Dear KVM maintainers, As I'm preparing a talk about the new introspection API proposed by BitDefender, that you are currently reviewing, I wanted to better understand your opinion and goals on offering VMI on KVM. I'm asking you this because today, there is no consensus that hypervisor vendors should provide this type of API and what benefits they might get. Looking at the hypervisor support, we have the following situation: - Xen: upstream since 2011 (and even before) - KVM: patches under review since 2017 - VirtualBox: unofficial patches available, no interest for integration and support by Oracle - VMware: no public interest - Hyper-V: no public interest Therefore I would like to better understand your point of view about this technology: - What are the concrete benefits for the KVM community ? - What are your targeted users or use case ? (enabling OS research, advanced debugging, malware analysis, live forensics, OS hardening, cloud monitoring ?) - What's your vision about this technology, considering that new trends like AMD's Secure Encrypted Virtualization and Intel's SGX wants to lock down the VM state, even for the hypervisor underneath ? Note: The title of my talk is "Leveraging KVM as a debugging platform". I have been working on LibVMI to rewrite the KVM driver[1], and I built a GDB stub on top of it, improved with introspection capabilities to understand the execution context.[2] I'm planning to present a demo of my debugger running on top of KVM, and debugging user processes. Note2: I will be at the next KVM Forum, in Lyon, and I would be delighted to continue our discussions in person ! [1] KVM-VMI: https://github.com/KVM-VMI/kvm-vmi [2] pyvmidbg: https://github.com/Wenzel/pyvmidbg Thanks, Mathieu Tarral
