lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZcEPHyfQ4n23YOTW@linux.dev>
Date: Mon, 5 Feb 2024 16:38:55 +0000
From: Oliver Upton <oliver.upton@...ux.dev>
To: Marc Zyngier <maz@...nel.org>
Cc: James Clark <james.clark@....com>, coresight@...ts.linaro.org,
	linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.linux.dev,
	broonie@...nel.org, suzuki.poulose@....com, acme@...nel.org,
	James Morse <james.morse@....com>,
	Zenghui Yu <yuzenghui@...wei.com>,
	Catalin Marinas <catalin.marinas@....com>,
	Will Deacon <will@...nel.org>, Mike Leach <mike.leach@...aro.org>,
	Leo Yan <leo.yan@...aro.org>,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	Anshuman Khandual <anshuman.khandual@....com>,
	Rob Herring <robh@...nel.org>, Miguel Luis <miguel.luis@...cle.com>,
	Jintack Lim <jintack.lim@...aro.org>,
	Ard Biesheuvel <ardb@...nel.org>,
	Mark Rutland <mark.rutland@....com>, Arnd Bergmann <arnd@...db.de>,
	Vincent Donnefort <vdonnefort@...gle.com>,
	Kristina Martsenko <kristina.martsenko@....com>,
	Fuad Tabba <tabba@...gle.com>, Joey Gouly <joey.gouly@....com>,
	Akihiko Odaki <akihiko.odaki@...nix.com>,
	Jing Zhang <jingzhangos@...gle.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 2/7] arm64: KVM: Use shared area to pass PMU event
 state to hypervisor

On Mon, Feb 05, 2024 at 03:50:12PM +0000, Marc Zyngier wrote:
> On Mon, 05 Feb 2024 15:37:34 +0000,
> James Clark <james.clark@....com> wrote:
> > 
> > Hmmm in that case if there's currently no way to distinguish between
> > normal VMs and pVMs in protected-mode then what I was thinking of
> > probably won't work.
> 
> Have you looked? kvm_vm_is_protected() has been in for a while, even
> if that's not a lot. The upcoming code will flesh this helper out,

Blame me for the bad intel. What I was mentioning earlier is that (1) we
use the hyp's shadowed vCPUs when running in protected mode and (2) we
don't sync PMU state into the shadow vCPU. So really PMU support for
non-protected guests has been broken since commit be66e67f1750 ("KVM:
arm64: Use the pKVM hyp vCPU structure in handle___kvm_vcpu_run()").

Fixing PMU support for non-protected guests implies the hypervisor will
conditionally trust data coming from the host based on the type of VM
that it is running.

For protected guests the hypervisor will need a private location to
do save/restore of the enable regs since I'm certain we will not trust
whatever the host tells us in these circumstances.

Both of these reasons has me feeling like the PMU context still needs to
be associated with the vCPU, though the tracing stuff can be percpu.

-- 
Thanks,
Oliver

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ