MicroV: initial support for introspection #58
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Buildroot is used to cross-compile LibVMI with its dependencies and
to produce the bzImage and rootfs.
The following definitions were added:
- `VOLATILITY_PROFILE_PATH`
- `REKALL_PROFILE_PATH`
- `ENABLE_BUILD_EXAMPLES`
To build the LibVMI VM example, one needs to first create a profile of
the host kernel with rekall or volatility and provide its path during
cmake configuration time. Information to generate a profile can be found
in the LibVMI repo or in the DRAKVUF website. e.g.:
```
cmake ../hypervisor -DCACHE_DIR=/tmp/boxy_cache \
-DENABLE_BUILD_EXAMPLES=ON \
-DREKALL_PROFILE_PATH=<path_to_profile.json>
make
```
The LibVMI process list example can be run as follows:
```
./prefixes/x86_64-userspace-elf/bin/bfexec \
--bzimage --path prefixes/vms/buildroot/bzImage \
--initrd prefixes/vms/buildroot/rootfs.cpio.gz --uart=0x3F8 \
--verbose --size=0x8000000 \
--cmdline="vmi=/usr/bin/vmi-process-list,-n,dom0"
```
Notes:
Vmilinux provides vmi-init, an init app that can start an application
with arguments. It does so by parsing the kernel cmdline.
vmi-init can also be compiled with statically in order to be the only
application running as init. In this case, vmi-init does some pre main
work to populate main args and properly calls the linked main, with no
extra work needed from the linked application.
On Windows, Vagrant can be used to generate the guest VM.
To facilitate libvmi development, one can use the following buildroot
options:
- `BR2_LIBVMI_DEBUG=y` enable libvmi debug definitions
- `BR2_LIBVMI_PATH=<path>` use local copy of libvmi directory when set
Implement Windows intrinsics for the MicroV specification: - _mv_cpuid - _mv_handle_op_open_handle - _mv_handle_op_close_handle - _mv_vm_properties_op_set_e820 Add initial VMM support for the MicroV specification: - mv_vm_state_op_gva_to_gpa - mv_vm_state_op_map_range - mv_vm_state_op_unmap_range - mv_vp_state_op_reg_val - mv_vp_state_op_msr_val Fixes: - Fix close_handle index - Fix gva_to_gpa to return the correct invalid param - Fix formatting
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Commit 51839d9 of this PR implements the following MicroV hypercalls needed for introspection as defined in the MicroV specification:
mv_vm_state_op_gva_to_gpamv_vm_state_op_map_rangemv_vm_state_op_unmap_rangemv_vp_state_op_reg_valmv_vp_state_op_msr_valI have also added a LibVMI VM example in d8e66c9 by adding MicroV support in LibVMI and by using Buildroot to build a tiny Linux VM (also needed to cross-compile LibVMI).