops.control_cr3_intercept() [v10,10/81] KVM: x86: add kvm_x86_ops.cr3_write_intercepted() [v10,11/81] KVM: x86: add kvm_x86_ops.desc_ctrl_supported() [v10,12/81] KVM: svm: add support for descriptor-table VM-exits [v10,13/81] KVM: x86: add kvm_x86_ops.control_desc_intercept() [v10,14/81] KVM: x86: add kvm_x86_ops.desc_intercepted() [v10,15/81] KVM: x86: add kvm_x86_ops.msr_write_intercepted() [v10,16/81] KVM: x86: svm: use the vmx convention to control the MSR interception [v10,17/81] KVM: x86: add kvm_x86_ops.control_msr_intercept() [v10,18/81] KVM: x86: vmx: use a symbolic constant when checking the exit qualifications [v10,19/81] KVM: x86: save the error code during EPT/NPF exits handling [v10,20/81] KVM: x86: add kvm_x86_ops.fault_gla() [v10,21/81] KVM: x86: add kvm_x86_ops.control_singlestep() [v10,22/81] KVM: x86: export kvm_arch_vcpu_set_guest_debug() [v10,23/81] KVM: x86: extend kvm_mmu_gva_to_gpa_system() with the 'access' parameter [v10,24/81] KVM: x86: export kvm_inject_pending_exception() [v10,25/81] KVM: x86: export kvm_vcpu_ioctl_x86_get_xsave() [v10,26/81] KVM: x86: export kvm_vcpu_ioctl_x86_set_xsave() [v10,27/81] KVM: x86: page track: provide all callbacks with the guest virtual address [v10,28/81] KVM: x86: page track: add track_create_slot() callback [v10,29/81] KVM: x86: page_track: add support for preread, prewrite and preexec [v10,30/81] KVM: x86: wire in the preread/prewrite/preexec page trackers [v10,31/81] KVM: x86: disable gpa_available optimization for fetch and page-walk SPT violations [v10,32/81] KVM: introduce VM introspection [v10,33/81] KVM: introspection: add hook/unhook ioctls [v10,34/81] KVM: introspection: add permission access ioctls [v10,35/81] KVM: introspection: add the read/dispatch message function [v10,36/81] KVM: introspection: add KVMI_GET_VERSION [v10,37/81] KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT [v10,38/81] KVM: introspection: add KVMI_VM_GET_INFO [v10,39/81] KVM: introspection: add KVM_INTROSPECTION_PREUNHOOK [v10,40/81] KVM: introspection: add KVMI_VM_EVENT_UNHOOK [v10,41/81] KVM: introspection: add KVMI_VM_CONTROL_EVENTS [v10,42/81] KVM: introspection: add KVMI_VM_READ_PHYSICAL/KVMI_VM_WRITE_PHYSICAL [v10,43/81] KVM: introspection: add vCPU related data [v10,44/81] KVM: introspection: add a jobs list to every introspected vCPU [v10,45/81] KVM: introspection: handle vCPU introspection requests [v10,46/81] KVM: introspection: handle vCPU commands [v10,47/81] KVM: introspection: add KVMI_VCPU_GET_INFO [v10,48/81] KVM: introspection: add KVMI_VM_PAUSE_VCPU [v10,49/81] KVM: introspection: add support for vCPU events [v10,50/81] KVM: introspection: add KVMI_VCPU_EVENT_PAUSE [v10,51/81] KVM: introspection: add the crash action handling on the event reply [v10,52/81] KVM: introspection: add KVMI_VCPU_CONTROL_EVENTS [v10,53/81] KVM: introspection: add KVMI_VCPU_GET_REGISTERS [v10,54/81] KVM: introspection: add KVMI_VCPU_SET_REGISTERS [v10,55/81] KVM: introspection: add KVMI_VCPU_GET_CPUID [v10,56/81] KVM: introspection: add KVMI_VCPU_EVENT_HYPERCALL [v10,57/81] KVM: introspection: add KVMI_VCPU_EVENT_BREAKPOINT [v10,58/81] KVM: introspection: add cleanup support for vCPUs [v10,59/81] KVM: introspection: restore the state of #BP interception on unhook [v10,60/81] KVM: introspection: add KVMI_VM_CONTROL_CLEANUP [v10,61/81] KVM: introspection: add KVMI_VCPU_CONTROL_CR and KVMI_VCPU_EVENT_CR [v10,62/81] KVM: introspection: restore the state of CR3 interception on unhook [v10,63/81] KVM: introspection: add KVMI_VCPU_INJECT_EXCEPTION + KVMI_VCPU_EVENT_TRAP [v10,64/81] KVM: introspection: add KVMI_VM_GET_MAX_GFN [v10,65/81] KVM: introspection: add KVMI_VCPU_EVENT_XSETBV [v10,66/81] KVM: introspection: add KVMI_VCPU_GET_XCR [v10,67/81] KVM: introspection: add KVMI_VCPU_GET_XSAVE [v10,68/81] KVM: introspection: add KVMI_VCPU_SET_XSAVE [v10,69/81] KVM: introspection: add KVMI_VCPU_GET_MTRR_TYPE [v10,70/81] KVM: introspection: add KVMI_VCPU_EVENT_DESCRIPTOR [v10,71/81] KVM: introspection: restore the state of descriptor-table register interception on unho… [v10,72/81] KVM: introspection: add KVMI_VCPU_CONTROL_MSR and KVMI_VCPU_EVENT_MSR [v10,73/81] KVM: introspection: restore the state of MSR interception on unhook [v10,74/81] KVM: introspection: add KVMI_VM_SET_PAGE_ACCESS [v10,75/81] KVM: introspection: add KVMI_VCPU_EVENT_PF [v10,76/81] KVM: introspection: extend KVMI_GET_VERSION with struct kvmi_features [v10,77/81] KVM: introspection: add KVMI_VCPU_CONTROL_SINGLESTEP [v10,78/81] KVM: introspection: add KVMI_VCPU_EVENT_SINGLESTEP [v10,79/81] KVM: introspection: add KVMI_VCPU_TRANSLATE_GVA [v10,80/81] KVM: introspection: emulate a guest page table walk on SPT violations due to A/D bit up… [v10,81/81] KVM: x86: call the page tracking code on emulation failure

Message ID

20201125093600.2766-33-alazar@bitdefender.com (mailing list archive)

State

New, archived

Headers

From: =?utf-8?q?Adalbert_Laz=C4=83r?= <alazar@bitdefender.com>
To: kvm@vger.kernel.org
Cc: virtualization@lists.linux-foundation.org,
 Paolo Bonzini <pbonzini@redhat.com>,
 =?utf-8?q?Mihai_Don=C8=9Bu?= <mdontu@bitdefender.com>,
 Marian Rotariu <marian.c.rotariu@gmail.com>,
 =?utf-8?q?Adalbert_Laz=C4=83r?= <alazar@bitdefender.com>
Subject: [PATCH v10 32/81] KVM: introduce VM introspection
Date: Wed, 25 Nov 2020 11:35:11 +0200
Message-Id: <20201125093600.2766-33-alazar@bitdefender.com>
In-Reply-To: <20201125093600.2766-1-alazar@bitdefender.com>
References: <20201125093600.2766-1-alazar@bitdefender.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

VM introspection | expand

Commit Message

Adalbert Lazăr Nov. 25, 2020, 9:35 a.m. UTC

From: Mihai Donțu <mdontu@bitdefender.com>

The KVM introspection subsystem provides a facility for applications
to control the execution of any running VMs (pause, resume, shutdown),
query the state of the vCPUs (GPRs, MSRs etc.), alter the page access bits
in the shadow page tables and receive notifications when events of interest
have taken place (shadow page table level faults, key MSR writes,
hypercalls etc.). Some notifications can be responded to with an action
(like preventing an MSR from being written), others are mere informative
(like breakpoint events which can be used for execution tracing).

Signed-off-by: Mihai Donțu <mdontu@bitdefender.com>
Co-developed-by: Marian Rotariu <marian.c.rotariu@gmail.com>
Signed-off-by: Marian Rotariu <marian.c.rotariu@gmail.com>
Signed-off-by: Adalbert Lazăr <alazar@bitdefender.com>
---
 Documentation/virt/kvm/kvmi.rst   | 139 ++++++++++++++++++++++++++++++
 arch/x86/include/asm/kvm_host.h   |   2 +
 arch/x86/kvm/Kconfig              |   9 ++
 arch/x86/kvm/Makefile             |   2 +
 arch/x86/kvm/x86.c                |   3 +
 include/linux/kvmi_host.h         |  21 +++++
 virt/kvm/introspection/kvmi.c     |  25 ++++++
 virt/kvm/introspection/kvmi_int.h |   7 ++
 virt/kvm/kvm_main.c               |  12 +++
 9 files changed, 220 insertions(+)
 create mode 100644 Documentation/virt/kvm/kvmi.rst
 create mode 100644 include/linux/kvmi_host.h
 create mode 100644 virt/kvm/introspection/kvmi.c
 create mode 100644 virt/kvm/introspection/kvmi_int.h

Comments

kernel test robot Nov. 25, 2020, 12:45 p.m. UTC | #1

Hi "Adalbert,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on dc924b062488a0376aae41d3e0a27dc99f852a5e]

url:    https://github.com/0day-ci/linux/commits/Adalbert-Laz-r/VM-introspection/20201125-174530
base:    dc924b062488a0376aae41d3e0a27dc99f852a5e
config: mips-malta_kvm_defconfig (attached as .config)
compiler: mipsel-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/6ffa5da71155bd0bed0d68c52af248bda256d0f2
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Adalbert-Laz-r/VM-introspection/20201125-174530
        git checkout 6ffa5da71155bd0bed0d68c52af248bda256d0f2
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=mips 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   In file included from arch/mips/kvm/../../../virt/kvm/kvm_main.c:18:
   include/linux/kvm_host.h:925:14: warning: 'struct kvm_xsave' declared inside parameter list will not be visible outside of this definition or declaration
     925 |       struct kvm_xsave *guest_xsave);
         |              ^~~~~~~~~
   include/linux/kvm_host.h:927:13: warning: 'struct kvm_xsave' declared inside parameter list will not be visible outside of this definition or declaration
     927 |      struct kvm_xsave *guest_xsave);
         |             ^~~~~~~~~
   arch/mips/kvm/../../../virt/kvm/kvm_main.c: In function 'kvm_create_vm':
>> arch/mips/kvm/../../../virt/kvm/kvm_main.c:806:6: error: 'enable_introspection' undeclared (first use in this function)
     806 |  if (enable_introspection)
         |      ^~~~~~~~~~~~~~~~~~~~
   arch/mips/kvm/../../../virt/kvm/kvm_main.c:806:6: note: each undeclared identifier is reported only once for each function it appears in
   arch/mips/kvm/../../../virt/kvm/kvm_main.c: In function 'kvm_destroy_vm':
   arch/mips/kvm/../../../virt/kvm/kvm_main.c:861:6: error: 'enable_introspection' undeclared (first use in this function)
     861 |  if (enable_introspection)
         |      ^~~~~~~~~~~~~~~~~~~~
   arch/mips/kvm/../../../virt/kvm/kvm_main.c: In function 'kvm_init':
   arch/mips/kvm/../../../virt/kvm/kvm_main.c:5012:6: error: 'enable_introspection' undeclared (first use in this function)
    5012 |  if (enable_introspection) {
         |      ^~~~~~~~~~~~~~~~~~~~

vim +/enable_introspection +806 arch/mips/kvm/../../../virt/kvm/kvm_main.c

   797	
   798		r = kvm_init_mmu_notifier(kvm);
   799		if (r)
   800			goto out_err_no_mmu_notifier;
   801	
   802		r = kvm_arch_post_init_vm(kvm);
   803		if (r)
   804			goto out_err;
   805	
 > 806		if (enable_introspection)
   807			kvmi_create_vm(kvm);
   808	
   809		mutex_lock(&kvm_lock);
   810		list_add(&kvm->vm_list, &vm_list);
   811		mutex_unlock(&kvm_lock);
   812	
   813		preempt_notifier_inc();
   814	
   815		return kvm;
   816	
   817	out_err:
   818	#if defined(CONFIG_MMU_NOTIFIER) && defined(KVM_ARCH_WANT_MMU_NOTIFIER)
   819		if (kvm->mmu_notifier.ops)
   820			mmu_notifier_unregister(&kvm->mmu_notifier, current->mm);
   821	#endif
   822	out_err_no_mmu_notifier:
   823		hardware_disable_all();
   824	out_err_no_disable:
   825		kvm_arch_destroy_vm(kvm);
   826	out_err_no_arch_destroy_vm:
   827		WARN_ON_ONCE(!refcount_dec_and_test(&kvm->users_count));
   828		for (i = 0; i < KVM_NR_BUSES; i++)
   829			kfree(kvm_get_bus(kvm, i));
   830		for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++)
   831			kvm_free_memslots(kvm, __kvm_memslots(kvm, i));
   832		cleanup_srcu_struct(&kvm->irq_srcu);
   833	out_err_no_irq_srcu:
   834		cleanup_srcu_struct(&kvm->srcu);
   835	out_err_no_srcu:
   836		kvm_arch_free_vm(kvm);
   837		mmdrop(current->mm);
   838		return ERR_PTR(r);
   839	}
   840	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

kernel test robot Nov. 25, 2020, 1:41 p.m. UTC | #2

Hi "Adalbert,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on dc924b062488a0376aae41d3e0a27dc99f852a5e]

url:    https://github.com/0day-ci/linux/commits/Adalbert-Laz-r/VM-introspection/20201125-174530
base:    dc924b062488a0376aae41d3e0a27dc99f852a5e
config: powerpc64-randconfig-r006-20201125 (attached as .config)
compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project 77e98eaee2e8d4b9b297b66fda5b1e51e2a69999)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install powerpc64 cross compiling tool for clang build
        # apt-get install binutils-powerpc64-linux-gnu
        # https://github.com/0day-ci/linux/commit/6ffa5da71155bd0bed0d68c52af248bda256d0f2
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Adalbert-Laz-r/VM-introspection/20201125-174530
        git checkout 6ffa5da71155bd0bed0d68c52af248bda256d0f2
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=powerpc64 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   In file included from include/linux/hardirq.h:10:
   In file included from arch/powerpc/include/asm/hardirq.h:6:
   In file included from include/linux/irq.h:20:
   In file included from include/linux/io.h:13:
   In file included from arch/powerpc/include/asm/io.h:604:
   arch/powerpc/include/asm/io-defs.h:45:1: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
   DEF_PCI_AC_NORET(insw, (unsigned long p, void *b, unsigned long c),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   arch/powerpc/include/asm/io.h:601:3: note: expanded from macro 'DEF_PCI_AC_NORET'
                   __do_##name al;                                 \
                   ^~~~~~~~~~~~~~
   <scratch space>:45:1: note: expanded from here
   __do_insw
   ^
   arch/powerpc/include/asm/io.h:542:56: note: expanded from macro '__do_insw'
   #define __do_insw(p, b, n)      readsw((PCI_IO_ADDR)_IO_BASE+(p), (b), (n))
                                          ~~~~~~~~~~~~~~~~~~~~~^
   In file included from arch/powerpc/kvm/../../../virt/kvm/kvm_main.c:18:
   In file included from include/linux/kvm_host.h:7:
   In file included from include/linux/hardirq.h:10:
   In file included from arch/powerpc/include/asm/hardirq.h:6:
   In file included from include/linux/irq.h:20:
   In file included from include/linux/io.h:13:
   In file included from arch/powerpc/include/asm/io.h:604:
   arch/powerpc/include/asm/io-defs.h:47:1: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
   DEF_PCI_AC_NORET(insl, (unsigned long p, void *b, unsigned long c),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   arch/powerpc/include/asm/io.h:601:3: note: expanded from macro 'DEF_PCI_AC_NORET'
                   __do_##name al;                                 \
                   ^~~~~~~~~~~~~~
   <scratch space>:47:1: note: expanded from here
   __do_insl
   ^
   arch/powerpc/include/asm/io.h:543:56: note: expanded from macro '__do_insl'
   #define __do_insl(p, b, n)      readsl((PCI_IO_ADDR)_IO_BASE+(p), (b), (n))
                                          ~~~~~~~~~~~~~~~~~~~~~^
   In file included from arch/powerpc/kvm/../../../virt/kvm/kvm_main.c:18:
   In file included from include/linux/kvm_host.h:7:
   In file included from include/linux/hardirq.h:10:
   In file included from arch/powerpc/include/asm/hardirq.h:6:
   In file included from include/linux/irq.h:20:
   In file included from include/linux/io.h:13:
   In file included from arch/powerpc/include/asm/io.h:604:
   arch/powerpc/include/asm/io-defs.h:49:1: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
   DEF_PCI_AC_NORET(outsb, (unsigned long p, const void *b, unsigned long c),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   arch/powerpc/include/asm/io.h:601:3: note: expanded from macro 'DEF_PCI_AC_NORET'
                   __do_##name al;                                 \
                   ^~~~~~~~~~~~~~
   <scratch space>:49:1: note: expanded from here
   __do_outsb
   ^
   arch/powerpc/include/asm/io.h:544:58: note: expanded from macro '__do_outsb'
   #define __do_outsb(p, b, n)     writesb((PCI_IO_ADDR)_IO_BASE+(p),(b),(n))
                                           ~~~~~~~~~~~~~~~~~~~~~^
   In file included from arch/powerpc/kvm/../../../virt/kvm/kvm_main.c:18:
   In file included from include/linux/kvm_host.h:7:
   In file included from include/linux/hardirq.h:10:
   In file included from arch/powerpc/include/asm/hardirq.h:6:
   In file included from include/linux/irq.h:20:
   In file included from include/linux/io.h:13:
   In file included from arch/powerpc/include/asm/io.h:604:
   arch/powerpc/include/asm/io-defs.h:51:1: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
   DEF_PCI_AC_NORET(outsw, (unsigned long p, const void *b, unsigned long c),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   arch/powerpc/include/asm/io.h:601:3: note: expanded from macro 'DEF_PCI_AC_NORET'
                   __do_##name al;                                 \
                   ^~~~~~~~~~~~~~
   <scratch space>:51:1: note: expanded from here
   __do_outsw
   ^
   arch/powerpc/include/asm/io.h:545:58: note: expanded from macro '__do_outsw'
   #define __do_outsw(p, b, n)     writesw((PCI_IO_ADDR)_IO_BASE+(p),(b),(n))
                                           ~~~~~~~~~~~~~~~~~~~~~^
   In file included from arch/powerpc/kvm/../../../virt/kvm/kvm_main.c:18:
   In file included from include/linux/kvm_host.h:7:
   In file included from include/linux/hardirq.h:10:
   In file included from arch/powerpc/include/asm/hardirq.h:6:
   In file included from include/linux/irq.h:20:
   In file included from include/linux/io.h:13:
   In file included from arch/powerpc/include/asm/io.h:604:
   arch/powerpc/include/asm/io-defs.h:53:1: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
   DEF_PCI_AC_NORET(outsl, (unsigned long p, const void *b, unsigned long c),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   arch/powerpc/include/asm/io.h:601:3: note: expanded from macro 'DEF_PCI_AC_NORET'
                   __do_##name al;                                 \
                   ^~~~~~~~~~~~~~
   <scratch space>:53:1: note: expanded from here
   __do_outsl
   ^
   arch/powerpc/include/asm/io.h:546:58: note: expanded from macro '__do_outsl'
   #define __do_outsl(p, b, n)     writesl((PCI_IO_ADDR)_IO_BASE+(p),(b),(n))
                                           ~~~~~~~~~~~~~~~~~~~~~^
   In file included from arch/powerpc/kvm/../../../virt/kvm/kvm_main.c:18:
   include/linux/kvm_host.h:925:14: warning: declaration of 'struct kvm_xsave' will not be visible outside of this function [-Wvisibility]
                                     struct kvm_xsave *guest_xsave);
                                            ^
   include/linux/kvm_host.h:927:13: warning: declaration of 'struct kvm_xsave' will not be visible outside of this function [-Wvisibility]
                                    struct kvm_xsave *guest_xsave);
                                           ^
>> arch/powerpc/kvm/../../../virt/kvm/kvm_main.c:806:6: error: use of undeclared identifier 'enable_introspection'
           if (enable_introspection)
               ^
   arch/powerpc/kvm/../../../virt/kvm/kvm_main.c:861:6: error: use of undeclared identifier 'enable_introspection'
           if (enable_introspection)
               ^
   arch/powerpc/kvm/../../../virt/kvm/kvm_main.c:5012:6: error: use of undeclared identifier 'enable_introspection'
           if (enable_introspection) {
               ^
   14 warnings and 3 errors generated.

vim +/enable_introspection +806 arch/powerpc/kvm/../../../virt/kvm/kvm_main.c

   797	
   798		r = kvm_init_mmu_notifier(kvm);
   799		if (r)
   800			goto out_err_no_mmu_notifier;
   801	
   802		r = kvm_arch_post_init_vm(kvm);
   803		if (r)
   804			goto out_err;
   805	
 > 806		if (enable_introspection)
   807			kvmi_create_vm(kvm);
   808	
   809		mutex_lock(&kvm_lock);
   810		list_add(&kvm->vm_list, &vm_list);
   811		mutex_unlock(&kvm_lock);
   812	
   813		preempt_notifier_inc();
   814	
   815		return kvm;
   816	
   817	out_err:
   818	#if defined(CONFIG_MMU_NOTIFIER) && defined(KVM_ARCH_WANT_MMU_NOTIFIER)
   819		if (kvm->mmu_notifier.ops)
   820			mmu_notifier_unregister(&kvm->mmu_notifier, current->mm);
   821	#endif
   822	out_err_no_mmu_notifier:
   823		hardware_disable_all();
   824	out_err_no_disable:
   825		kvm_arch_destroy_vm(kvm);
   826	out_err_no_arch_destroy_vm:
   827		WARN_ON_ONCE(!refcount_dec_and_test(&kvm->users_count));
   828		for (i = 0; i < KVM_NR_BUSES; i++)
   829			kfree(kvm_get_bus(kvm, i));
   830		for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++)
   831			kvm_free_memslots(kvm, __kvm_memslots(kvm, i));
   832		cleanup_srcu_struct(&kvm->irq_srcu);
   833	out_err_no_irq_srcu:
   834		cleanup_srcu_struct(&kvm->srcu);
   835	out_err_no_srcu:
   836		kvm_arch_free_vm(kvm);
   837		mmdrop(current->mm);
   838		return ERR_PTR(r);
   839	}
   840	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

kernel test robot Nov. 25, 2020, 4:24 p.m. UTC | #3

Hi "Adalbert,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on dc924b062488a0376aae41d3e0a27dc99f852a5e]

url:    https://github.com/0day-ci/linux/commits/Adalbert-Laz-r/VM-introspection/20201125-174530
base:    dc924b062488a0376aae41d3e0a27dc99f852a5e
config: s390-randconfig-r005-20201125 (attached as .config)
compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project 77e98eaee2e8d4b9b297b66fda5b1e51e2a69999)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install s390 cross compiling tool for clang build
        # apt-get install binutils-s390x-linux-gnu
        # https://github.com/0day-ci/linux/commit/6ffa5da71155bd0bed0d68c52af248bda256d0f2
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Adalbert-Laz-r/VM-introspection/20201125-174530
        git checkout 6ffa5da71155bd0bed0d68c52af248bda256d0f2
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=s390 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
                                                           ~~~~~~~~~~ ^
   include/uapi/linux/byteorder/big_endian.h:34:59: note: expanded from macro '__le32_to_cpu'
   #define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
                                                             ^
   include/uapi/linux/swab.h:119:21: note: expanded from macro '__swab32'
           ___constant_swab32(x) :                 \
                              ^
   include/uapi/linux/swab.h:21:12: note: expanded from macro '___constant_swab32'
           (((__u32)(x) & (__u32)0x00ff0000UL) >>  8) |            \
                     ^
   In file included from arch/s390/kvm/../../../virt/kvm/kvm_main.c:18:
   In file included from include/linux/kvm_host.h:32:
   In file included from include/linux/kvm_para.h:5:
   In file included from include/uapi/linux/kvm_para.h:40:
   In file included from arch/s390/include/asm/kvm_para.h:25:
   In file included from arch/s390/include/asm/diag.h:12:
   In file included from include/linux/if_ether.h:19:
   In file included from include/linux/skbuff.h:31:
   In file included from include/linux/dma-mapping.h:10:
   In file included from include/linux/scatterlist.h:9:
   In file included from arch/s390/include/asm/io.h:80:
   include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
                                                           ~~~~~~~~~~ ^
   include/uapi/linux/byteorder/big_endian.h:34:59: note: expanded from macro '__le32_to_cpu'
   #define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
                                                             ^
   include/uapi/linux/swab.h:119:21: note: expanded from macro '__swab32'
           ___constant_swab32(x) :                 \
                              ^
   include/uapi/linux/swab.h:22:12: note: expanded from macro '___constant_swab32'
           (((__u32)(x) & (__u32)0xff000000UL) >> 24)))
                     ^
   In file included from arch/s390/kvm/../../../virt/kvm/kvm_main.c:18:
   In file included from include/linux/kvm_host.h:32:
   In file included from include/linux/kvm_para.h:5:
   In file included from include/uapi/linux/kvm_para.h:40:
   In file included from arch/s390/include/asm/kvm_para.h:25:
   In file included from arch/s390/include/asm/diag.h:12:
   In file included from include/linux/if_ether.h:19:
   In file included from include/linux/skbuff.h:31:
   In file included from include/linux/dma-mapping.h:10:
   In file included from include/linux/scatterlist.h:9:
   In file included from arch/s390/include/asm/io.h:80:
   include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
                                                           ~~~~~~~~~~ ^
   include/uapi/linux/byteorder/big_endian.h:34:59: note: expanded from macro '__le32_to_cpu'
   #define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
                                                             ^
   include/uapi/linux/swab.h:120:12: note: expanded from macro '__swab32'
           __fswab32(x))
                     ^
   In file included from arch/s390/kvm/../../../virt/kvm/kvm_main.c:18:
   In file included from include/linux/kvm_host.h:32:
   In file included from include/linux/kvm_para.h:5:
   In file included from include/uapi/linux/kvm_para.h:40:
   In file included from arch/s390/include/asm/kvm_para.h:25:
   In file included from arch/s390/include/asm/diag.h:12:
   In file included from include/linux/if_ether.h:19:
   In file included from include/linux/skbuff.h:31:
   In file included from include/linux/dma-mapping.h:10:
   In file included from include/linux/scatterlist.h:9:
   In file included from arch/s390/include/asm/io.h:80:
   include/asm-generic/io.h:501:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           __raw_writeb(value, PCI_IOBASE + addr);
                               ~~~~~~~~~~ ^
   include/asm-generic/io.h:511:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           __raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
                                                         ~~~~~~~~~~ ^
   include/asm-generic/io.h:521:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           __raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
                                                         ~~~~~~~~~~ ^
   include/asm-generic/io.h:609:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           readsb(PCI_IOBASE + addr, buffer, count);
                  ~~~~~~~~~~ ^
   include/asm-generic/io.h:617:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           readsw(PCI_IOBASE + addr, buffer, count);
                  ~~~~~~~~~~ ^
   include/asm-generic/io.h:625:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           readsl(PCI_IOBASE + addr, buffer, count);
                  ~~~~~~~~~~ ^
   include/asm-generic/io.h:634:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           writesb(PCI_IOBASE + addr, buffer, count);
                   ~~~~~~~~~~ ^
   include/asm-generic/io.h:643:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           writesw(PCI_IOBASE + addr, buffer, count);
                   ~~~~~~~~~~ ^
   include/asm-generic/io.h:652:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
           writesl(PCI_IOBASE + addr, buffer, count);
                   ~~~~~~~~~~ ^
   In file included from arch/s390/kvm/../../../virt/kvm/kvm_main.c:18:
   include/linux/kvm_host.h:925:14: warning: declaration of 'struct kvm_xsave' will not be visible outside of this function [-Wvisibility]
                                     struct kvm_xsave *guest_xsave);
                                            ^
   include/linux/kvm_host.h:927:13: warning: declaration of 'struct kvm_xsave' will not be visible outside of this function [-Wvisibility]
                                    struct kvm_xsave *guest_xsave);
                                           ^
>> arch/s390/kvm/../../../virt/kvm/kvm_main.c:806:6: error: use of undeclared identifier 'enable_introspection'
           if (enable_introspection)
               ^
   arch/s390/kvm/../../../virt/kvm/kvm_main.c:861:6: error: use of undeclared identifier 'enable_introspection'
           if (enable_introspection)
               ^
   arch/s390/kvm/../../../virt/kvm/kvm_main.c:5012:6: error: use of undeclared identifier 'enable_introspection'
           if (enable_introspection) {
               ^
   22 warnings and 3 errors generated.

vim +/enable_introspection +806 arch/s390/kvm/../../../virt/kvm/kvm_main.c

   797	
   798		r = kvm_init_mmu_notifier(kvm);
   799		if (r)
   800			goto out_err_no_mmu_notifier;
   801	
   802		r = kvm_arch_post_init_vm(kvm);
   803		if (r)
   804			goto out_err;
   805	
 > 806		if (enable_introspection)
   807			kvmi_create_vm(kvm);
   808	
   809		mutex_lock(&kvm_lock);
   810		list_add(&kvm->vm_list, &vm_list);
   811		mutex_unlock(&kvm_lock);
   812	
   813		preempt_notifier_inc();
   814	
   815		return kvm;
   816	
   817	out_err:
   818	#if defined(CONFIG_MMU_NOTIFIER) && defined(KVM_ARCH_WANT_MMU_NOTIFIER)
   819		if (kvm->mmu_notifier.ops)
   820			mmu_notifier_unregister(&kvm->mmu_notifier, current->mm);
   821	#endif
   822	out_err_no_mmu_notifier:
   823		hardware_disable_all();
   824	out_err_no_disable:
   825		kvm_arch_destroy_vm(kvm);
   826	out_err_no_arch_destroy_vm:
   827		WARN_ON_ONCE(!refcount_dec_and_test(&kvm->users_count));
   828		for (i = 0; i < KVM_NR_BUSES; i++)
   829			kfree(kvm_get_bus(kvm, i));
   830		for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++)
   831			kvm_free_memslots(kvm, __kvm_memslots(kvm, i));
   832		cleanup_srcu_struct(&kvm->irq_srcu);
   833	out_err_no_irq_srcu:
   834		cleanup_srcu_struct(&kvm->srcu);
   835	out_err_no_srcu:
   836		kvm_arch_free_vm(kvm);
   837		mmdrop(current->mm);
   838		return ERR_PTR(r);
   839	}
   840	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst
new file mode 100644
index 000000000000..59cc33a39f9f
--- /dev/null
+++ b/Documentation/virt/kvm/kvmi.rst
@@ -0,0 +1,139 @@ 
+.. SPDX-License-Identifier: GPL-2.0
+
+=========================================================
+KVMI - The kernel virtual machine introspection subsystem
+=========================================================
+
+The KVM introspection subsystem provides a facility for applications running
+on the host or in a separate VM, to control the execution of any running VMs
+(pause, resume, shutdown), query the state of the vCPUs (GPRs, MSRs etc.),
+alter the page access bits in the shadow page tables (only for the hardware
+backed ones, eg. Intel's EPT) and receive notifications when events of
+interest have taken place (shadow page table level faults, key MSR writes,
+hypercalls etc.). Some notifications can be responded to with an action
+(like preventing an MSR from being written), others are mere informative
+(like breakpoint events which can be used for execution tracing).
+With few exceptions, all events are optional. An application using this
+subsystem will explicitly register for them.
+
+The use case that gave way for the creation of this subsystem is to monitor
+the guest OS and as such the ABI/API is highly influenced by how the guest
+software (kernel, applications) sees the world. For example, some events
+provide information specific for the host CPU architecture
+(eg. MSR_IA32_SYSENTER_EIP) merely because its leveraged by guest software
+to implement a critical feature (fast system calls).
+
+At the moment, the target audience for KVMI are security software authors
+that wish to perform forensics on newly discovered threats (exploits) or
+to implement another layer of security like preventing a large set of
+kernel rootkits simply by "locking" the kernel image in the shadow page
+tables (ie. enforce .text r-x, .rodata rw- etc.). It's the latter case that
+made KVMI a separate subsystem, even though many of these features are
+available in the device manager (eg. QEMU). The ability to build a security
+application that does not interfere (in terms of performance) with the
+guest software asks for a specialized interface that is designed for minimum
+overhead.
+
+API/ABI
+=======
+
+This chapter describes the VMI interface used to monitor and control local
+guests from a user application.
+
+Overview
+--------
+
+The interface is socket based, one connection for every VM. One end is in the
+host kernel while the other is held by the user application (introspection
+tool).
+
+The initial connection is established by an application running on the
+host (eg. QEMU) that connects to the introspection tool and after a
+handshake the file descriptor is passed to the host kernel making all
+further communication take place between it and the introspection tool.
+
+The socket protocol allows for commands and events to be multiplexed over
+the same connection. As such, it is possible for the introspection tool to
+receive an event while waiting for the result of a command. Also, it can
+send a command while the host kernel is waiting for a reply to an event.
+
+The kernel side of the socket communication is blocking and will wait
+for an answer from its peer indefinitely or until the guest is powered
+off (killed), restarted or the peer goes away, at which point it will
+wake up and properly cleanup as if the introspection subsystem has never
+been used on that guest (if requested). Obviously, whether the guest can
+really continue normal execution depends on whether the introspection
+tool has made any modifications that require an active KVMI channel.
+
+Handshake
+---------
+
+Although this falls out of the scope of the introspection subsystem, below
+is a proposal of a handshake that can be used by implementors.
+
+Based on the system administration policies, the management tool
+(eg. libvirt) starts device managers (eg. QEMU) with some extra arguments:
+what introspection tool could monitor/control that specific guest (and
+how to connect to) and what introspection commands/events are allowed.
+
+The device manager will connect to the introspection tool and wait for a
+cryptographic hash of a cookie that should be known by both peers. If the
+hash is correct (the destination has been "authenticated"), the device
+manager will send another cryptographic hash and random salt. The peer
+recomputes the hash of the cookie bytes including the salt and if they match,
+the device manager has been "authenticated" too. This is a rather crude
+system that makes it difficult for device manager exploits to trick the
+introspection tool into believing its working OK.
+
+The cookie would normally be generated by a management tool (eg. libvirt)
+and make it available to the device manager and to a properly authenticated
+client. It is the job of a third party to retrieve the cookie from the
+management application and pass it over a secure channel to the introspection
+tool.
+
+Once the basic "authentication" has taken place, the introspection tool
+can receive information on the guest (its UUID) and other flags (endianness
+or features supported by the host kernel).
+
+In the end, the device manager will pass the file descriptor (plus
+the allowed commands/events) to KVM. It will detect when the socket is
+shutdown and it will reinitiate the handshake.
+
+Unhooking
+---------
+
+During a VMI session it is possible for the guest to be patched and for
+some of these patches to "talk" with the introspection tool. It thus
+becomes necessary to remove them before the guest is suspended, moved
+(migrated) or a snapshot with memory is created.
+
+The actions are normally performed by the device manager. In the case
+of QEMU, it will use another ioctl to notify the introspection tool and
+wait for a limited amount of time (a few seconds) for a confirmation that
+is OK to proceed (the introspection tool will close the connection).
+
+Live migrations
+---------------
+
+Before the live migration takes place, the introspection tool has to be
+notified and have a chance to unhook (see **Unhooking**).
+
+The QEMU instance on the receiving end, if configured for KVMI, will need
+to establish a connection to the introspection tool after the migration
+has been completed.
+
+Obviously, this creates a window in which the guest is not introspected.
+The user has to be aware of this detail. Future introspection technologies
+can choose not to disconnect and instead transfer the necessary context
+to the introspection tool at the migration destination via a separate
+channel.
+
+Memory access safety
+--------------------
+
+The KVMI API gives access to the entire guest physical address space but
+provides no information on which parts of it are system RAM and which are
+device-specific memory (DMA, emulated MMIO, reserved by a passthrough
+device etc.). It is up to the user to determine, using the guest operating
+system data structures, the areas that are safe to access (code, stack, heap
+etc.).
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 46849b92f937..7d1e865193a9 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1414,6 +1414,8 @@  void kvm_fire_mask_notifiers(struct kvm *kvm, unsigned irqchip, unsigned pin,
 
 extern bool tdp_enabled;
 
+extern bool enable_introspection;
+
 u64 vcpu_tsc_khz(struct kvm_vcpu *vcpu);
 
 /* control of guest tsc rate supported? */
diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
index f92dfd8ef10d..dbffc829ec9a 100644
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@@ -109,4 +109,13 @@  config KVM_MMU_AUDIT
 	 This option adds a R/W kVM module parameter 'mmu_audit', which allows
 	 auditing of KVM MMU events at runtime.
 
+config KVM_INTROSPECTION
+	bool "KVM Introspection"
+	depends on (KVM_INTEL || KVM_AMD)
+	default n
+	help
+	  Provides the introspection interface, which allows the control
+	  of any running VM. It must be explicitly enabled by setting
+	  the module parameter 'kvm.introspection'.
+
 endif # VIRTUALIZATION
diff --git a/arch/x86/kvm/Makefile b/arch/x86/kvm/Makefile
index 4bd14ab01323..e9784df055d4 100644
--- a/arch/x86/kvm/Makefile
+++ b/arch/x86/kvm/Makefile
@@ -8,11 +8,13 @@  OBJECT_FILES_NON_STANDARD_vmenter.o := y
 endif
 
 KVM := ../../../virt/kvm
+KVMI := $(KVM)/introspection
 
 kvm-y			+= $(KVM)/kvm_main.o $(KVM)/coalesced_mmio.o \
 				$(KVM)/eventfd.o $(KVM)/irqchip.o $(KVM)/vfio.o \
 				$(KVM)/dirty_ring.o
 kvm-$(CONFIG_KVM_ASYNC_PF)	+= $(KVM)/async_pf.o
+kvm-$(CONFIG_KVM_INTROSPECTION) += $(KVMI)/kvmi.o
 
 kvm-y			+= x86.o emulate.o i8259.o irq.o lapic.o \
 			   i8254.o ioapic.o irq_comm.o cpuid.o pmu.o mtrr.o \
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index d9b1034465c8..45221caeb84d 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -162,6 +162,9 @@  module_param(force_emulation_prefix, bool, S_IRUGO);
 int __read_mostly pi_inject_timer = -1;
 module_param(pi_inject_timer, bint, S_IRUGO | S_IWUSR);
 
+bool __read_mostly enable_introspection;
+module_param_named(introspection, enable_introspection, bool, 0444);
+
 /*
  * Restoring the host value for MSRs that are only consumed when running in
  * usermode, e.g. SYSCALL MSRs and TSC_AUX, can be deferred until the CPU
diff --git a/include/linux/kvmi_host.h b/include/linux/kvmi_host.h
new file mode 100644
index 000000000000..1e0a73c2a190
--- /dev/null
+++ b/include/linux/kvmi_host.h
@@ -0,0 +1,21 @@ 
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef __KVMI_HOST_H
+#define __KVMI_HOST_H
+
+#ifdef CONFIG_KVM_INTROSPECTION
+
+int kvmi_init(void);
+void kvmi_uninit(void);
+void kvmi_create_vm(struct kvm *kvm);
+void kvmi_destroy_vm(struct kvm *kvm);
+
+#else
+
+static inline int kvmi_init(void) { return 0; }
+static inline void kvmi_uninit(void) { }
+static inline void kvmi_create_vm(struct kvm *kvm) { }
+static inline void kvmi_destroy_vm(struct kvm *kvm) { }
+
+#endif /* CONFIG_KVM_INTROSPECTION */
+
+#endif
diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c
new file mode 100644
index 000000000000..af53bdcb7ec8
--- /dev/null
+++ b/virt/kvm/introspection/kvmi.c
@@ -0,0 +1,25 @@ 
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * KVM Introspection
+ *
+ * Copyright (C) 2017-2020 Bitdefender S.R.L.
+ *
+ */
+#include "kvmi_int.h"
+
+int kvmi_init(void)
+{
+	return 0;
+}
+
+void kvmi_uninit(void)
+{
+}
+
+void kvmi_create_vm(struct kvm *kvm)
+{
+}
+
+void kvmi_destroy_vm(struct kvm *kvm)
+{
+}
diff --git a/virt/kvm/introspection/kvmi_int.h b/virt/kvm/introspection/kvmi_int.h
new file mode 100644
index 000000000000..bdb4228fda5b
--- /dev/null
+++ b/virt/kvm/introspection/kvmi_int.h
@@ -0,0 +1,7 @@ 
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __KVMI_INT_H
+#define __KVMI_INT_H
+
+#include <linux/kvm_host.h>
+
+#endif
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index e19dd6f92709..d995be2421eb 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -51,6 +51,7 @@ 
 #include <linux/io.h>
 #include <linux/lockdep.h>
 #include <linux/kthread.h>
+#include <linux/kvmi_host.h>
 
 #include <asm/processor.h>
 #include <asm/ioctl.h>
@@ -802,6 +803,9 @@  static struct kvm *kvm_create_vm(unsigned long type)
 	if (r)
 		goto out_err;
 
+	if (enable_introspection)
+		kvmi_create_vm(kvm);
+
 	mutex_lock(&kvm_lock);
 	list_add(&kvm->vm_list, &vm_list);
 	mutex_unlock(&kvm_lock);
@@ -854,6 +858,8 @@  static void kvm_destroy_vm(struct kvm *kvm)
 	int i;
 	struct mm_struct *mm = kvm->mm;
 
+	if (enable_introspection)
+		kvmi_destroy_vm(kvm);
 	kvm_uevent_notify_change(KVM_EVENT_DESTROY_VM, kvm);
 	kvm_destroy_vm_debugfs(kvm);
 	kvm_arch_sync_events(kvm);
@@ -5003,6 +5009,11 @@  int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
 	r = kvm_vfio_ops_init();
 	WARN_ON(r);
 
+	if (enable_introspection) {
+		r = kvmi_init();
+		WARN_ON(r);
+	}
+
 	return 0;
 
 out_unreg:
@@ -5027,6 +5038,7 @@  EXPORT_SYMBOL_GPL(kvm_init);
 
 void kvm_exit(void)
 {
+	kvmi_uninit();
 	debugfs_remove_recursive(kvm_debugfs_dir);
 	misc_deregister(&kvm_dev);
 	kmem_cache_destroy(kvm_vcpu_cache);

[v10,32/81] KVM: introduce VM introspection

Commit Message

Comments

Patch