qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] kill /destroy a VM - help


From: Alexander Binun
Subject: Re: [Qemu-devel] kill /destroy a VM - help
Date: Thu, 6 Mar 2014 12:31:32 +0200 (IST)

Thanks for the rapid answer !

On Thu 06 Mar 12:22 2014 Stefan Hajnoczi wrote:
> On Wed, Mar 05, 2014 at 06:35:18PM +0200, Alexander Binun wrote:
> > Now we encountered yet one problem: Our security module (which is a LKM) 
> > performs security check and, when suspecting malicious activity at a VCPU,  
> > must suspend or even kill this VM. The problem is: how to suspend/kill a 
> > VCPU ?
> > 
> > We have taken the following approach: 
> >     1. Accessing the VM list (struct list_head vms_list ) through the 
> > kallsyms interface 
> >     2. Iterating through VMs, reaching every VCPU (as a structure struct 
> > kvm_vcpu *vcpu)
> >     3. Running security check on every such structure. That is we were 
> > seeking for a function like cpu_reset(struct kvm_vcpu*vcpu)
> > 
> > The following "reset funtions" were so far tried (taken from kvm_host.h)
> >    1. kvm_vcpu_uninit and kvm_x86_ops->vcpu_free. These cause the whole 
> > system (both host and guest OSs) hang.
> >    2. kvm_vcpu_reset and kvm_arch_vcpu_free lead to the linker error  
> > "Warning! Function undefined". 
> > 
> > Which "reset function" could you recommend ?
> 
> The simplest thing to kill a VM is to send SIGTERM to the QEMU process
> (the process that contains the vcpu thread).

Then - more questions :
   1. How can I access the Qemu process (relevant to a given VM) from within in 
the kernel context (being in a kernel module) ?
   2. Should I uninitialize some internal structures for the VM being killed ?
   3. My module detects malicious activities at a VCPU. How can one get the VM 
owning this VCPU ?

Thanks,
  the team 


> Stefan
> 







reply via email to

[Prev in Thread] Current Thread [Next in Thread]