lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <a7ce5e22-c9ac-46a0-b870-1438dac3affc@linux.intel.com>
Date: Wed, 25 Sep 2024 09:05:16 -0400
From: "Liang, Kan" <kan.liang@...ux.intel.com>
To: 陈培鸿(乘鸿) <chenpeihong.cph@...baba-inc.com>,
 Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>,
 Arnaldo Carvalho de Melo <acme@...nel.org>,
 Namhyung Kim <namhyung@...nel.org>, Mark Rutland <mark.rutland@....com>,
 Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
 Jiri Olsa <jolsa@...nel.org>, Ian Rogers <irogers@...gle.com>,
 Adrian Hunter <adrian.hunter@...el.com>, Thomas Gleixner
 <tglx@...utronix.de>, Borislav Petkov <bp@...en8.de>,
 Dave Hansen <dave.hansen@...ux.intel.com>, x86 <x86@...nel.org>,
 "H. Peter Anvin" <hpa@...or.com>,
 linux-perf-users <linux-perf-users@...r.kernel.org>,
 linux-kernel <linux-kernel@...r.kernel.org>,
 chenpeihong <chenpeihong@...ux.alibaba.com>
Cc: 郑翔(正翔) <zx283061@...baba-inc.com>,
 赵生龙 <shenglong.zsl@...baba-inc.com>
Subject: Re: 回复:[PATCH] perf/x86/intel/uncore: Enable uncore on vCPUs when using uncore discovery



On 2024-09-25 4:22 a.m., 陈培鸿(乘鸿) wrote:
>>> With uncore discovery, kvm can choose to expose a subset of
>>> uncore related MSRs it wants to guest by emulate the uncore
>>> discovery device. 
>>
>> I don't hear that the KVM has started to support uncore vPMU.
>> Can you please point me to patches?
> There are no such uncore vPMU related patches so far, which may
> be supported some day in future. I’m now working on this.

I think the patch should be part of the future KVM patch set.
Otherwise, It seems like a security hole because of the lack of
underlying support.

Thanks,
Kan

>> The default of uncore_no_discover is 0. So it bypasses the HYPERVISOR
>> check unless the user specially sets the value. It could be a problem
>> for the earlier platforms which don't support discovery
>> table. How do you plan to emulate the devices on earlier platforms?
>>
> U R right, I should make a more strict check here.
> diff --git a/arch/x86/events/intel/uncore.c b/arch/x86/events/intel/uncore.c
> index 33776df95aa4..ca510c476895 100644
> --- a/arch/x86/events/intel/uncore.c
> +++ b/arch/x86/events/intel/uncore.c
> @@ -1919,8 +1919,9 @@ static int __init intel_uncore_init(void)
>  const struct x86_cpu_id *id;
>  struct intel_uncore_init_fun *uncore_init;
>  int pret = 0, cret = 0, mret = 0, ret;
> + bool in_guest = boot_cpu_has(X86_FEATURE_HYPERVISOR);
> - if (uncore_no_discover && boot_cpu_has(X86_FEATURE_HYPERVISOR))
> + if (uncore_no_discover && in_guest)
>  return -ENODEV;
>  __uncore_max_dies =
> @@ -1936,8 +1937,10 @@ static int __init intel_uncore_init(void)
>  uncore_init = (struct intel_uncore_init_fun *)id->driver_data;
>  if (uncore_no_discover && uncore_init->use_discovery)
>  return -ENODEV;
> - if (uncore_init->use_discovery &&
> - !intel_uncore_has_discovery_tables(uncore_init->uncore_units_ignore))
> + if (!uncore_init->use_discovery) {
> + if (in_guest)
> + return -ENODEV;
> + } else if (!intel_uncore_has_discovery_tables(uncore_init->uncore_units_ignore))
>  return -ENODEV;
>  }
> For the earlier platforms which don't support discovery table, just
> disable uncore for guests. Will there be any issues?
>> Thanks,
>> Kan
>>> So we can enable uncore on virtualized CPUs
>>> when uncore discovery is using.
>>> Signed-off-by: Cheng Hong <chenpeihong.cph@...baba-inc.com>
>>> —
>>> arch/x86/events/intel/uncore.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>> diff --git a/arch/x86/events/intel/uncore.c b/arch/x86/events/intel/uncore.c
>>> index d98fac567684..33776df95aa4 100644
>>> --- a/arch/x86/events/intel/uncore.c
>>> +++ b/arch/x86/events/intel/uncore.c
>>> @@ -1920,7 +1920,7 @@ static int __init intel_uncore_init(void)
>>> struct intel_uncore_init_fun *uncore_init;
>>> int pret = 0, cret = 0, mret = 0, ret;
>>> - if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
>>> + if (uncore_no_discover && boot_cpu_has(X86_FEATURE_HYPERVISOR))
>>> return -ENODEV;
>>> __uncore_max_dies =
> Thanks,
> Chen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ