lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 6 Feb 2024 11:38:41 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Like Xu <like.xu.linux@...il.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>, Andi Kleen <ak@...ux.intel.com>, kvm@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] KVM: x86/intr: Explicitly check NMI from guest to
 eliminate false positives

+Oliver

On Wed, Dec 06, 2023, Like Xu wrote:
> Note that when vm-exit is indeed triggered by PMI and before HANDLING_NMI
> is cleared, it's also still possible that another PMI is generated on host.
> Also for perf/core timer mode, the false positives are still possible since
> that non-NMI sources of interrupts are not always being used by perf/core.
> In both cases above, perf/core should correctly distinguish between real
> RIP sources or even need to generate two samples, belonging to host and
> guest separately, but that's perf/core's story for interested warriors.

Oliver has a patch[*] that he promised he would send "soon" (wink wink) to
properly fix events that are configured to exclude the guest.  Unless someone
objects, I'm going to tweak the last part of the changelog to be:

    Note that when VM-exit is indeed triggered by PMI and before HANDLING_NMI
    is cleared, it's also still possible that another PMI is generated on host.
    Also for perf/core timer mode, the false positives are still possible since
    that non-NMI sources of interrupts are not always being used by perf/core.
    
    For events that are host-only, perf/core can and should eliminate false
    positives by checking event->attr.exclude_guest, i.e. events that are
    configured to exclude KVM guests should never fire in the guest.
    
    Events that are configured to count host and guest are trickier, perhaps
    impossible to handle with 100% accuracy?  And regardless of what accuracy
    is provided by perf/core, improving KVM's accuracy is cheap and easy, with
    no real downsides.

[*] https://git.kernel.org/pub/scm/linux/kernel/git/oupton/linux.git/commit/?h=perf/unfudge-sampling&id=6a35fa884b378f704b485c6bf887125af5da6077

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ