On Tue, 28 Apr 2020 14:43:20 +0100, "Dr. David Alan Gilbert"
wrote:
> * Adalbert Lazăr (ala...@bitdefender.com) wrote:
> > One use case is to do VM introspection all the time the guest is running.
> > From the user perspective, the pause/suspend/shutdown/snapshot/migrate
On Tue, 28 Apr 2020 13:24:39 +0100, "Dr. David Alan Gilbert"
wrote:
> * Adalbert Lazăr (ala...@bitdefender.com) wrote:
> > On Mon, 27 Apr 2020 20:08:55 +0100, "Dr. David Alan Gilbert"
> > wrote:
> > > * Adalbert Lazăr (ala...@bitdefen
On Mon, 27 Apr 2020 20:08:55 +0100, "Dr. David Alan Gilbert"
wrote:
> * Adalbert Lazăr (ala...@bitdefender.com) wrote:
> > From: Marian Rotariu
> >
> > It is possible that the introspection tool has made some changes inside
> > the introspected VM
On Wed, 15 Apr 2020 16:11:14 +0200, Markus Armbruster wrote:
> Adalbert Lazãr writes:
>
> > On Wed, 15 Apr 2020 12:37:34 +0200, Marc-André Lureau
> > wrote:
> >> Hi
> >>
> >> On Wed, Apr 15, 2020 at 3:00 AM Adalbert Lazăr
> >> wrot
On Wed, 15 Apr 2020 12:56:18 +0200, Marc-André Lureau
wrote:
> On Wed, Apr 15, 2020 at 3:07 AM Adalbert Lazăr wrote:
> >
> > This is used by the VM introspection object, after handshake, to hand
> > over the file descriptor to KVM.
> >
> > CC: "Mar
On Wed, 15 Apr 2020 12:46:57 +0200, Marc-André Lureau
wrote:
> Hi
>
> On Wed, Apr 15, 2020 at 3:03 AM Adalbert Lazăr wrote:
> >
> > This is used by the VM introspection object to check if the connection
> > will be reestablished in case it disconnects from some rea
On Wed, 15 Apr 2020 12:43:31 +0200, Marc-André Lureau
wrote:
> Hi
>
> On Wed, Apr 15, 2020 at 3:00 AM Adalbert Lazăr wrote:
> >
> > The introspection tool can run in a separate VM and the introspected
> > VM will establish a connection using a virtual socket.
>
On Wed, 15 Apr 2020 12:37:34 +0200, Marc-André Lureau
wrote:
> Hi
>
> On Wed, Apr 15, 2020 at 3:00 AM Adalbert Lazăr wrote:
> >
> > qmp_chardev_open_socket() ignores the absence of the 'server' argument
> > and always switches to listen/server mode.
&g
There are cases when the access to an introspected VM must be limited
to certain introspection commands/events.
Signed-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c | 86 ++---
1 file changed, 74 insertions(+), 12 deletions(-)
diff --git a/accel/kvm
_cont() doesn't wait for the STOP event. save_vm()
is called right after qmp_stop() returns OK. What we do is postpone
this OK response until the introspection tools finishes the unhook
process.
CC: Markus Armbruster
Signed-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c
the
introspection socket, if active. QEMU will wait for the introspection tool
to let the VM run without being introspected and close the socket.
While the guest is suspended, the socket reconnection is disabled.
CC: Markus Armbruster
Signed-off-by: Marian Rotariu
Signed-off-by: Adalbert Lazăr
Some introspection tools can detect when the guest is shutting down.
This new option, 'unhook_on_shutdown' controls if QEMU will notify the
introspection tool on a shutdown command at its level.
Signed-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c | 25 +
1 file c
The introspection tool can be authenticated if the 'key' parameter is
set with the ID of a secret object holding a shared secret between the
introspection tool and QEMU of the introspected VM.
Signed-off-by: Adalbert Lazăr
---
accel/kvm/
.
Signed-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c | 38 ++
1 file changed, 38 insertions(+)
diff --git a/accel/kvm/vmi.c b/accel/kvm/vmi.c
index 01034d460e..bee9798e54 100644
--- a/accel/kvm/vmi.c
+++ b/accel/kvm/vmi.c
@@ -57,6 +57,7 @@ typedef struct
QEMU sends the name, the UUID and the VM start time and expects the
hash of a secret shared with the introspection tool that can be used to
authenticate it.
Signed-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c| 290 +
include/sysemu/vmi-handshake.h
From: Marian Rotariu
On shutdown, it is desirable that the introspection tool removes
its changes from the introspected VM, so that they don't reach the
hibernation file.
CC: Markus Armbruster
Signed-off-by: Marian Rotariu
Signed-off-by: Adalbert Lazăr
---
accel/kvm/
: Markus Armbruster
Signed-off-by: Marian Rotariu
Signed-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c| 6 ++
include/sysemu/vmi-intercept.h | 2 ++
monitor/qmp-cmds.c | 4
3 files changed, 12 insertions(+)
diff --git a/accel/kvm/vmi.c b/accel/kvm/vmi.c
index
from the introspected VM.
CC: Juan Quintela
CC: "Dr. David Alan Gilbert"
Signed-off-by: Marian Rotariu
Signed-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c| 31 +++
include/sysemu/vmi-intercept.h | 1 +
migration/migration.c
ub.com/KVM-VMI/kvm-vmi
[3]: https://github.com/libvmi/libvmi
Adalbert Lazăr (20):
chardev: tcp: allow to change the reconnect timer
char-socket: allow vsock parameters (cid, port)
char-socket: fix the client mode when created through QMP
char-socket: add 'reconnecting' property
ch
The introspection tool can use the e820 table to avoid accessing
(read/write) or modifying access (rwx) for reserved memory pages.
Signed-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c| 68 ++
include/sysemu/vmi-handshake.h | 23 +++-
2 files
By having a timer during handshake, the blocked connections can be
restored.
Signed-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c | 66 -
1 file changed, 65 insertions(+), 1 deletion(-)
diff --git a/accel/kvm/vmi.c b/accel/kvm/vmi.c
index 57ded2f69c
t the end of this unhook process in the time specified by the
unhook_timeout property, QEMU will shutdown the socket.
Signed-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c | 33 +
1 file changed, 33 insertions(+)
diff --git a/accel/kvm/vmi.c b/accel/kvm/vmi.c
This is used to initiate the connection with the introspection tool and
hand over the file descriptor to KVM. The object needs a chardev socket
(in client mode) created with the 'reconnect' property set.
CC: Paolo Bonzini
Signed-off-by: Marian Rotariu
Signed-off-by: Adalbert Lazăr
ned-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/accel/kvm/vmi.c b/accel/kvm/vmi.c
index 1f3aff3bfe..e511558f3d 100644
--- a/accel/kvm/vmi.c
+++ b/accel/kvm/vmi.c
@@ -20,6 +20,7 @@
#include "crypto/hash.h"
#include "
This is used by the VM introspection object, after handshake, to hand
over the file descriptor to KVM.
CC: "Marc-André Lureau"
CC: Paolo Bonzini
Signed-off-by: Adalbert Lazăr
---
chardev/char-socket.c | 18 ++
1 file changed, 18 insertions(+)
diff --git a/ch
From: Marian Rotariu
Signed-off-by: Marian Rotariu
Signed-off-by: Adalbert Lazăr
---
qemu-options.hx | 76 +
1 file changed, 76 insertions(+)
diff --git a/qemu-options.hx b/qemu-options.hx
index 16debd03cb..6c5618e310 100644
--- a/qemu
From: Marian Rotariu
The guest could be reset from various reasons and by disconnecting the
socket (which would reconnect), KVM and the introspection tool will be
notified and can clean up the introspection structures.
Signed-off-by: Marian Rotariu
Signed-off-by: Adalbert Lazăr
---
accel/kvm
introspection tool, which will try to hook the VM again,
assuming that the pause/suspend/migration operation has ended.
With this new feature, we can suspend the reconnection.
CC: "Marc-André Lureau"
CC: Paolo Bonzini
Signed-off-by: Adalbert Lazăr
---
chardev/char-fe.c | 11 ++
the session is over. As such, it is very important
that the socket will reconnect.
CC: "Marc-André Lureau"
CC: Paolo Bonzini
Signed-off-by: Adalbert Lazăr
---
chardev/char-socket.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/chardev/char-socket.c b/chardev/cha
Signed-off-by: Adalbert Lazăr
---
linux-headers/linux/kvm.h | 20
1 file changed, 20 insertions(+)
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 265099100e..4e5d390640 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
Because only one introspection tool must introspect a VM at a given time,
we block the completion of the second instance.
Signed-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c | 26 ++
1 file changed, 26 insertions(+)
diff --git a/accel/kvm/vmi.c b/accel/kvm/vmi.c
index
qmp_chardev_open_socket() ignores the absence of the 'server' argument
and always switches to listen/server mode.
CC: "Marc-André Lureau"
CC: Paolo Bonzini
Signed-off-by: Adalbert Lazăr
---
chardev/char-socket.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
"
CC: Marcel Apfelbaum
Signed-off-by: Adalbert Lazăr
---
hw/i386/e820_memory_layout.c | 12
hw/i386/e820_memory_layout.h | 2 ++
2 files changed, 14 insertions(+)
diff --git a/hw/i386/e820_memory_layout.c b/hw/i386/e820_memory_layout.c
index bcf9eaf837..a875e9e326 100644
---
channel.
Signed-off-by: Adalbert Lazăr
---
accel/kvm/vmi.c | 8
1 file changed, 8 insertions(+)
diff --git a/accel/kvm/vmi.c b/accel/kvm/vmi.c
index f456ca56ef..2ce8a60565 100644
--- a/accel/kvm/vmi.c
+++ b/accel/kvm/vmi.c
@@ -151,11 +151,19 @@ static bool chardev_is_connected
The introspection tool can run in a separate VM and the introspected
VM will establish a connection using a virtual socket.
CC: "Marc-André Lureau"
CC: Paolo Bonzini
Signed-off-by: Adalbert Lazăr
---
chardev/char-socket.c | 27 ---
chardev/char.c|
35 matches
Mail list logo
