lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 16 Apr 2020 16:14:04 +0200
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     "Kang, Luwei" <luwei.kang@...el.com>,
        "Christopherson, Sean J" <sean.j.christopherson@...el.com>
Cc:     "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "vkuznets@...hat.com" <vkuznets@...hat.com>,
        "wanpengli@...cent.com" <wanpengli@...cent.com>,
        "jmattson@...gle.com" <jmattson@...gle.com>,
        "joro@...tes.org" <joro@...tes.org>
Subject: Re: [PATCH] KVM: VMX: Disable Intel PT before VM-entry

On 31/03/20 05:29, Kang, Luwei wrote:
>> Ah, right.  What about enhancing intel_pt_handle_vmx() and 'struct
>> pt' to replace vmx_on with a field that incorporates the KVM mode?
>
> Some history is the host perf didn't fully agree with introducing
> HOST_GUEST mode for PT in KVM.

I don't think this is accurate.  IIRC the maintainers wanted packets in 
the host-side trace to signal where the trace was interrupted.  In the 
end we solved the issue by 1) dropping host-only mode since it can be 
achieved in userspace 2) making host-guest an opt in feature.

I think it would make sense to rename vmx_on into vmx_state and make it an

enum pt_vmx_state {
	PT_VMX_OFF,
	PT_VMX_ON_DISABLED,
	PT_VMX_ON_SYSTEM,
	PT_VMX_ON_HOST_GUEST
};

KVM would pass the enum to intel_pt_handle_vmx (one of PT_VMX_OFF, 
PT_VMX_ON_SYSTEM, PT_VMX_ON_HOST_GUEST).  Inside intel_pt_handle_vmx you 
can do

	if (pt_pmu.vmx) {
		WRITE_ONCE(pt->vmx_state, state);
		return;
	}

	local_irq_save(flags);
	WRITE_ONCE(pt->vmx_state,
		   state == PT_VMX_OFF ? PT_VMX_OFF : PT_VMX_ON_DISABLED);
	...

and in pt_config_start:

	...
	vmx = READ_ONCE(pt->vmx_start);
	if (vmx == PT_VMX_ON_DISABLED)
                perf_aux_output_flag(&pt->handle, PERF_AUX_FLAG_PARTIAL);
        else if (vmx == PT_VMX_ON_SYSTEM ||
		 !(current->flags & PF_VCPU))
                wrmsrl(MSR_IA32_RTIT_CTL, ctl);
	...

Thanks,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ