On 09/08/19 17:59, Adalbert Lazăr wrote: > > Patches 1-20: unroll a big part of the KVM introspection subsystem, > sent in one patch in the previous versions. > > Patches 21-24: extend the current page tracking code. > > Patches 25-33: make use of page tracking to support the > KVMI_SET_PAGE_ACCESS introspection command and the KVMI_EVENT_PF event > (on EPT violations caused by the tracking settings). > > Patches 34-42: include the SPP feature (Enable Sub-page > Write Protection Support), already sent to KVM list: > > https://lore.kernel.org/lkml/20190717133751.12910-1-weijiang.yang@xxxxxxxxx/ > > Patches 43-46: add the commands needed to use SPP. > > Patches 47-63: unroll almost all the rest of the introspection code. > > Patches 64-67: add single-stepping, mostly as a way to overcome the > unimplemented instructions, but also as a feature for the introspection > tool. > > Patches 68-70: cover more cases related to EPT violations. > > Patches 71-73: add the remote mapping feature, allowing the introspection > tool to map into its address space a page from guest memory. > > Patches 74: add a fix to hypercall emulation. > > Patches 75-76: disable some features/optimizations when the introspection > code is present. > > Patches 77-78: add trace functions for the introspection code and change > some related to interrupts/exceptions injection. > > Patches 79-92: new instruction for the x86 emulator, including cmpxchg > fixes. Thanks for the very good explanation. Apart from the complicated flow of KVM request handling and KVM reply, the main issue is the complete lack of testcases. There should be a kvmi_test in tools/testing/selftests/kvm, and each patch adding a new ioctl or event should add a new testcase. Paolo
