[RFC PATCH 11/19] kvm: x86: Hook in kvmi_breakpoint_event()

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

From: Adalbert Lazar <alazar@bitdefender.com>
To: kvm@vger.kernel.org
Cc: "Paolo Bonzini" <pbonzini@redhat.com>,
	"Radim Krčmář" <rkrcmar@redhat.com>,
	alazar@bitdefender.com, mdontu@bitdefender.com
Subject: [RFC PATCH 11/19] kvm: x86: Hook in kvmi_breakpoint_event()
Date: Fri, 16 Jun 2017 16:43:40 +0300	[thread overview]
Message-ID: <20170616134348.17725-12-alazar@bitdefender.com> (raw)
In-Reply-To: <20170616134348.17725-1-alazar@bitdefender.com>

From: Mihai Dontu <mdontu@bitdefender.com>

Inform the guest introspection tool than a breakpoint instruction (INT3)
is being executed. These one-byte intructions are placed in the slack
space of various functions and used as notification for when the OS or
an application has reached a certain state or is trying to perform a
certain operation (like creating a process).

Signed-off-by: Mihai Dontu <mdontu@bitdefender.com>
---
 arch/x86/include/asm/kvm_host.h |  2 ++
 arch/x86/kvm/svm.c              |  3 +++
 arch/x86/kvm/vmx.c              |  3 +++
 arch/x86/kvm/x86.c              | 14 ++++++++++++++
 4 files changed, 22 insertions(+)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 8d1d80bd2230..7024f8e3962b 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1434,4 +1434,6 @@ static inline int kvm_cpu_get_apicid(int mps_cpu)
 }
 
 void kvm_arch_msr_intercept(unsigned int msr, bool enable);
+int kvm_breakpoint(struct kvm_vcpu *vcpu);
+
 #endif /* _ASM_X86_KVM_HOST_H */
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 7f1b00b74199..69d4d5c9e469 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -2133,6 +2133,9 @@ static int bp_interception(struct vcpu_svm *svm)
 {
 	struct kvm_run *kvm_run = svm->vcpu.run;
 
+	if (kvm_breakpoint(svm->vcpu, svm->vmcb->control.exit_info_2))
+		return 1;
+
 	kvm_run->exit_reason = KVM_EXIT_DEBUG;
 	kvm_run->debug.arch.pc = svm->vmcb->save.cs.base + svm->vmcb->save.rip;
 	kvm_run->debug.arch.exception = BP_VECTOR;
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index f99fcc86f141..405b739cd07b 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -5682,6 +5682,9 @@ static int handle_exception(struct kvm_vcpu *vcpu)
 		kvm_run->debug.arch.dr7 = vmcs_readl(GUEST_DR7);
 		/* fall through */
 	case BP_VECTOR:
+		if (kvm_breakpoint(vcpu))
+			return 1;
+
 		/*
 		 * Update instruction length as we may reinject #BP from
 		 * user space while in guest debugging mode. Reading it for
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 9a47f640a7b5..3a50710629b5 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -54,6 +54,7 @@
 #include <linux/kvm_irqfd.h>
 #include <linux/irqbypass.h>
 #include <linux/sched/stat.h>
+#include "../../../../virt/kvm/kvmi.h"
 
 #include <trace/events/kvm.h>
 
@@ -8740,6 +8741,19 @@ void kvm_arch_msr_intercept(unsigned int msr, bool enable)
 }
 EXPORT_SYMBOL_GPL(kvm_arch_msr_intercept);
 
+int kvm_breakpoint(struct kvm_vcpu *vcpu)
+{
+	gpa_t gpa;
+	struct kvm_segment cs;
+
+	kvm_get_segment(vcpu, &cs, VCPU_SREG_CS);
+	gpa = kvm_mmu_gva_to_gpa_read(vcpu, cs.base + kvm_rip_read(vcpu), NULL);
+	if (kvmi_breakpoint_event(vcpu, gpa))
+		return 0;
+	return 1;
+}
+EXPORT_SYMBOL_GPL(kvm_breakpoint);
+
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit);
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_fast_mmio);
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_inj_virq);
-- 
2.12.2

next prev parent reply	other threads:[~2017-06-16 13:43 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-16 13:43 [RFC PATCH 00/19] Guest introspection Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 01/19] kvm: x86: mmu: Add kvm_mmu_get_spte() and kvm_mmu_set_spte() Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 02/19] kvm: x86: Add kvm_arch_vcpu_set_regs() Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 03/19] mm: Add vm_replace_page() Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 04/19] kvm: Add kvm_enum() Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 05/19] kvm: Add uuid member in struct kvm + support for KVM_CAP_VM_UUID Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 06/19] kvm: Add kvm_vm_shutdown() Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 07/19] kvm: x86: Add kvm_arch_msr_intercept() Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 08/19] kvm: Add the introspection subsystem Adalbert Lazar
2017-06-21 11:54   ` Paolo Bonzini
2017-06-21 12:36     ` Mihai Donțu
2017-06-21 12:57       ` Paolo Bonzini
2017-06-16 13:43 ` [RFC PATCH 09/19] kvm: Hook in kvmi on VM on/off events Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 10/19] kvm: vmx: Hook in kvmi_page_fault() Adalbert Lazar
2017-06-16 13:43 ` Adalbert Lazar [this message]
2017-06-21 11:48   ` [RFC PATCH 11/19] kvm: x86: Hook in kvmi_breakpoint_event() Paolo Bonzini
2017-06-21 12:37     ` Mihai Donțu
2017-06-16 13:43 ` [RFC PATCH 12/19] kvm: x86: Hook in kvmi_trap_event() Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 13/19] kvm: x86: Hook in kvmi_cr_event() Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 14/19] kvm: x86: Hook in kvmi_xsetbv_event() Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 15/19] kvm: x86: Hook in kvmi_msr_event() Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 16/19] kvm: x86: Change the emulation context Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 17/19] kvm: x86: Hook in kvmi_vmcall_event() Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 18/19] kvm: x86: Set the new spte flags before entering the guest Adalbert Lazar
2017-06-16 13:43 ` [RFC PATCH 19/19] kvm: x86: Handle KVM_REQ_INTROSPECTION Adalbert Lazar
2017-06-16 14:45 ` [RFC PATCH 00/19] Guest introspection Jan Kiszka
2017-06-16 15:18   ` Mihai Donțu
2017-06-16 15:34     ` Jan Kiszka
2017-06-16 15:59       ` Mihai Donțu
2017-06-19  9:39       ` Stefan Hajnoczi
2017-06-20 14:58         ` alazar
2017-06-20 15:03           ` Jan Kiszka
2017-06-21 11:04           ` Stefan Hajnoczi
2017-06-21 13:25             ` Paolo Bonzini
2017-06-27 16:12               ` Mihai Donțu
2017-06-27 16:23                 ` Paolo Bonzini
2017-06-16 17:05     ` Paolo Bonzini
2017-06-16 17:27       ` Jan Kiszka

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8d1d80bd223 dfblob:7024f8e3962 dfblob:7f1b00b7419
dfblob:69d4d5c9e46 dfblob:f99fcc86f14 dfblob:405b739cd07
dfblob:9a47f640a7b dfblob:3a50710629b )
 OR (
bs:"[RFC PATCH 11/19] kvm: x86: Hook in kvmi_breakpoint_event()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170616134348.17725-12-alazar@bitdefender.com \
    --to=alazar@bitdefender.com \
    --cc=kvm@vger.kernel.org \
    --cc=mdontu@bitdefender.com \
    --cc=pbonzini@redhat.com \
    --cc=rkrcmar@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox