On 2017-06-16 15:43, Adalbert Lazar wrote: > This patch series proposes an interface that will allow a guest > introspection tool to monitor and control other guests, in order to > protect them against different forms of exploits. This type of interface > is already present in the XEN hypervisor. > > With the current implementation, the introspection tool connects to > the KVMi (the introspection subsystem from KVM) using a vsock socket, > establishes a main communication channel, used for a few messages > (KVMI_EVENT_GUEST_ON, KVMI_EVENT_GUEST_OFF, KVMI_GET_GUESTS and > KVMI_GET_VERSION). > > Every KVMI_EVENT_GUEST_ON notification, makes the introspection tool > establish a new connection, used to monitor and control that guest. > What prevented building this on top of the already existing guest debug interfaces of KVM, maybe extending it where needed? Could be win-win. Also, this looks like as if it can easily work against the userspace part of the hypervisor - bad idea. API/ABI documentation is missing. Did you check if the concept is portable to other architectures? Another reason to try hard to reuse existing interfaces. Last but not least: LGPL slipped into your kernel parts - the kernel is GPL. Jan -- Siemens AG, Corporate Technology, CT RDA ITP SES-DE Corporate Competence Center Embedded Linux
