lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <46470b7f-377b-5192-60c6-8dac2fdd196e@intel.com>
Date:   Mon, 23 May 2022 20:56:23 +0300
From:   Adrian Hunter <adrian.hunter@...el.com>
To:     Andi Kleen <ak@...ux.intel.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>
Cc:     Jiri Olsa <jolsa@...nel.org>, Namhyung Kim <namhyung@...nel.org>,
        Ian Rogers <irogers@...gle.com>, Leo Yan <leo.yan@...aro.org>,
        linux-kernel@...r.kernel.org, linux-perf-users@...r.kernel.org,
        kvm@...r.kernel.org
Subject: Re: [PATCH V2 5/6] perf kvm report: Add guest_code support

On 23/05/22 18:54, Andi Kleen wrote:
> 
> On 5/17/2022 6:10 AM, Adrian Hunter wrote:
>> Add an option to indicate that guest code can be found in the hypervisor
>> process
> 
> Sorry for harping on this, but is it correct that this assumes that the code is still at the original location at decode time?

No, at decode time, the code is found in the hypervisor dso.

> 
> If yes we need some warnings for this, something like:
> 
> This only works when the code is still available in the riginal memory location at decode time. This is typically the case for kernel code (unless modules are unloaded). 

In this scenario, the VM does not have a kernel.

Note, there is an existing method to trace a guest kernel as described here:

	https://www.man7.org/linux/man-pages/man1/perf-intel-pt.1.html#TRACING_VIRTUAL_MACHINES

For user programs it only works as long as there is no memory pressure which might cause the memory to be reused.

In this scenario, there are also no user programs in the VM, only functions from the hypervisor.

For dynamically generated (JITed) code it might be rather unreliable unless the hypervisor is SIGSTOPed during decoding.
> 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ