lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a1291d0b-297c-9146-9689-f4a4129de3c6@redhat.com>
Date:   Tue, 26 Jan 2021 10:42:18 +0100
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Like Xu <like.xu@...ux.intel.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Jim Mattson <jmattson@...gle.com>,
        Joerg Roedel <joro@...tes.org>
Cc:     Ingo Molnar <mingo@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Borislav Petkov <bp@...en8.de>,
        "H . Peter Anvin" <hpa@...or.com>, ak@...ux.intel.com,
        wei.w.wang@...el.com, kan.liang@...el.com, x86@...nel.org,
        kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RESEND v13 03/10] KVM: x86/pmu: Use IA32_PERF_CAPABILITIES to
 adjust features visibility

On 08/01/21 02:36, Like Xu wrote:
> 
> @@ -401,6 +398,9 @@ static void intel_pmu_init(struct kvm_vcpu *vcpu)
>  		pmu->fixed_counters[i].idx = i + INTEL_PMC_IDX_FIXED;
>  		pmu->fixed_counters[i].current_config = 0;
>  	}
> +
> +	vcpu->arch.perf_capabilities = guest_cpuid_has(vcpu, X86_FEATURE_PDCM) ?
> +		vmx_get_perf_capabilities() : 0;

There is one thing I don't understand with this patch: intel_pmu_init is 
not called when CPUID is changed.  So I would have thought that anything 
that uses guest_cpuid_has must stay in intel_pmu_refresh.  As I 
understand it vcpu->arch.perf_capabilities is always set to 0 
(vmx_get_perf_capabilities is never called), and kvm_set_msr_common 
would fail to set any bit in the MSR.  What am I missing?

In addition, the code of patch 4:

+	if (!intel_pmu_lbr_is_enabled(vcpu)) {
+		vcpu->arch.perf_capabilities &= ~PMU_CAP_LBR_FMT;
+		lbr_desc->records.nr = 0;
+	}

is not okay after MSR changes.  The value written by the host must be 
either rejected (with "return 1") or applied unchanged.

Fortunately I think this code is dead if you move the check in 
kvm_set_msr from patch 9 to patch 4.  However, in patch 9 
vmx_get_perf_capabilities() must only set the LBR format bits if 
intel_pmu_lbr_is_compatible(vcpu).


The patches look good apart from these issues and the other nits I 
pointed out.  However, you need testcases here, for both kvm-unit-tests 
and tools/testing/selftests/kvm.

For KVM, it would be at least a basic check that looks for the MSR LBR 
(using the MSR indices for the various processors), does a branch, and 
checks that the FROM_IP/TO_IP are good.  You can write the 
kvm-unit-tests using the QEMU option "-cpu host,migratable=no": if you 
do this, QEMU will pick the KVM_GET_SUPPORTED_CPUID bits and move them 
more or less directly into the guest CPUID.

For tools/testing/selftests/kvm, your test need to check the effect of 
various CPUID settings on the PERF_CAPABILITIES MSR, check that whatever 
you write with KVM_SET_MSR is _not_ modified and can be retrieved with 
KVM_GET_MSR, and check that invalid LBR formats are rejected.

I'm really, really sorry for leaving these patches on my todo list for 
months, but you guys need to understand the main reason for this: they 
come with no testcases.  A large patch series adding userspace APIs and 
complicated CPUID/MSR processing *automatically* goes to the bottom of 
my queue, because:

- I need to go with a fine comb over all the userspace API changes, I 
cannot just look at test code and see if it works.

- I will have no way to test its correctness after it's committed.

For you, the work ends when your patch is accepted.  For me, that's when 
the work begins, and I need to make sure that the patch will be 
maintainable in the future.

Thanks, and sorry again for the delay.

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ