kvm-vmi / qemu Goto Github PK

Fork of QEMU with Virtual Machine Introspection patches

License: Other

Makefile 0.35% C 91.53% C++ 3.09% Haxe 0.83% Objective-C 0.18% Assembly 0.57% Python 1.92% NSIS 0.02% Shell 1.10% Perl 0.42% GDB 0.01% GLSL 0.01%

qemu's Introduction

KVM-VMI

KVM-based Virtual Machine Instrospection.

Overview
Installation
Presentations
References
Maintainers
License

Overview

This project adds virtual machine introspection to the KVM hypervisor.

Virtual Machine Introspection is a technology that aims to understand the guest's execution context, solely based on the VM's hardware state, for various purposes:

Debugging
Malware Analysis
Live-Memory Analysis
OS Hardening
Monitoring
Fuzzing

See the presentations section for more information.

This project is divided into 4 components:

kvm: linux kernel with vmi patches for KVM
qemu: patched to allow introspection
nitro (legacy): userland library which receives events, introspects the virtual machine state, and fills the semantic gap
libvmi: virtual machine instrospection library with unified API across Xen and KVM

At the moment, 2 versions of VMI patches are available for QEMU/KVM in this repository:

Installation

Follow the Setup guide

Presentations

References

The legacy VMI system contained in this repo (Nitro) is based on Jonas Pfoh's work:

Maintainers

@Wenzel

License

GNU General Public License v3.0

qemu's People

Contributors

Stargazers

Watchers

Forkers

liumorgan yanvugenfirer qw0b msgpo lingyuqing11 qboy0000 thomasdangl morenbach frankfanslc mthandazo42 apersonintech bonusplay tomcruiseqi

qemu's Issues

Live migration fails when introspection object exists

When performing a live migration, qemu hits an assert in qemu_mutex_lock_iothread_impl.
This seems to only happen when the machine in question has an introspection object attached.
Apparently, the iothread mutex is already locked at this point.
Unlocking the mutex in migrate_fd_connect before notifier_list_notify and locking it afterwards fixes the issue,
but I'm unsure if this is the "correct" solution.

QEMU log file:

ERROR:/root/build/qemu/cpus.c:1900:qemu_mutex_lock_iothread_impl: assertion failed: (!qemu_mutex_iothread_locked())
Bail out! ERROR:/root/build/qemu/cpus.c:1900:qemu_mutex_lock_iothread_impl: assertion failed: (!qemu_mutex_iothread_locked())
2021-10-01 10:55:21.065+0000: shutting down, reason=crashed

Stacktrace:

/usr/local/bin/qemu-system-x86_64(+0x4188f9)[0x5573c11698f9]
/usr/local/bin/qemu-system-x86_64(notifier_list_notify+0x27)[0x5573c156bbe7]
/usr/local/bin/qemu-system-x86_64(migrate_fd_connect+0x13d)[0x5573c13f739d]
/usr/local/bin/qemu-system-x86_64(migration_channel_connect+0x57)[0x5573c13f8c27]
/usr/local/bin/qemu-system-x86_64(fd_start_outgoing_migration+0xa0)[0x5573c13f7e80]
/usr/local/bin/qemu-system-x86_64(qmp_migrate+0x2d8)[0x5573c13f5208]
/usr/local/bin/qemu-system-x86_64(qmp_marshal_migrate+0x12e)[0x5573c143428e]
/usr/local/bin/qemu-system-x86_64(qmp_dispatch+0x360)[0x5573c1511590]
/usr/local/bin/qemu-system-x86_64(+0x6bb88d)[0x5573c140c88d]
/usr/local/bin/qemu-system-x86_64(monitor_qmp_bh_dispatcher+0x1df)[0x5573c140d12f]
/usr/local/bin/qemu-system-x86_64(aio_bh_poll+0x6c)[0x5573c1558d4c]
/usr/local/bin/qemu-system-x86_64(aio_dispatch+0x20)[0x5573c155c4e0]
/usr/local/bin/qemu-system-x86_64(+0x80796e)[0x5573c155896e]
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x25b)[0x7fd2472ece6b]

Best regards,
Thomas

Improve QEMU monitor protocol

During a discussion @pfohjo mentioned the idea of providing a binary QEMU protocol to improve performance when delivering the Events.

QEMU monitor protocol introduces the overhead of serializing and de-serializing into JSON every single message which is detrimental for our use case.

Maybe the monitor protocol could then be re-built on top of the binary one?

XDR could be a good protocol for example.

Problems with memory-access.h and memory-access.c

In the file called memory-access.h it is mentioned that fuse takes care to mount the guest memory. I have already built the qemu-system - ***, and it creates the domain socket for me when I type the pmemaccess command, and bind it with volatility so that the socket can be exposed. But, I occupy the socat and I don't see the data flow that should go through the socket.

Also occupy the socat without occupying the volatility since the socket created disappears. and the result is the same.

My question is: is there a way to build QEMU but does it recognize fuse? I have installed KALI 2020.3 and it already has fuse (libfuse)

Or what would I miss so that I can see the memory of the guest?

Thanks for your time and response.

Compile error: No rule to make target 'default-configs/pci.mak'

I followed the steps in the web page(https://kvm-vmi.github.io/kvm-vmi/master/setup.html#qemu) and tried to install libvmi, but ran into some problems. My environment is ubuntu 20.04.

I executed this cmd first:
./configure --target-list=x86_64-softmmu --enable-spice --prefix=/usr/local --python=/usr/bin/python2.7

then:

➜  qemu git:(kvmi-v7) ✗ make -j4

  GEN     config-host.h
make[1]: Entering directory '/home/zzc/Desktop/zzc/libvmi/qemu/slirp'
  GEN     trace/generated-tcg-tracers.h
  GEN     trace/generated-helpers-wrappers.h
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/home/zzc/Desktop/zzc/libvmi/qemu/slirp'
  GEN     trace/generated-helpers.h
  GEN     trace/generated-helpers.c
  GEN     module_block.h
  GEN     trace-root.h
  GEN     accel/kvm/trace.h
	CHK version_gen.h
  GEN     accel/tcg/trace.h
  GEN     crypto/trace.h
  GEN     monitor/trace.h
  GEN     authz/trace.h
  GEN     block/trace.h
  GEN     io/trace.h
  GEN     nbd/trace.h
  GEN     scsi/trace.h
  GEN     chardev/trace.h
  GEN     audio/trace.h
  ......
  GEN     hw/dma/trace.c
  GEN     hw/hppa/trace.c
  GEN     hw/i2c/trace.c
  GEN     hw/i386/trace.c
  GEN     hw/i386/xen/trace.c
  GEN     hw/ide/trace.c
  GEN     hw/input/trace.c
  GEN     hw/intc/trace.c
  GEN     hw/isa/trace.c
  GEN     hw/mem/trace.c
  GEN     hw/mips/trace.c
  GEN     hw/misc/trace.c
  GEN     hw/misc/macio/trace.c
  GEN     hw/net/trace.c
  GEN     hw/nvram/trace.c
  GEN     hw/pci/trace.c
  GEN     hw/pci-host/trace.c
  GEN     hw/ppc/trace.c
  GEN     hw/rdma/trace.c
  GEN     hw/rdma/vmw/trace.c
  GEN     hw/rtc/trace.c
  GEN     hw/s390x/trace.c
  GEN     hw/scsi/trace.c
  GEN     hw/sd/trace.c
  GEN     hw/sparc/trace.c
  GEN     hw/sparc64/trace.c
  GEN     hw/timer/trace.c
  GEN     hw/tpm/trace.c
  GEN     hw/usb/trace.c
  GEN     hw/vfio/trace.c
  GEN     hw/virtio/trace.c
  GEN     hw/watchdog/trace.c
  GEN     hw/xen/trace.c
  GEN     hw/gpio/trace.c
  GEN     hw/riscv/trace.c
  GEN     migration/trace.c
  GEN     net/trace.c
  GEN     ui/trace.c
  GEN     hw/display/trace.c
  GEN     qapi/trace.c
  GEN     qom/trace.c
  GEN     target/arm/trace.c
  GEN     target/hppa/trace.c
  GEN     target/i386/trace.c
  GEN     target/mips/trace.c
  GEN     target/ppc/trace.c
  GEN     target/riscv/trace.c
  GEN     target/s390x/trace.c
  GEN     target/sparc/trace.c
  GEN     util/trace.c
  GEN     hw/core/trace.c
  LINK    tests/qemu-iotests/socket_scm_helper
  CC      qga/commands.o
  CC      qga/guest-agent-command-state.o
  CC      qga/main.o
  CC      qga/commands-posix.o
  CC      qga/channel-posix.o
  CC      qga/qapi-generated/qga-qapi-types.o
  CC      qga/qapi-generated/qga-qapi-visit.o
  CC      qga/qapi-generated/qga-qapi-commands.o
make: *** No rule to make target 'default-configs/pci.mak', needed by 'x86_64-softmmu/config-devices.mak'.  Stop.
make: *** Waiting for unfinished jobs....
  CC      qemu-img.o

I wasn't quite sure which branch I should compile, so I also tried master.

➜  qemu git:(master) ✗ make -j4
  GEN   config-all-devices.mak
  GEN   config-host.h
  GEN   qemu-options.def
  GEN   qmp-commands.h
  GEN   qapi-types.h
	 DEP tests/dumptrees.c
	 DEP tests/trees.S
	 DEP tests/testutils.c
  GEN   qapi-visit.h
	 DEP tests/value-labels.c
  GEN   qapi-event.h
  GEN   trace/generated-events.h
	 DEP tests/asm_tree_dump.c
	 DEP tests/truncated_memrsv.c
  GEN   trace/generated-tracers.h
  GEN   trace/generated-tcg-tracers.h
	 DEP tests/truncated_string.c
  GEN   trace/generated-helpers-wrappers.h
	 DEP tests/truncated_property.c
  GEN   trace/generated-helpers.h
	 DEP tests/check_full.c
  GEN   tests/test-qapi-types.h
  GEN   tests/test-qapi-visit.h
  GEN   tests/test-qmp-commands.h
  GEN   tests/test-qapi-event.h
	 DEP tests/check_header.c
	 DEP tests/check_path.c
	 DEP tests/overlay_bad_fixup.c
	 DEP tests/overlay.c
	 DEP tests/subnode_iterate.c
	 DEP tests/property_iterate.c
	 DEP tests/integer-expressions.c
	 DEP tests/utilfdt_test.c
	 DEP tests/path_offset_aliases.c
	 DEP tests/add_subnode_with_nops.c
	 DEP tests/dtbs_equal_unordered.c
	 DEP tests/dtb_reverse.c
	 DEP tests/dtbs_equal_ordered.c
	 DEP tests/extra-terminating-null.c
	 DEP tests/incbin.c
	 DEP tests/boot-cpuid.c
	 DEP tests/phandle_format.c
	 DEP tests/path-references.c
	 DEP tests/references.c
	 DEP tests/string_escapes.c
	 DEP tests/propname_escapes.c
	 DEP tests/appendprop2.c
	 DEP tests/appendprop1.c
	 DEP tests/del_node.c
	 DEP tests/del_property.c
	 DEP tests/setprop.c
	 DEP tests/set_name.c
	 DEP tests/rw_tree1.c
	 DEP tests/open_pack.c
	 DEP tests/nopulate.c
	 DEP tests/mangle-layout.c
	 DEP tests/move_and_save.c
	 DEP tests/sw_states.c
	 DEP tests/sw_tree1.c
	 DEP tests/nop_node.c
	 DEP tests/nop_property.c
	 DEP tests/setprop_inplace.c
	 DEP tests/stringlist.c
	 DEP tests/addr_size_cells2.c
	 DEP tests/addr_size_cells.c
	 DEP tests/notfound.c
	 DEP tests/sized_cells.c
	 DEP tests/char_literal.c
	 DEP tests/get_alias.c
	 DEP tests/node_offset_by_compatible.c
	 DEP tests/node_check_compatible.c
	 DEP tests/node_offset_by_phandle.c
	 DEP tests/node_offset_by_prop_value.c
	 DEP tests/parent_offset.c
	 DEP tests/supernode_atdepth_offset.c
	 DEP tests/get_path.c
	 DEP tests/getprop.c
	 DEP tests/get_phandle.c
	 DEP tests/get_name.c
	 DEP tests/path_offset.c
	 DEP tests/subnode_offset.c
	 DEP tests/find_property.c
	 DEP tests/root_node.c
	 DEP tests/get_mem_rsv.c
	 DEP libfdt/fdt_overlay.c
	 DEP libfdt/fdt_addresses.c
	 DEP libfdt/fdt_empty_tree.c
	 DEP libfdt/fdt_strerror.c
	 DEP libfdt/fdt_rw.c
	 DEP libfdt/fdt_sw.c
	 DEP libfdt/fdt_wip.c
	 DEP libfdt/fdt_ro.c
	 DEP libfdt/fdt.c
	 DEP util.c
	 DEP fdtoverlay.c
	 DEP fdtput.c
	 DEP fdtget.c
	 DEP fdtdump.c
	 DEP convert-dtsv0-lexer.lex.c
	 DEP srcpos.c
	 DEP dtc-parser.tab.c
	 DEP dtc-lexer.lex.c
	 DEP treesource.c
	 DEP livetree.c
	 DEP fstree.c
	 DEP flattree.c
	 DEP dtc.c
	 DEP data.c
	 DEP checks.c
	CHK version_gen.h
	 CC libfdt/fdt.o
	 CC libfdt/fdt_ro.o
	 CC libfdt/fdt_wip.o
	 CC libfdt/fdt_sw.o
	 CC libfdt/fdt_rw.o
	 CC libfdt/fdt_strerror.o
	 CC libfdt/fdt_empty_tree.o
	 CC libfdt/fdt_addresses.o
	 CC libfdt/fdt_overlay.o
	 AR libfdt/libfdt.a
ar: creating libfdt/libfdt.a
a - libfdt/fdt.o
a - libfdt/fdt_ro.o
a - libfdt/fdt_wip.o
a - libfdt/fdt_sw.o
a - libfdt/fdt_rw.o
a - libfdt/fdt_strerror.o
a - libfdt/fdt_empty_tree.o
a - libfdt/fdt_addresses.o
a - libfdt/fdt_overlay.o
	CHK version_gen.h
  CC    tests/qemu-iotests/socket_scm_helper.o
  GEN   qga/qapi-generated/qga-qapi-types.h
  GEN   qga/qapi-generated/qga-qmp-commands.h
  GEN   qga/qapi-generated/qga-qapi-visit.h
  GEN   qga/qapi-generated/qga-qapi-types.c
  GEN   qga/qapi-generated/qga-qapi-visit.c
  GEN   qga/qapi-generated/qga-qmp-marshal.c
  GEN   qapi-visit.c
  GEN   qapi-types.c
  GEN   qapi-event.c
  CC    crypto/init.o
  CC    crypto/hash.o
  CC    crypto/aes.o
  CC    crypto/desrfb.o
  CC    crypto/cipher.o
  CC    qapi/qapi-visit-core.o
  CC    qapi/qapi-dealloc-visitor.o
  CC    qapi/qmp-input-visitor.o
  CC    qapi/qmp-output-visitor.o
  CC    qapi/qmp-registry.o
  CC    qapi/qmp-dispatch.o
  CC    qapi/string-input-visitor.o
  CC    qapi/string-output-visitor.o
  CC    qapi/opts-visitor.o
  CC    qapi/qmp-event.o
  CC    qapi/qapi-util.o
  CC    qobject/qnull.o
  CC    qobject/qint.o
  CC    qobject/qstring.o
  CC    qobject/qdict.o
  CC    qobject/qlist.o
  CC    qobject/qfloat.o
  CC    qobject/qbool.o
  CC    qobject/qjson.o
  CC    qobject/json-lexer.o
  CC    qobject/json-streamer.o
  CC    qobject/json-parser.o
  GEN   trace/generated-events.c
  CC    trace/control.o
  CC    trace/qmp.o
  CC    util/osdep.o
  CC    util/cutils.o
  CC    util/unicode.o
  CC    util/qemu-timer-common.o
  CC    util/oslib-posix.o
  CC    util/qemu-thread-posix.o
  CC    util/event_notifier-posix.o
  CC    util/qemu-openpty.o
  CC    util/envlist.o
  CC    util/path.o
  CC    util/module.o
  CC    util/bitmap.o
  CC    util/bitops.o
  CC    util/hbitmap.o
  CC    util/fifo8.o
  CC    util/acl.o
  CC    util/error.o
  CC    util/qemu-error.o
  CC    util/compatfd.o
util/qemu-error.c: In function ‘error_vreport’:
util/qemu-error.c:210:5: error: ‘GTimeVal’ is deprecated: Use 'GDateTime' instead [-Werror=deprecated-declarations]
  210 |     GTimeVal tv;
      |     ^~~~~~~~
In file included from /usr/include/glib-2.0/glib/galloca.h:32,
                 from /usr/include/glib-2.0/glib.h:30,
                 from /home/zzc/Desktop/zzc/libvmi/qemu/include/glib-compat.h:19,
                 from /home/zzc/Desktop/zzc/libvmi/qemu/include/qemu-common.h:44,
                 from /home/zzc/Desktop/zzc/libvmi/qemu/include/monitor/monitor.h:4,
                 from util/qemu-error.c:14:
/usr/include/glib-2.0/glib/gtypes.h:547:8: note: declared here
  547 | struct _GTimeVal
      |        ^~~~~~~~~
util/qemu-error.c:214:9: error: ‘g_get_current_time’ is deprecated: Use 'g_get_real_time' instead [-Werror=deprecated-declarations]
  214 |         g_get_current_time(&tv);
      |         ^~~~~~~~~~~~~~~~~~
In file included from /usr/include/glib-2.0/glib/giochannel.h:33,
                 from /usr/include/glib-2.0/glib.h:54,
                 from /home/zzc/Desktop/zzc/libvmi/qemu/include/glib-compat.h:19,
                 from /home/zzc/Desktop/zzc/libvmi/qemu/include/qemu-common.h:44,
                 from /home/zzc/Desktop/zzc/libvmi/qemu/include/monitor/monitor.h:4,
                 from util/qemu-error.c:14:
/usr/include/glib-2.0/glib/gmain.h:679:8: note: declared here
  679 | void   g_get_current_time                 (GTimeVal       *result);
      |        ^~~~~~~~~~~~~~~~~~
util/qemu-error.c:215:9: error: ‘g_time_val_to_iso8601’ is deprecated: Use 'g_date_time_format' instead [-Werror=deprecated-declarations]
  215 |         timestr = g_time_val_to_iso8601(&tv);
      |         ^~~~~~~
In file included from /usr/include/glib-2.0/glib.h:88,
                 from /home/zzc/Desktop/zzc/libvmi/qemu/include/glib-compat.h:19,
                 from /home/zzc/Desktop/zzc/libvmi/qemu/include/qemu-common.h:44,
                 from /home/zzc/Desktop/zzc/libvmi/qemu/include/monitor/monitor.h:4,
                 from util/qemu-error.c:14:
/usr/include/glib-2.0/glib/gtimer.h:73:10: note: declared here
   73 | gchar*   g_time_val_to_iso8601   (GTimeVal    *time_) G_GNUC_MALLOC;
      |          ^~~~~~~~~~~~~~~~~~~~~
  CC    util/id.o
cc1: all warnings being treated as errors
make: *** [/home/zzc/Desktop/zzc/libvmi/qemu/rules.mak:57: util/qemu-error.o] Error 1
make: *** Waiting for unfinished jobs....

This looks like either a code error or a missing compilation rule. I checked other issues and didn't see a problem similar to this one. What should I do? Help me pls! Thank you!

qemu error on installing virtual machine with virt-install

I'm trying to experiment with the new kvmi (recent branch), everything were installed smoothly except when I'm using virt-install to install new machine I receive these error messages.

ERROR    internal error: qemu unexpectedly closed the monitor: 2021-02-04T19:46:23.917798Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(490H).vmx-entry-load-perf-global-ctrl [bit 13]

2021-02-04T19:46:23.917803Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-eptad [bit 21]

2021-02-04T19:46:23.918777Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-pml [bit 17]

2021-02-04T19:46:23.918790Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48FH).vmx-exit-load-perf-global-ctrl [bit 12]

2021-02-04T19:46:23.918794Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(490H).vmx-entry-load-perf-global-ctrl [bit 13]

2021-02-04T19:46:23.918799Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48CH).vmx-eptad [bit 21]

info: VMI: intercept command: resume
Removing disk 'hvm-test.qcow2' 
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
  virsh --connect qemu:///system start hvm-test
otherwise, please restart your installation.

My Host is CentOS 8, and cpu model is i5-7260U

does anyone had similar experience to help?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.