Hi Konrad, On Wed, 2017-07-12 at 10:09 -0400, Konrad Rzeszutek Wilk wrote: > On Fri, Jul 07, 2017 at 05:34:15PM +0300, Adalbert Lazar wrote: > > The following patch adds the documentation for an introspection subsystem for > > KVM (KVMi). It details the purpose and the use case that has shaped the > > proposed API/ABI, as well as the wire protocol. > > > > During the discussion that has developed around our previous RFC patchset a > > number of TODO-s have been highlighted: > > > > * the integration in qemu: a socket-based protocol used to initiate the > > connection with an introspection tool and then passes control to KVM, the > > in-kernel mechanism taking over from there; > > > > * the integration of the SPT-handling mechanism into the KVM MMU; > > > > * the elaboration of a set of policies and a mechanism to better control > > this feature; > > > > One bit of code that has passed (maybe) unnoticed in the RFC is a new > > function added to Linux' mm called vm_replace_page() which, much like KSM's > > replace_page(), gets two processes to share a page (read-write, no-COW): > > > > https://marc.info/?l=kvm&m=149762056518799&w=2 > > > > This is used to quickly scan and patch the guest software. > > > > The patch following this cover letter does not yet address the points above > > but aims to clear with the community the overall ABI/API, with a focus on > > x86. > > Are there thoughts on making this work with libvmi? Or would this > interface be used by a paid product? We have not looked at how we would go about adding support for this API in libvmi, but a quick look tells me a driver shouldn't be that hard to write. We are, however, looking at publishing the sources for a small library called libkvmi that would expose an easy-to-use interface and on top of which we will add support for KVM VMI in: https://github.com/razvan-cojocaru/libbdvmi Other than that, the major user will indeed be a commercial product that, right now, uses Xen's VMI infrastructure: https://citrixready.citrix.com/bitdefender/bitdefender-hypervisor-introspection.html Thanks, > > v2: > > - add documentation and ABI [Paolo, Jan] > > - drop all the other patches for now [Paolo] > > - remove KVMI_GET_GUESTS, KVMI_EVENT_GUEST_ON, KVMI_EVENT_GUEST_OFF, > > and let libvirt/qemu handle this [Stefan, Paolo] > > - change the license from LGPL to GPL [Jan] > > - remove KVMI_READ_PHYSICAL and KVMI_WRITE_PHYSICAL (not used anymore) > > - make the interface a little more consistent > > > > Adalbert Lazar (1): > > kvm: Add documentation and ABI/API header for VM introspection > > > > Documentation/virtual/kvm/kvmi.rst | 985 +++++++++++++++++++++++++++++++++++++ > > include/uapi/linux/kvmi.h | 310 ++++++++++++ > > 2 files changed, 1295 insertions(+) > > create mode 100644 Documentation/virtual/kvm/kvmi.rst > > create mode 100644 include/uapi/linux/kvmi.h > > -- Mihai Donțu
