[RFC,17/19] kvm: x86: Hook in kvmi_vmcall_event()

Commit Message

Adalbert Lazăr June 16, 2017, 1:43 p.m. UTC

From: Mihai Dontu <mdontu@bitdefender.com>

Code residing inside the introspected guest can call the introspection
tool to report certain details about its operation. For example, a
classic antimalware remediation tool can report what it has found during
a scan.

The VMCALL convention is the one used on Xen (DOMCTL + subop). This code
is largely untested. Its purpose is only to show how guest code
communicates with the introspection tool.

Signed-off-by: Mihai Dontu <mdontu@bitdefender.com>
---
 arch/x86/kvm/x86.c            | 15 +++++++++++++++
 include/uapi/linux/kvm_para.h |  4 ++++
 2 files changed, 19 insertions(+)

Patch

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 9465856a9e37..cafe878ba148 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6302,6 +6302,21 @@  int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
 		ret = kvm_pv_clock_pairing(vcpu, a0, a1);
 		break;
 #endif
+	case KVM_HC_XEN_HVM_OP:{
+		unsigned long subop;
+
+		if (op_64_bit) {
+			subop = kvm_register_read(vcpu, VCPU_REGS_RDI);
+			subop &= 0xFFFFFFFF;
+		} else
+			subop = a0;
+
+		if (subop == KVM_HC_XEN_HVM_OP_GUEST_REQUEST_VM_EVENT)
+			kvmi_vmcall_event(vcpu);
+
+		ret = kvm_register_read(vcpu, VCPU_REGS_RAX);
+		break;
+	}
 	default:
 		ret = -KVM_ENOSYS;
 		break;
diff --git a/include/uapi/linux/kvm_para.h b/include/uapi/linux/kvm_para.h
index fed506aeff62..297b75435831 100644
--- a/include/uapi/linux/kvm_para.h
+++ b/include/uapi/linux/kvm_para.h
@@ -25,6 +25,10 @@ 
 #define KVM_HC_MIPS_EXIT_VM		7
 #define KVM_HC_MIPS_CONSOLE_OUTPUT	8
 #define KVM_HC_CLOCK_PAIRING		9
+#define KVM_HC_XEN_HVM_OP		34
+/* Matches Xen's __HYPERVISOR_hvm_op */
+
+#define KVM_HC_XEN_HVM_OP_GUEST_REQUEST_VM_EVENT 24
 
 /*
  * hypercalls use architecture specific