From: Adalbert Lazar <alazar@xxxxxxxxxxxxxxx> Two hypercalls (KVM_HC_MEM_MAP, KVM_HC_MEM_UNMAP) are used by the introspection tool running in a VM to map/unmap memory from the introspected VM-s. The third hypercall (KVM_HC_XEN_HVM_OP) is used by the code residing inside the introspected guest to call the introspection tool and to report certain details about its operation. For example, a classic antimalware remediation tool can report what it has found during a scan. Signed-off-by: Mircea Cîrjaliu <mcirjaliu@xxxxxxxxxxxxxxx> Signed-off-by: Nicușor Cîțu <ncitu@xxxxxxxxxxxxxxx> --- arch/x86/kvm/x86.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 271028ccbeca..9a3c315b13e4 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -6333,7 +6333,8 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) r = kvm_skip_emulated_instruction(vcpu); - if (kvm_hv_hypercall_enabled(vcpu->kvm)) + if (kvm_hv_hypercall_enabled(vcpu->kvm) + && !kvmi_is_agent_hypercall(vcpu)) return kvm_hv_hypercall(vcpu); nr = kvm_register_read(vcpu, VCPU_REGS_RAX); @@ -6371,6 +6372,16 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu) ret = kvm_pv_clock_pairing(vcpu, a0, a1); break; #endif + case KVM_HC_MEM_MAP: + ret = kvmi_host_mem_map(vcpu, (gva_t)a0, (gpa_t)a1, (gpa_t)a2); + break; + case KVM_HC_MEM_UNMAP: + ret = kvmi_host_mem_unmap(vcpu, (gpa_t)a0); + break; + case KVM_HC_XEN_HVM_OP: + kvmi_hypercall_event(vcpu); + ret = 0; + break; default: ret = -KVM_ENOSYS; break;
