-
Mathieu Tarral authored
* kvm: add debug output * kvm: read FS_BASE and GS_BASE * kvm: get VCPU count via KVMI instead of libvirt * kvm: replace virDomainSuspend/Resume by kvmi calls * kvm: store expected_pause_count in kvm_instance for resume * kvm: use errprint instead of dbprint in kvm_resume_vm * kvm: wait 1s for pause events in kvm_resume_vm * kvm: use errprint instead of dbprint in kvm_pause_vm * kvm: impl kvm_request_page_fault * cmake: make events.h as public header for KVM * kvm: add kvm_set_reg_access only handles CR3 events * kvm: add kvm_events_listen * events: add KVM support at event_init * kvm: check access type in kvm_set_reg_access * examples: add cr3-load example * kvm: use errprint instead of dbprint in kvm_set_reg_access * kvm: add debug output in kvm_set_reg_access * kvm: add support for CR0/CR4 in kvm_set_reg_access * kvm: add safety checks in kvm_set_reg_access * kvm: handle MSR_STAR in kvm_set_reg_access * kvm: add safety checks in kvm_events_listen * kvm: add dispatcher to process events in their own handlers * kvm: add basic event handler for registers (CR/MSR) * kvm: add empty impl for kvm_set_intr_access * kvm: impl kvm_set_intr_access * kvm: add basic process_interrupt handler * example: update interrupt event to accept KVM * kvm: fill libvmi event and call user callback in process_interrupt * example: renamed cr3 example, use vmi_init * kvm: add kvm_set_mem_access * kvm: add safety checks in kvm_set_mem_access * kvm: add basic handler for KVMI_EVENT_PF * kvm: add handler for pause events and report errors * example: add mem-event-example * kvm: handle read access in kvm_set_mem_access * kvm: fix gpa argument in kvmi_set_page_access call * kvm: enable PF events at first call in kvm_set_mem_access * kvm: reset original page permissions on failure * kvm: impl process_pagefault handler * example: add logging mem-event-example's callback * kvm: add basic event response handler * kvm: remove commented code in kvm_events_listen * kvm: set default event response as continue * moved msr-index.h under libvmi * msr-index: add array to convert MSR index to string * examples: add support for kvmi socket in msr-event-example * examples: improve error handling in msr-event-example * examples: use vmi_init in msr-event-example * kvm: add basic handler for MSR events * examples: print values using PRI notation in msr-event-example * kvm: impl MSR event handler * kvm: add comments * kvm: add debug output * kvm: print errno message when kvmi calls failed * kvm: handle MSR_ANY * kvm: add TODOs * kvm: set mem_event gfn in process_pagefault * kvm: use specific reply structs instead of the generic one * kvm: write kvmi event MSR value in MSR event reply * examples: fix warnings for unused parameters * driver/kvm: update libkvmi to v6 optimize on receive and send messages use sendmsg() instead of send() add iobuf when reading from socket add some functions kvmi_memory_mapping() kvmi_check_command() kvmi_check_event() kvmi_get_mtrr_type() remove vcpu parameter from some commands set_page_access, set_page_write_bitmap ... replace kvmi_inject_page_fault() with kvmi_inject_exception() use vector=14 add batch messages Send multiple messages with one syscall. Eg. KVMI_SET_PAGE_ACCESS(oneway)+KVMI_SET_REGISTERS(oneway)+KVMI_EVENT_REPLY use timeouts on all socket operations accept command replies from older/newer versions of KVMI (kernel side) replaced MAP_SHARED with MAP_PRIVATE when using remote mapping There is no need to share the mappings created via introspection engine requests. Signed-off-by:Cătălin Marian Pichiu <cpichiu@bitdefender.com> Signed-off-by:
Mihai Donțu <mdontu@bitdefender.com> Signed-off-by:
Nicușor Cîțu <ncitu@bitdefender.com> Signed-off-by:
Adalbert Lazăr <alazar@bitdefender.com> Signed-off-by:
Ștefan Sicleru <ssicleru@bitdefender.com> * kvm: use libkvmi v6 API * kvm: remove hardcoded page shift * kvm: replace translate_msr_index by msr_index array * kvm: split driver to put events into its own module * kvm: remove libvirt call to get max physical address * kvm: move monitoring of CR/MSR at driver init/destroy * kvm: add handler for control register events * examples: add output in cr3-event-example * cmake: add comment * kvm: put legacy driver code in kvm_legacy.c * kvm: put functions shared by both drivers in kvm_common.c * examples: use alloca to allocate init_data By declaring a struct init_data_t on the stack and accessing the variable-length array, we were in fact overwriting a small amount of memory, since the array's default size is 0, not 1 as I first thought * README: update KVM support section * kvm: deprecate g_malloc0 for g_try_malloc0 * kvm: check g_try_malloc in kvm_legacy * astyle: fix examples * kvm: fix unused uuid parameter for release build * kvm: check g_try_malloc in kvm_legacy * astyle: fix examples * kvm: fix unused uuid parameter for release build * kvm: refactor local include * kvm: rename KVM_LEGACY_DRIVER define to ENABLE_KVM_LEGACY * autotools: integrate KVM driver * fix astyle * kvm: remove libkvmi sources * kvm: update kvmi header * cmake: link KVM driver with libkvmi * autotools: link KVM driver with libkvmi * cmake: configure config.h after processing libvmi subdir * travis: install libkvmi for all tests * travis: add tests for KVM legacy driver * travis: fix astyle command line too long * travis: remove kvm git clone before test starts * kvm: add dynamic loading for libkvmi * kvm: add debug statement * examples: adapt some examples to new KVM driver * examples: add README * kvm: fix astyle * travis: fix KVM legacy build with autotools * autotools: fix KVM legacy driver build * set_page_access's last argument should be array size * kvm: fix license info msr-index libkvmi_wrapper * examples: prefer malloc/free to alloca * examples: fix binary names in README * examples: fix some examples and return 1 in case of failure * kvm: fix dlclose of qemu handle in kvm_destroy * kvm: fix memory leak in kvm_test * examples: modify all examples to be compatible with KVMi * examples: free init_data entry string * kvm: speedup a function by avoiding double dereference * kvm: retrieve more MSRs registers in get_kvmi_registers * kvm: allow to specify a new value for register events * kvm: set default out_access to VMI_REGACCESS_W for MSR events * kvm: fix memory leak in kvm_events_listen * kvm: handle pause events in vmi_events_listen when timeout is 0 * kvm: move event action in event handlers * kvm: handle interrupt reinjection * kvm: fix freeing structs on error in kvm_init_vmi and kvm_destroy * examples: initialize all variables * core: free vmi_instance on failure in vmi_init_complete * kvm: fix msr array size in get_kvmi_registers * kvm: get registers from specified VCPU instead of 0 * kvm: add support for SET_EMUL_READ_DATA only for mem_access events * examples: add fool-patchguard * examples: update README * kvm: add support for RESPONSE_SET_REGISTERS * kvm: print UUID in KVMi new guest callback * kvm: add empty handshake callback * kvm: lookup kvmi_connection_fd address in libkvmi_wrapper * kvm: print FD in new_guest callback * kvm: close previous connection if it exists * kvm: load kvmi_get_version symbol * kvm: display KVMi version in new_guest callback * kvm: load kvmi_set_log_cb symbol in libkvmi * kvm: redirect kvmi_log to libvmi * kvm: renaming callback * kvm: refactor and rename fill_ev_common_kvmi_to_libvmi new name: kvmi_regs_to_libvmi now it accepts registers structs instead of events moved to kvm.c * kvm: fill all general and segment registers in kvm_get_vcpuregs * gitignore: visual studio code * kvm: moved kvm_get_vcpureg for consistency * kvm: remove redundant get_kvmi_registers function * kvm: remove irrelevant TODO * kvm: add Libvmi API implementation status in new README * kvm: add implement event response * kvm: handle descriptor events * examples: add descriptor-event-example * kvm: MSR_HYPERVISOR is now supported by KVMi * kvm: load kvmi_get_tsc_speed symbol in libkvmi_wrapper * kvm: refactor kvm.h * kvm: fetch TSC in gtsc_khz * kvm: add debug output when destroying KVM driver * kvm: fix astyle * kvm: fix release build * travis: clone kvm in /tmp to avoid breaking astyle test * kvm: fixed variable length buffer in new_guest_cb * autotools: remove reference to msr-index.h which has been moved * autotools: add kvm_events.h needed for make dist target * travis: use install in make dist test as before_install is already used * kvm: add monitor_crx_on to track if a Control Register is enabled * kvm: cleanup CR0/3/4 monitoring on destroy * kvm: improve kvm_set_reg_access debug output * kvm: track state of MSR_ALL * kvm: cleanup MSR_ALL monitoring on destroy * kvm: remove 'Done' in debug messages * kvm: track state of INTR * kvm: cleanup INT3 on destroy * kvm: track state of descriptor monitoring * kvm: cleanup descriptor monitoring on destroy * kvm: move descriptor monitoring debug output * kvm: pause and resume VM while destroying events * kvm: cleanup event queue on destroy * kvm: fix typo in debug output * kvm: remove comment * kvm: move PF interception at driver init * kvm: improve kvmset_mem_access debug output * kvm: restore all page permissions when access is VMI_MEMACCESS_N * kvm: add kvm_get_next_event helper function * kvm: do not call event handler on shutdown * kvm: increase debug output of PAUSE_VCPU events * kvm: free kvmi_dom_event after processing * kvm: reset kvmi_dom_event in kvm_events_listen loop * kvm: silence unused variables when debug output is disabled * travis: rework astyle command line * examples: fix copyright in cr3-event-example * travis: install libkvmi only for KVM tests based on new driver * kvm: update libkvmi_wrapper existing signatures to v7 * kvm: remove kvmi_get_page_access from libkvmi_wrapper * kvm: adapt kvm_set_mem_access to KVMi-v7 * kvm: load kvmi_spp_support * kvm: load kvmi_spp_support * kvm: load kvmi_vmfunc_support * kvm: load kvmi_eptp_support * kvm: query and display supported KVMi features * kvm: refactor new_guest_cb display * kvm: display VM name in handshake * kvm: display VM start time in handshake * kvm: load kvmi_control_singlestep in libkvmi_wrapper * kvm: impl kvm_start/stop_single_step * kvm: add single step event handler * examples: fix typo in singlestep-event * kvm: enable singlestep monitoring at driver init * kvm: impl shutdown_single_step_ptr * kvm: add debug output * libvmi: fix astyle * kvm: shutdown singlestep on driver destroy * examples: enable singlestep on all VCPUs for singlestep-event-example * kvm: fill reply struct in process_singlestep * kvm: handle vmi shutdown in process_singlestep * kvm: always call handler in vmi_events_listen * kvm: load kvmi_get_pending_events in libkvmi_wrapper * kvm: add kvm_are_events_pending * kvm: fix segfault in kvm_destroy * kvm: display full path to libkvmi.so * kvm: track singlestep state for each VCPU * kvm: handle TOGGLE_SINGLESTEP event response * examples: add breakpoint-recoil-example * json profiles: recurse down all embedded structs to find field (#924) * json profiles: recurse down all embedded structs to find field * json profiles: moved lines to suppress clang analysis errors * README: update KVM-VMI setup link (#925) * travis: use libkvmi v7 and remove useless clones of KVM repo * README: use kvmi-v7 setup guide * cmake: removed useless module FindLibkvmi now using pkg-config * kvm: fix legacy KVM driver build Co-authored-by:
Mathieu Tarral <mathieu.tarral@ssi.gouv.fr> Co-authored-by:
igor-benevides <igor.benevides@hpe.com> Co-authored-by:
Matt Leinhos <mleinhos@users.noreply.github.com>
