lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <69c0fc41-a5bd-fea9-43f6-4724368baf66@intel.com>
Date:   Wed, 9 Feb 2022 07:40:59 -0800
From:   Dave Hansen <dave.hansen@...el.com>
To:     Peter Zijlstra <peterz@...radead.org>,
        Jim Mattson <jmattson@...gle.com>
Cc:     Like Xu <like.xu.linux@...il.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, Like Xu <likexu@...cent.com>,
        Stephane Eranian <eranian@...gle.com>,
        David Dunn <daviddunn@...gle.com>
Subject: Re: [PATCH kvm/queue v2 2/3] perf: x86/core: Add interface to query
 perfmon_event_map[] directly

On 2/9/22 05:21, Peter Zijlstra wrote:
> On Wed, Feb 02, 2022 at 02:35:45PM -0800, Jim Mattson wrote:
>> 3) TDX is going to pull the rug out from under us anyway. When the TDX
>> module usurps control of the PMU, any active host counters are going
>> to stop counting. We are going to need a way of telling the host perf
>> subsystem what's happening, or other host perf clients are going to
>> get bogus data.
> That's not acceptible behaviour. I'm all for unilaterally killing any
> guest that does this.

I'm not sure where the "bogus data" comes or to what that refers
specifically.  But, the host does have some level of control:

> The host VMM controls whether a guest TD can use the performance
> monitoring ISA using the TD’s ATTRIBUTES.PERFMON bit...

So, worst-case, we don't need to threaten to kill guests.  The host can
just deny access in the first place.

I'm not too picky about what the PMU does, but the TDX behavior didn't
seem *that* onerous to me.  The gory details are all in "On-TD
Performance Monitoring" here:

> https://www.intel.com/content/dam/develop/external/us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf

My read on it is that TDX host _can_ cede the PMU to TDX guests if it
wants.  I assume the context-switching model Jim mentioned is along the
lines of what TDX is already doing on host<->guest transitions.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ