kvmi-v6: some fields of kvmi_qemu2introspector and kvmi_introspector2qemu are empty

KVM-VMI / kvm

Fork of KVM with Virtual Machine Introspection patches

Other

33 stars 28 forks source link

kvmi-v6: some fields of kvmi_qemu2introspector and kvmi_introspector2qemu are empty #34

Open Wenzel opened 4 years ago

Wenzel commented 4 years ago

Hi,

I would like to print the available information in the KVMi handshake callback:

static int cb_handshake(
    const struct kvmi_qemu2introspector *qemu,
    struct kvmi_introspector2qemu *intro,
    void *ctx)
{
    (void)ctx;
    if (!qemu || !intro) {
        errprint("Invalid parameters in KVMi handshake callback");
        return 1;
    }
    char str_time[20] = {0};
    strftime(str_time, 20, "%Y-%m-%d %H:%M:%S", localtime(&qemu->start_time));
    // print name and start time
    dbprint(VMI_DEBUG_KVM, "--KVMi handshake - Domain name: %s, Start time: %s\n", qemu->name, str_time);
    // print UUID
    for (int i = 0; i < 16; i++)
        printf("%.2X ", qemu->uuid[i]);
    printf("\n");
    // print cookie
    for (int i = 0; i < 20; i++)
        printf("%.2X ", intro->cookie_hash[i]);
    printf("\n");
    return 0;
}

However some of the fields are empty: Capture d’écran de 2020-04-08 15-21-39

cc @adlazar, @mdontu is this not implemented yet ?

adlazar commented 4 years ago

This QEMU, matching KVM with KVMI-v6 patches, doesn't send the name, nor the VM start time (padding2). see

I've only changed the handshake structure to match KVMI-v6 :(

kvmi_introspector2qemu.cookie is what the introspection app sets, if the guest is configured to authenticate the app. So, it should be empty when that callback is called.

Wenzel commented 4 years ago

On KVMi-v7 the name is set now. The VM start time is still empty though

adlazar commented 4 years ago

kvmi-test.c shows both fields as non-empty.

Wenzel commented 4 years ago

@adlazar my bad, it is my translation to a string date that seem to be incorrect.

--KVMi handshake:
--    VM name: winxp
--    VM start time: 2159253 
--    VM start time: Sun Jan 25 1970

but as I got the same date than on my last attempt, i figured the timestamp was empty and therefore starting at 1970.

this is how I translated

    char date[64] = {'\0'};
    const char *format = "%a %b %d %Y";
    struct tm *tm = NULL;
    tm = localtime(&qemu->start_time);
    if (strftime(date, sizeof(date), format, tm) <= 0) {
        errprint("Failed to convert time to string\n");
    } else {
        dbprint(VMI_DEBUG_KVM, "--    VM start time: %s\n", date);
    }

adlazar commented 4 years ago

https://github.com/KVM-VMI/qemu/pull/5/commits/58840c5bbc82005422d997175b7f94df24fa28da fixes the VM start time issue.