From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jan Kiszka <jan.kiszka@siemens.com>
Subject: Re: x-tier code injection for VMI
Date: Tue, 21 Apr 2015 16:53:03 +0200
Message-ID: <5536644F.1050005@siemens.com>
References: <55365620.7070806@in.tum.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
To: Jonas Jelten <jelten@in.tum.de>, kvm list <kvm@vger.kernel.org>
Return-path: <kvm-owner@vger.kernel.org>
Received: from goliath.siemens.de ([192.35.17.28]:51758 "EHLO
	goliath.siemens.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751086AbbDUOxH (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 21 Apr 2015 10:53:07 -0400
In-Reply-To: <55365620.7070806@in.tum.de>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 2015-04-21 15:52, Jonas Jelten wrote:
> Hai *!
> 
> We [0] are developing x-tier [1], a VMI system that injects code into a
> kvm guest from the hypervisor.
> 
> Currently we're using kernel modules to be executed in the context of
> the VM. The execution is carefully separated from the target VM so the
> injection remains stealthy (as always, except for timing attacks).
> 
> Using this method, we could even redirect system calls from the
> hypervisor into a VM transparently[2]. Programs running on the host are
> obtaining their data from the guest stealthily that way :D
> 
> 
> What I want to ask the kvm folks:
> Would there be interest integrating the kernel components upstream?
> Mainly it would provide guest os-independent code injection.
> 
> All implementation is free software already [3][4], of course it needs a
> lot of polishing before going upstream ;)
> 
> The userspace part is a modified qemu [5], we're trying to move all the
> injection procedures into the kernel though. Work is in progress..

You may have to advertise your feature for a broader audience: What is
the added value, low level and from a higher perspective? Who may be
interested in it: research, real-world applications, and which kind?

Then, how invasive will the extension be, e.g. which performance impact
will it have for non-users, how much code is added to the kernel and how
many new interfaces (both very sensitive from maintenance and security
perspective)?

Already considered submitting a talk about it for the next KVM Forum
(http://events.linuxfoundation.org/events/kvm-forum/)?

Jan

-- 
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux