Re: [PATCH v2 04/17] perf: x86/ds: Handle guest PEBS overflow PMI and inject it to guest

From: Xu, Like
Date: Wed Nov 18 2020 - 20:37:28 EST

Next message: Haitao Huang: "Re: [PATCH v40 10/24] mm: Add 'mprotect' hook to struct vm_operations_struct"
Previous message: Jakub Kicinski: "Re: [PATCH] hv_netvsc: Validate number of allocated sub-channels"
In reply to: Peter Zijlstra: "Re: [PATCH v2 04/17] perf: x86/ds: Handle guest PEBS overflow PMI and inject it to guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2020/11/19 2:07, Peter Zijlstra wrote:

On Thu, Nov 19, 2020 at 12:15:09AM +0800, Like Xu wrote:

ISTR there was lots of fail trying to virtualize it earlier. What's
changed? There's 0 clues here.

Ah, now we have EPT-friendly PEBS facilities supported since Ice Lake
which makes guest PEBS feature possible w/o guest memory pinned.

OK.

Why are the host and guest DS area separate, why can't we map them to
the exact same physical pages?

If we map both guest and host DS_AREA to the exact same physical pages,
- the guest can access the host PEBS records, which means that the host
IP maybe leaked, because we cannot predict the time guest drains records and
it would be over-designed to clean it up before each vm-entry;
- different tasks/vcpus on the same pcpu cannot share the same PEBS DS
settings from the same physical page. For example, some require large
PEBS and reset values, while others do not.

Like many guest msrs, we use the separate guest DS_AREA for the guest's
own use and it avoids mutual interference as little as possible.

OK, but the code here wanted to inspect the guest DS from the host. It
states this is somehow complicated/expensive.

Yes, it's expensive to inspect guest DS in the NMI handler and also
unsafe to call sleepable EPT page fault handler in the NMI context.

So in this version, we propose to move this complicated part to the KVM
and I think the overhead is acceptable for the cross-mapped cases.

The bad thing is we will not be able to distinguish whether PEBS PMI is from
guest or host once there's a host PEBS counter enabled on the same CPU
and we may fix it later w/ your ideas.

But surely we can at the
very least map the first guest DS page somewhere so we can at least
access the control bits without too much magic.

I am not sure whether the first mapped guest DS page can help
the guest PEBS to keep working from beginning to end since
later host may not map guest DS page on the physical one
and currently KVM couldn't control it fine-grained.

This version could also avoid attacks from malicious guests
by keeping its control bits in its guest space.

Thanks,
Like Xu

Next message: Haitao Huang: "Re: [PATCH v40 10/24] mm: Add 'mprotect' hook to struct vm_operations_struct"
Previous message: Jakub Kicinski: "Re: [PATCH] hv_netvsc: Validate number of allocated sub-channels"
In reply to: Peter Zijlstra: "Re: [PATCH v2 04/17] perf: x86/ds: Handle guest PEBS overflow PMI and inject it to guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]