Add basic KVMI event support for CR/MSR/interrupt/mem_access (v5) #9
Conversation
libvmi/events.c
Outdated
| @@ -94,6 +94,8 @@ void step_event_free(vmi_event_t *event, status_t rc) | |||
| status_t events_init(vmi_instance_t vmi) | |||
| { | |||
| switch (vmi->mode) { | |||
| case VMI_KVM: | |||
| // intentional fall-through | |||
There was a problem hiding this comment.
good catch, it's a mistake.
| if (event->reg != MSR_ALL) { | ||
| // enable event monitoring for all vcpus | ||
| for (unsigned int i = 0; i < vmi->num_vcpus; i++) { | ||
| if (kvmi_control_events(kvm->kvmi_dom, i, event_flags)) { |
There was a problem hiding this comment.
@adlazar: does enabling the interception of KVMi events, without generating this type of events, has a slight performance impact, or close to none ?
The idea is that I would like to move enabling/disabling event interception at driver init, so I could enable all of them at once, and disable them at teardown.
Otherwise, with the current implementation, we have to keep track of what reg_access has been enabled for example, or the following use case won't work:
- enable an event to intercept
CR3 - enable an event to intercept
CR0 - disable
CR0event ->CR3 is disabled toobecauseKVMI_EVENT_CR(_FLAG)has been disabled
There was a problem hiding this comment.
For MSR and CR events, you can enable them with kvmi_control_events() without worrying about the the performance impact, because the interception does something when you enable a specific MSR/CR (kvmi_control_msr/kvmi_control_cr).
But, if you enable KVMI_EVENT_BREAKPOINT and KVMI_EVENT_DESCRIPTOR, you might get a lot of events when the guest starts. For the second one we might filter out the read events in the future (intercepting only the write accesses).
|
|
||
| #include "libvmi.h" | ||
|
|
||
| extern const reg_t msr_all[]; |
There was a problem hiding this comment.
@tklengyel I also wanted your review about moving msr-index out of the Xen driver, to be used by KVM as well.
I had to declare the arrays as extern to use them multiple times in the code, and give them an implementation in libvmi/msr-index.c
| } | ||
|
|
||
| static status_t | ||
| process_msr(vmi_instance_t vmi, struct kvmi_dom_event *kvmi_event) |
There was a problem hiding this comment.
@tklengyel a naïve implementation of event handlers that I choose:
- fill the libvmi event with
fill_ev_common_kvmi_to_libvmi() - call the user callback with
call_event_callback() - declare the kvmi reply struct
- process the callback response with
process_cb_response()
As you have written the Xen driver, you may have suggestions how the code should be structured, which helpers should be used, etc.
| @@ -52,6 +53,9 @@ | |||
| #include <sys/time.h> | |||
| #include "driver/kvm/include/kvmi/libkvmi.h" | |||
|
|
|||
| /* | |||
| * Helpers | |||
| */ | |||
| static uint32_t | |||
| translate_msr_index(int index, int *err) { | |||
There was a problem hiding this comment.
this function will be removed thanks to msr-index array:
https://github.com/KVM-VMI/libvmi/pull/9/files#diff-a342220ea96575ee149235454636ce4eR55
|
Once this will be approved and merged in |
|
pinging also @smaresca, if he is interested for a review 👋 |
|
@Wenzel thanks! Will take a look |
|
@Wenzel I would suggest moving the events code out of |
|
@tklengyel this has been done already, it's in a future PR, after a rebase on V6. |
|
@tklengyel , @smaresca actually I'm waiting for this one to be merged to publish my other PR based on v6. How do you feel so far about this one ? |
|
@mtarral I had some time over the weekend to set up a test environment. I'll have specific feedback tonight/tomorrow. |
|
@smaresca thanks for the feedback. |
|
@smaresca how did it go ? |
|
Rebased on latest |
only handles CR3 events
|
@smaresca , @tklengyel since I published the v6 PR, which is cleaner because the events are splitted and it uses the new libkvmi API to control events (which is better), I'm inclined to merge this one and focus on v6. |
Hi,
this PR adds basic event support for
CRMSRmemoryinterrupt (int 3)Implementation
Details
no event response logic is implemented ATM, simply reply to continue execution
kvm_set_reg_accessCR0/CR3/CR4MSR_ANY, where the MSR index is specified inreg_event.msrfieldMSR_ALLby looping over all MSRs in Libvmi MSR indexmsr_allCR0/CR3/CR4kvmi equivalent reg values are hardcodedVMI_REGACCESS_RandVMI_REGACCESS_RWnot supported (?)MSR_HYPERVISOR:0x40000000goto error_exit), it disables everything, but without checking the return value. (any ideas how to improve that ?)msr-event-examplekvm_set_intr_accesskvmi_control_eventsfor every VCPU, enabling breakpint, or disabling everythingkvm_set_mem_accessstaticvariable, and checks it to enableKVMI_EVENT_PF_FLAGon the first call, if necessary, this avoids to enable them atkvm_init_vmi, even though the app might never use them. What do you think ?VMI_MEMACCESS_NandVMI_MEMACCESS_RWXare the same (is it though ?)12shift to get a gpa from agfnkvm_events_listenFor all events i'm assigning a pointer to a
x86_regsstruct from the stack,and call
fill_ev_common_kvmi_to_libvmito fill the regs.-> Any suggestions of how this should be done ?
process_registernot handled because it doesn't work for CR3 when i tested :-)
process_msrreg_eventout_accessprocess_interrupt12interrupt_eventvectortypeinsn_lengthhere ?INT_NEXTinterrupts ?process_pagefault12mem_eventvalidgptwprocess_pause_eventkvm_resume_vmshould pop this type of eventkvm_init_vmiVMI_INIT_EVENTSNotes
msr-index.hhas been moved fromlibvmi/driver/xen/tolibvmimsr_to_strarrayIssues
CR3doesn't work as I expected (at context switch) (fix in Kvmi v6 kvm#21)Future
Fixes
V6
Rebase on #8
cc @mdontu, @adlazar, @tklengyel
Thanks.