lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Dec 2020 09:25:29 +0800 From: "Xu, Like" <like.xu@...el.com> To: Peter Zijlstra <peterz@...radead.org> Cc: Like Xu <like.xu@...ux.intel.com>, "Kleen, Andi" <andi.kleen@...el.com>, Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org, Sean Christopherson <sean.j.christopherson@...el.com>, Vitaly Kuznetsov <vkuznets@...hat.com>, Wanpeng Li <wanpengli@...cent.com>, Jim Mattson <jmattson@...gle.com>, Joerg Roedel <joro@...tes.org>, Kan Liang <kan.liang@...ux.intel.com>, luwei.kang@...el.com, Thomas Gleixner <tglx@...utronix.de>, wei.w.wang@...el.com, Tony Luck <tony.luck@...el.com>, Stephane Eranian <eranian@...gle.com>, Mark Gross <mgross@...ux.intel.com>, Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2 04/17] perf: x86/ds: Handle guest PEBS overflow PMI and inject it to guest Hi Peter, On 2020/11/30 18:49, Peter Zijlstra wrote: > On Fri, Nov 27, 2020 at 10:14:49AM +0800, Xu, Like wrote: > >>> OK, but the code here wanted to inspect the guest DS from the host. It >>> states this is somehow complicated/expensive. But surely we can at the >>> very least map the first guest DS page somewhere so we can at least >>> access the control bits without too much magic. >> We note that the SDM has a contiguous present memory mapping >> assumption about the DS save area and the PEBS buffer area. >> >> Therefore, we revisit your suggestion here and move it a bit forward: >> >> When the PEBS is enabled, KVM will cache the following values: >> - gva ds_area (kvm msr trap) >> - hva1 for "gva ds_area" (walk guest page table) >> - hva2 for "gva pebs_buffer_base" via hva1 (walk guest page table) > What this [gh]va? Guest/Host Virtual Address? I think you're assuming I > know about all this virt crap,.. I don't. Oh, my bad and let me add it: gva: guest virtual address gpa: guest physical address gfn: guest frame number hva: host virtual adderss hpa: host physical address In the KVM, we get hva from gva in the following way: gpa = kvm_mmu_gva_to_gpa_system(vcpu, gva, NULL); gfn = gpa >> PAGE_SHIFT; slot = gfn_to_memslot(kvm, gfn); hva = gfn_to_hva_memslot_prot(slot, gfn, NULL); > >> if the "gva ds_area" cache hits, > what? Sorry, it looks a misuse of terminology. I mean KVM will save the last used "gva ds_area" value and its hva in the extra fields, if the "gva ds_area" does not change this time, we will not walk the guest page table to get its hva again. I think it's the main point in your suggestion, and I try to elaborate it. >> - access PEBS "interrupt threshold" and "Counter Reset[]" via hva1 >> - get "gva2 pebs_buffer_base" via __copy_from_user(hva1) > But you already had hva2, so what's the point? hva1 is for for "gva ds_area" hva2 is for "gva pebs_buffer_base" The point is before using the last save hva2, we need to make sure that "gva pebs_buffer_base" is not changed to avoid that some malicious drivers may change it without changing ds_area. > >> if the "gva2 pebs_buffer_base" cache hits, > What? > >> - we get "gva2 pebs_index" via __copy_from_user(hva2), > pebs_index is in ds_are, which would be hva1 Yes, we get "gva2 pebs_index" via __copy_from_user(hva1). > >> - rewrite the guest PEBS records via hva2 and pebs_index >> >> If any cache misses, setup the cache values via walking tables again. >> >> I wonder if you would agree with this optimization idea, >> we look forward to your confirmation for the next step. > I'm utterly confused. I really can't follow. Generally, KVM will save hva1 (gva1 ds_area) and hva2 (for gva2 pebs_buffer_base) in the first round of the guest page table walking and reuse them if they're not changed in subsequent use. I think this approach is feasible, and please complain if you are still confused or disagree. Thanks, Like Xu
Powered by blists - more mailing lists