Hello Friends,
I have done a lot of tricks trying to kill a VM - so far in vain :-)
As you told me I have reached the VCPU of the VM to be killed:
struct kvm_vcpu *cpu = (struct kvm_vcpu*)vcpu;
struct pid *vcpu_pid = cpu->pid;
struct task_struct* task = pid_task(vcpu_pid,PIDTYPE_PID);
Then I am trying to kill the VM standing for vcpu_pid in the various ways:
--- kill_pid(task_pid(task), SIGKILL, 1); (SIGTERM is issued as well)
--- I have tried task_pgrp(task) and task_tgid(task) as well
--- send_sig_info(SIGTERM, &info, task) where struct siginfo info has SIGTERM
as signo and SI_QUEUE as si_code
The same result: the host and guest hang! I am forced to reboot the system.
However when I get the VCPU ID manually (by running grep pid
/var/run/libvirt/qemu/GUEST.xml as it is explained at
http://chilung.blogspot.co.il/2013/08/kvm-how-to-find-guest-vms-process-id-pid.html)
and send kill to this ID from the command line, the corresponding VM shuts off!
Which magic does the manual method in order to succeed ?
Thanks in advance,
the Israeli team
On Thu 06 Mar 13:28 2014 Paolo Bonzini wrote:
> Il 06/03/2014 11:31, Alexander Binun ha scritto:
> > Then - more questions :
> > 1. How can I access the Qemu process (relevant to a given VM) from
> > within in the kernel context (being in a kernel module) ?
>
> The struct pid for the VCPU is in the "pid" field of struct kvm_vcpu.
>
> From there if needed you can get the task (with pid_task) and the
> task's thread group leader (the task's group_leader), and send a signal
> to it.
>
> > 2. Should I uninitialize some internal structures for the VM being
> > killed ?
>
> No, it will happen automatically. When QEMU is terminated, the VM's
> file descriptor is closed and this frees all internal structures.
>
> > 3. My module detects malicious activities at a VCPU. How can one get the
> > VM owning this VCPU ?
>
> Field "kvm" in struct kvm_vcpu points to the struct kvm for the VM.
>
> Paolo
>
