[v8,47/81] KVM: introspection: add KVMI_VM_READ_PHYSICAL/KVMI_VM_WRITE_PHYSICAL

Message ID	20200330101308.21702-48-alazar@bitdefender.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=cHma=5P=vger.kernel.org=kvm-owner@kernel.org> From: =?utf-8?q?Adalbert_Laz=C4=83r?= <alazar@bitdefender.com> To: kvm@vger.kernel.org Cc: virtualization@lists.linux-foundation.org, Paolo Bonzini <pbonzini@redhat.com>, =?utf-8?q?Mihai_Don=C8=9Bu?= <mdontu@bitdefender.com>, =?utf-8?q?Adalbert_L?= =?utf-8?q?az=C4=83r?= <alazar@bitdefender.com> Subject: [PATCH v8 47/81] KVM: introspection: add KVMI_VM_READ_PHYSICAL/KVMI_VM_WRITE_PHYSICAL Date: Mon, 30 Mar 2020 13:12:34 +0300 Message-Id: <20200330101308.21702-48-alazar@bitdefender.com> In-Reply-To: <20200330101308.21702-1-alazar@bitdefender.com> References: <20200330101308.21702-1-alazar@bitdefender.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: kvm-owner@vger.kernel.org Precedence: bulk
Series	VM introspection \| expand [v8,00/81] VM introspection [v8,01/81] sched/swait: add swait_event_killable_exclusive() [v8,02/81] export kill_pid_info() [v8,03/81] KVM: add new error codes for VM introspection [v8,04/81] KVM: add kvm_vcpu_kick_and_wait() [v8,05/81] KVM: add kvm_get_max_gfn() [v8,06/81] KVM: doc: fix the hypercall numbering [v8,07/81] KVM: x86: add kvm_arch_vcpu_get_regs() and kvm_arch_vcpu_get_sregs() [v8,08/81] KVM: x86: add kvm_arch_vcpu_set_regs() [v8,09/81] KVM: x86: avoid injecting #PF when emulate the VMCALL instruction [v8,10/81] KVM: x86: add .bp_intercepted() to struct kvm_x86_ops [v8,11/81] KVM: x86: add .control_cr3_intercept() to struct kvm_x86_ops [v8,12/81] KVM: x86: add .cr3_write_intercepted() [v8,13/81] KVM: x86: add .desc_ctrl_supported() [v8,14/81] KVM: svm: add support for descriptor-table exits [v8,15/81] KVM: x86: add .control_desc_intercept() [v8,16/81] KVM: x86: add .desc_intercepted() [v8,17/81] KVM: x86: export .msr_write_intercepted() [v8,18/81] KVM: x86: use MSR_TYPE_R, MSR_TYPE_W and MSR_TYPE_RW with AMD code too [v8,19/81] KVM: svm: pass struct kvm_vcpu to set_msr_interception() [v8,20/81] KVM: vmx: pass struct kvm_vcpu to the intercept msr related functions [v8,21/81] KVM: x86: add .control_msr_intercept() [v8,22/81] KVM: x86: vmx: use a symbolic constant when checking the exit qualifications [v8,23/81] KVM: x86: save the error code during EPT/NPF exits handling [v8,24/81] KVM: x86: add .fault_gla() [v8,25/81] KVM: x86: add .spt_fault() [v8,26/81] KVM: x86: add .gpt_translation_fault() [v8,27/81] KVM: x86: add .control_singlestep() [v8,28/81] KVM: x86: export kvm_arch_vcpu_set_guest_debug() [v8,29/81] KVM: x86: extend kvm_mmu_gva_to_gpa_system() with the 'access' parameter [v8,30/81] KVM: x86: export kvm_inject_pending_exception() [v8,31/81] KVM: x86: export kvm_vcpu_ioctl_x86_get_xsave() [v8,32/81] KVM: x86: page track: provide all page tracking hooks with the guest virtual address [v8,33/81] KVM: x86: page track: add track_create_slot() callback [v8,34/81] KVM: x86: page_track: add support for preread, prewrite and preexec [v8,35/81] KVM: x86: wire in the preread/prewrite/preexec page trackers [v8,36/81] KVM: x86: intercept the write access on sidt and other emulated instructions [v8,37/81] KVM: x86: disable gpa_available optimization for fetch and page-walk NPF/EPT violations [v8,38/81] KVM: introduce VM introspection [v8,39/81] KVM: introspection: add hook/unhook ioctls [v8,40/81] KVM: introspection: add permission access ioctls [v8,41/81] KVM: introspection: add the read/dispatch message function [v8,42/81] KVM: introspection: add KVMI_GET_VERSION [v8,43/81] KVM: introspection: add KVMI_VM_CHECK_COMMAND and KVMI_VM_CHECK_EVENT [v8,44/81] KVM: introspection: add KVMI_VM_GET_INFO [v8,45/81] KVM: introspection: add KVMI_EVENT_UNHOOK [v8,46/81] KVM: introspection: add KVMI_VM_CONTROL_EVENTS [v8,47/81] KVM: introspection: add KVMI_VM_READ_PHYSICAL/KVMI_VM_WRITE_PHYSICAL [v8,48/81] KVM: introspection: add vCPU related data [v8,49/81] KVM: introspection: add a jobs list to every introspected vCPU [v8,50/81] KVM: introspection: handle vCPU introspection requests [v8,51/81] KVM: introspection: handle vCPU commands [v8,52/81] KVM: introspection: add KVMI_VCPU_GET_INFO [v8,53/81] KVM: introspection: add KVMI_VCPU_PAUSE [v8,54/81] KVM: introspection: add KVMI_EVENT_PAUSE_VCPU [v8,55/81] KVM: introspection: add crash action handling on event reply [v8,56/81] KVM: introspection: add KVMI_VCPU_CONTROL_EVENTS [v8,57/81] KVM: introspection: add KVMI_VCPU_GET_REGISTERS [v8,58/81] KVM: introspection: add KVMI_VCPU_SET_REGISTERS [v8,59/81] KVM: introspection: add KVMI_VCPU_GET_CPUID [v8,60/81] KVM: introspection: add KVMI_EVENT_HYPERCALL [v8,61/81] KVM: introspection: add KVMI_EVENT_BREAKPOINT [v8,62/81] KVM: introspection: restore the state of #BP interception on unhook [v8,63/81] KVM: introspection: add KVMI_VCPU_CONTROL_CR and KVMI_EVENT_CR [v8,64/81] KVM: introspection: restore the state of CR3 interception on unhook [v8,65/81] KVM: introspection: add KVMI_VCPU_INJECT_EXCEPTION + KVMI_EVENT_TRAP [v8,66/81] KVM: introspection: add KVMI_VM_GET_MAX_GFN [v8,67/81] KVM: introspection: add KVMI_EVENT_XSETBV [v8,68/81] KVM: introspection: add KVMI_VCPU_GET_XSAVE [v8,69/81] KVM: introspection: add KVMI_VCPU_GET_MTRR_TYPE [v8,70/81] KVM: introspection: add KVMI_EVENT_DESCRIPTOR [v8,71/81] KVM: introspection: restore the state of descriptor-table register interception on unhook [v8,72/81] KVM: introspection: add KVMI_VCPU_CONTROL_MSR and KVMI_EVENT_MSR [v8,73/81] KVM: introspection: restore the state of MSR interception on unhook [v8,74/81] KVM: introspection: add KVMI_VM_SET_PAGE_ACCESS [v8,75/81] KVM: introspection: add KVMI_EVENT_PF [v8,76/81] KVM: introspection: extend KVMI_GET_VERSION with struct kvmi_features [v8,77/81] KVM: introspection: add KVMI_VCPU_CONTROL_SINGLESTEP [v8,78/81] KVM: introspection: add KVMI_EVENT_SINGLESTEP [v8,79/81] KVM: introspection: add KVMI_VCPU_TRANSLATE_GVA [v8,80/81] KVM: introspection: emulate a guest page table walk on SPT violations due to A/D bit upd… [v8,81/81] KVM: x86: call the page tracking code on emulation failure

diff --git a/Documentation/virt/kvm/kvmi.rst b/Documentation/virt/kvm/kvmi.rst index 7a47fade7f08..748d786d1c08 100644 --- a/Documentation/virt/kvm/kvmi.rst +++ b/Documentation/virt/kvm/kvmi.rst @@ -373,6 +373,74 @@ the following events:: * -KVM_EINVAL - the event ID is unknown (use *KVMI_VM_CHECK_EVENT* first) * -KVM_EPERM - the access is disallowed (use *KVMI_VM_CHECK_EVENT* first) +6. KVMI_VM_READ_PHYSICAL +------------------------ + +:Architectures: all +:Versions: >= 1 +:Parameters: + +:: + + struct kvmi_vm_read_physical { + __u64 gpa; + __u16 size; + __u16 padding1; + __u32 padding2; + }; + +:Returns: + +:: + + struct kvmi_error_code; + __u8 data[0]; + +Reads from the guest memory. + +Currently, the size must be non-zero and the read must be restricted to +one page (offset + size <= PAGE_SIZE). + +:Errors: + +* -KVM_ENOENT - the guest page doesn't exists +* -KVM_EINVAL - the specified gpa/size pair is invalid +* -KVM_EINVAL - the padding is not zero + +7. KVMI_VM_WRITE_PHYSICAL +------------------------- + +:Architectures: all +:Versions: >= 1 +:Parameters: + +:: + + struct kvmi_vm_write_physical { + __u64 gpa; + __u16 size; + __u16 padding1; + __u32 padding2; + __u8 data[0]; + }; + +:Returns: + +:: + + struct kvmi_error_code + +Writes into the guest memory. + +Currently, the size must be non-zero and the write must be restricted to +one page (offset + size <= PAGE_SIZE). + +:Errors: + +* -KVM_ENOENT - the guest page doesn't exists +* -KVM_EINVAL - the specified gpa/size pair is invalid +* -KVM_EINVAL - the padding is not zero + Events ====== diff --git a/include/uapi/linux/kvmi.h b/include/uapi/linux/kvmi.h index 66e04a82f054..335e3d879df9 100644 --- a/include/uapi/linux/kvmi.h +++ b/include/uapi/linux/kvmi.h @@ -22,6 +22,8 @@ enum { KVMI_VM_CHECK_EVENT = 4, KVMI_VM_GET_INFO = 5, KVMI_VM_CONTROL_EVENTS = 6, + KVMI_VM_READ_PHYSICAL = 7, + KVMI_VM_WRITE_PHYSICAL = 8, KVMI_NUM_MESSAGES }; @@ -83,6 +85,21 @@ struct kvmi_vm_control_events { __u32 padding2; }; +struct kvmi_vm_read_physical { + __u64 gpa; + __u16 size; + __u16 padding1; + __u32 padding2; +}; + +struct kvmi_vm_write_physical { + __u64 gpa; + __u16 size; + __u16 padding1; + __u32 padding2; + __u8 data[0]; +}; + struct kvmi_event { __u16 size; __u16 vcpu; diff --git a/tools/testing/selftests/kvm/x86_64/kvmi_test.c b/tools/testing/selftests/kvm/x86_64/kvmi_test.c index c3beea3feb26..ccb30d09d5cd 100644 --- a/tools/testing/selftests/kvm/x86_64/kvmi_test.c +++ b/tools/testing/selftests/kvm/x86_64/kvmi_test.c @@ -8,6 +8,7 @@ #define _GNU_SOURCE /* for program_invocation_short_name */ #include <sys/types.h> #include <sys/socket.h> +#include <time.h> #include "test_util.h" @@ -24,6 +25,13 @@ static int socket_pair[2]; #define Kvm_socket socket_pair[0] #define Userspace_socket socket_pair[1] +static vm_vaddr_t test_gva; +static void *test_hva; +static vm_paddr_t test_gpa; + +static uint8_t test_write_pattern; +static int page_size; + void setup_socket(void) { int r; @@ -362,8 +370,153 @@ static void test_cmd_vm_control_events(void) disable_vm_event(id); } +static int cmd_write_page(__u64 gpa, __u64 size, void *p) +{ + struct kvmi_vm_write_physical *cmd; + struct kvmi_msg_hdr *req; + size_t req_size; + int r; + + req_size = sizeof(*req) + sizeof(*cmd) + size; + + req = calloc(1, req_size); + TEST_ASSERT(req, "Insufficient Memory\n"); + + cmd = (struct kvmi_vm_write_physical *)(req + 1); + cmd->gpa = gpa; + cmd->size = size; + + memcpy(cmd + 1, p, size); + + r = do_command(KVMI_VM_WRITE_PHYSICAL, req, req_size, NULL, 0); + + free(req); + + return r; +} + +static void write_guest_page(__u64 gpa, void *p) +{ + int r; + + r = cmd_write_page(gpa, page_size, p); + TEST_ASSERT(r == 0, + "KVMI_VM_WRITE_PHYSICAL failed, gpa 0x%lx, error %d (%s)\n", + gpa, -r, kvm_strerror(-r)); +} + +static void write_with_invalid_arguments(__u64 gpa, __u64 size, void *p) +{ + int r; + + r = cmd_write_page(gpa, size, p); + TEST_ASSERT(r == -KVM_EINVAL, + "KVMI_VM_WRITE_PHYSICAL did not failed with EINVAL, gpa 0x%lx, error %d (%s)\n", + gpa, -r, kvm_strerror(-r)); +} + +static void write_invalid_guest_page(struct kvm_vm *vm, void *p) +{ + uint64_t gpa = vm->max_gfn << vm->page_shift; + int r; + + r = cmd_write_page(gpa, 1, p); + TEST_ASSERT(r == -KVM_ENOENT, + "KVMI_VM_WRITE_PHYSICAL did not failed with ENOENT, gpa 0x%lx, error %d (%s)\n", + gpa, -r, kvm_strerror(-r)); +} + +static int cmd_read_page(__u64 gpa, __u64 size, void *p) +{ + struct { + struct kvmi_msg_hdr hdr; + struct kvmi_vm_read_physical cmd; + } req = { }; + + req.cmd.gpa = gpa; + req.cmd.size = size; + + return do_command(KVMI_VM_READ_PHYSICAL, &req.hdr, sizeof(req), p, + size); +} + +static void read_guest_page(__u64 gpa, void *p) +{ + int r; + + r = cmd_read_page(gpa, page_size, p); + TEST_ASSERT(r == 0, + "KVMI_VM_READ_PHYSICAL failed, gpa 0x%lx, error %d (%s)\n", + gpa, -r, kvm_strerror(-r)); +} + +static void read_with_invalid_arguments(__u64 gpa, __u64 size, void *p) +{ + int r; + + r = cmd_read_page(gpa, size, p); + TEST_ASSERT(r == -KVM_EINVAL, + "KVMI_VM_READ_PHYSICAL did not failed with EINVAL, gpa 0x%lx, error %d (%s)\n", + gpa, -r, kvm_strerror(-r)); +} + +static void read_invalid_guest_page(struct kvm_vm *vm) +{ + uint64_t gpa = vm->max_gfn << vm->page_shift; + int r; + + r = cmd_read_page(gpa, 1, NULL); + TEST_ASSERT(r == -KVM_ENOENT, + "KVMI_VM_READ_PHYSICAL did not failed with ENOENT, gpa 0x%lx, error %d (%s)\n", + gpa, -r, kvm_strerror(-r)); +} + +static void new_test_write_pattern(struct kvm_vm *vm) +{ + uint8_t n; + + do { + n = random(); + } while (!n || n == test_write_pattern); + + test_write_pattern = n; + sync_global_to_guest(vm, test_write_pattern); +} + +static void test_memory_access(struct kvm_vm *vm) +{ + void *pw, *pr; + + new_test_write_pattern(vm); + + pw = malloc(page_size); + TEST_ASSERT(pw, "Insufficient Memory\n"); + + memset(pw, test_write_pattern, page_size); + + write_guest_page(test_gpa, pw); + TEST_ASSERT(memcmp(pw, test_hva, page_size) == 0, + "Write page test failed"); + + pr = malloc(page_size); + TEST_ASSERT(pr, "Insufficient Memory\n"); + + read_guest_page(test_gpa, pr); + TEST_ASSERT(memcmp(pw, pr, page_size) == 0, + "Read page test failed"); + + read_with_invalid_arguments(test_gpa, 0, pr); + write_with_invalid_arguments(test_gpa, 0, pw); + write_invalid_guest_page(vm, pw); + + free(pw); + free(pr); + + read_invalid_guest_page(vm); +} static void test_introspection(struct kvm_vm *vm) { + srandom(time(0)); setup_socket(); hook_introspection(vm); @@ -374,10 +527,23 @@ static void test_introspection(struct kvm_vm *vm) test_cmd_get_vm_info(); test_event_unhook(vm); test_cmd_vm_control_events(); + test_memory_access(vm); unhook_introspection(vm); } +static void setup_test_pages(struct kvm_vm *vm) +{ + test_gva = vm_vaddr_alloc(vm, page_size, KVM_UTIL_MIN_VADDR, 0, 0); + + sync_global_to_guest(vm, test_gva); + + test_hva = addr_gva2hva(vm, test_gva); + memset(test_hva, 0, page_size); + + test_gpa = addr_gva2gpa(vm, test_gva); +} + int main(int argc, char *argv[]) { struct kvm_vm *vm; @@ -393,6 +559,9 @@ int main(int argc, char *argv[]) vm = vm_create_default(VCPU_ID, 0, NULL); vcpu_set_cpuid(vm, VCPU_ID, kvm_get_supported_cpuid()); + page_size = getpagesize(); + setup_test_pages(vm); + test_introspection(vm); kvm_vm_free(vm); diff --git a/virt/kvm/introspection/kvmi.c b/virt/kvm/introspection/kvmi.c index ec4515be5acc..661e49a75835 100644 --- a/virt/kvm/introspection/kvmi.c +++ b/virt/kvm/introspection/kvmi.c @@ -5,6 +5,7 @@ * Copyright (C) 2017-2020 Bitdefender S.R.L. * */ +#include <linux/mmu_context.h> #include "kvmi_int.h" #include <linux/kthread.h> @@ -408,3 +409,110 @@ int kvmi_cmd_vm_control_events(struct kvm_introspection *kvmi, return 0; } + +static unsigned long gfn_to_hva_safe(struct kvm *kvm, gfn_t gfn) +{ + unsigned long hva; + int srcu_idx; + + srcu_idx = srcu_read_lock(&kvm->srcu); + hva = gfn_to_hva(kvm, gfn); + srcu_read_unlock(&kvm->srcu, srcu_idx); + + return hva; +} + +static long +get_user_pages_remote_unlocked(struct mm_struct *mm, unsigned long start, + unsigned long nr_pages, unsigned int gup_flags, + struct page **pages) +{ + struct vm_area_struct **vmas = NULL; + struct task_struct *tsk = NULL; + int locked = 1; + long r; + + down_read(&mm->mmap_sem); + r = get_user_pages_remote(tsk, mm, start, nr_pages, gup_flags, + pages, vmas, &locked); + if (locked) + up_read(&mm->mmap_sem); + + return r; +} + +static void *get_page_ptr(struct kvm *kvm, gpa_t gpa, struct page **page, + bool write) +{ + unsigned int flags = write ? FOLL_WRITE : 0; + unsigned long hva; + + *page = NULL; + + hva = gfn_to_hva_safe(kvm, gpa_to_gfn(gpa)); + + if (kvm_is_error_hva(hva)) + return NULL; + + if (get_user_pages_remote_unlocked(kvm->mm, hva, 1, flags, page) != 1) + return NULL; + + return write ? kmap_atomic(*page) : kmap(*page); +} + +static void put_page_ptr(void *ptr, struct page *page, bool write) +{ + if (ptr) { + if (write) + kunmap_atomic(ptr); + else + kunmap(ptr); + } + if (page) + put_page(page); +} + +int kvmi_cmd_read_physical(struct kvm *kvm, u64 gpa, size_t size, + int (*send)(struct kvm_introspection *, + const struct kvmi_msg_hdr *, + int err, const void *buf, size_t), + const struct kvmi_msg_hdr *ctx) +{ + void *ptr_page = NULL, *ptr; + struct page *page = NULL; + size_t ptr_size; + int err, ec; + + ptr_page = get_page_ptr(kvm, gpa, &page, false); + if (ptr_page) { + ptr = ptr_page + (gpa & ~PAGE_MASK); + ptr_size = size; + ec = 0; + } else { + ptr = NULL; + ptr_size = 0; + ec = -KVM_ENOENT; + } + + err = send(KVMI(kvm), ctx, ec, ptr, ptr_size); + + put_page_ptr(ptr_page, page, false); + return err; +} + +int kvmi_cmd_write_physical(struct kvm *kvm, u64 gpa, size_t size, + const void *buf) +{ + struct page *page; + void *ptr; + + ptr = get_page_ptr(kvm, gpa, &page, true); + if (!ptr) + return -KVM_ENOENT; + + memcpy(ptr + (gpa & ~PAGE_MASK), buf, size); + + put_page_ptr(ptr, page, true); + + return 0; +} diff --git a/virt/kvm/introspection/kvmi_int.h b/virt/kvm/introspection/kvmi_int.h index 75078248a69c..6a1808585a32 100644 --- a/virt/kvm/introspection/kvmi_int.h +++ b/virt/kvm/introspection/kvmi_int.h @@ -33,5 +33,12 @@ void *kvmi_msg_alloc(void); void kvmi_msg_free(void *addr); int kvmi_cmd_vm_control_events(struct kvm_introspection *kvmi, unsigned int event_id, bool enable); +int kvmi_cmd_read_physical(struct kvm *kvm, u64 gpa, size_t size, + int (*send)(struct kvm_introspection *, + const struct kvmi_msg_hdr*, + int err, const void *buf, size_t), + const struct kvmi_msg_hdr *ctx); +int kvmi_cmd_write_physical(struct kvm *kvm, u64 gpa, size_t size, + const void *buf); #endif diff --git a/virt/kvm/introspection/kvmi_msg.c b/virt/kvm/introspection/kvmi_msg.c index 4d897c65085b..1faf70945123 100644 --- a/virt/kvm/introspection/kvmi_msg.c +++ b/virt/kvm/introspection/kvmi_msg.c @@ -193,6 +193,55 @@ static int handle_vm_control_events(struct kvm_introspection *kvmi, return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0); } +static bool invalid_page_access(u64 gpa, u64 size) +{ + u64 off = gpa & ~PAGE_MASK; + + return (size == 0 || size > PAGE_SIZE || off + size > PAGE_SIZE); +} + +static int handle_read_physical(struct kvm_introspection *kvmi, + const struct kvmi_msg_hdr *msg, + const void *_req) +{ + const struct kvmi_vm_read_physical *req = _req; + int ec = 0; + + if (invalid_page_access(req->gpa, req->size)) + ec = -KVM_EINVAL; + else if (req->padding1 || req->padding2) + ec = -KVM_EINVAL; + + if (ec) + return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0); + + return kvmi_cmd_read_physical(kvmi->kvm, req->gpa, req->size, + kvmi_msg_vm_reply, msg); +} + +static int handle_write_physical(struct kvm_introspection *kvmi, + const struct kvmi_msg_hdr *msg, + const void *_req) +{ + const struct kvmi_vm_write_physical *req = _req; + size_t req_size; + int ec; + + req_size = struct_size(req, data, req->size); + if (msg->size != req_size) + return -EINVAL; + + if (invalid_page_access(req->gpa, req->size)) + ec = -KVM_EINVAL; + else if (req->padding1 || req->padding2) + ec = -KVM_EINVAL; + else + ec = kvmi_cmd_write_physical(kvmi->kvm, req->gpa, + req->size, req->data); + + return kvmi_msg_vm_reply(kvmi, msg, ec, NULL, 0); +} + /* * These commands are executed by the receiving thread/worker. */ @@ -203,6 +252,8 @@ static int(*const msg_vm[])(struct kvm_introspection *, [KVMI_VM_CHECK_EVENT] = handle_check_event, [KVMI_VM_CONTROL_EVENTS] = handle_vm_control_events, [KVMI_VM_GET_INFO] = handle_get_info, + [KVMI_VM_READ_PHYSICAL] = handle_read_physical, + [KVMI_VM_WRITE_PHYSICAL] = handle_write_physical, }; static bool is_vm_command(u16 id)

[v8,47/81] KVM: introspection: add KVMI_VM_READ_PHYSICAL/KVMI_VM_WRITE_PHYSICAL

Commit Message

Patch