Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp6138226imd; Wed, 31 Oct 2018 07:23:18 -0700 (PDT) X-Google-Smtp-Source: AJdET5eUFpgUUWcYh0wOvo16RV91xKAzgKmw94Eh4YTGuE5TrLFsmx4qr834c2kpa+/0+qpC7b8G X-Received: by 2002:a62:6346:: with SMTP id x67-v6mr3626422pfb.234.1540995797967; Wed, 31 Oct 2018 07:23:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540995797; cv=none; d=google.com; s=arc-20160816; b=x+m0S4IZu8DxWyMV3/jC8JDmuCfu4HDEYJTOP242zSNAwmDMvbc+sGtVQUp6PNzkkT 5NYdYdI0nLak7RA8tasBBO7Oz+8n1Nr0GbjqqQfe7TaXIp7MxrwJlvo2o6Gsx1DKQL0v fk7cS/2iCgP1wS0UG3L/Vbm9sqpvDRea5r4kdXcmrB3gfNKYeYiiQXaVx7lYM1NVYNNV jgzls18lce8UeNAofZnxGytOunFwlgE8G8O6WsPTdED5E9UwC1TRO6uDWJeGcKbJdPMZ hD6ChuXf5j9frsnSS3fzuTDC6ZEvpo1hDpEEg2Zkmt92GTUohYtFRfnqxIlLuhxU94ZT 7tug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from; bh=QbeQlH8N3ftidBQDzEcHbkPztrTqIZAvsOkhNRC8XQ0=; b=ZGIvUxrggLJLX8I24nF4ELhJcjiHXQKcniC72iNQ0lTV3Q3CfcdHTqUZlshHI2Bl5Z YXujQC1Xp+1JxxEvTOJk+cFhbb98S8C36yfAXFt3DU+EzzkWMcKFWARZa9nLmicH7YXu JrhWvFkxtaycXRFelPowS/QcTQB4pFD4/AIDrsfDAJCGjtPrDTsK6J1IzM/IqHCxvRKL Q3Zx3qoWllXRBAxIvPD4KUaI33W5/hf+qend2ObSC0UY2tGV0owtYr2Rl70rquA0VuXu 2p/cgcuxC9+qm5Ty4ktMmJCAVH8IBDXxay9vmTZ04a2ONhoea/d97yEKdfSPxxiEaoKm UzaA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 33-v6si13250584plt.22.2018.10.31.07.22.58; Wed, 31 Oct 2018 07:23:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729526AbeJaXUU (ORCPT + 99 others); Wed, 31 Oct 2018 19:20:20 -0400 Received: from mga02.intel.com ([134.134.136.20]:58170 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729396AbeJaXUT (ORCPT ); Wed, 31 Oct 2018 19:20:19 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Oct 2018 07:22:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,447,1534834800"; d="scan'208";a="88428867" Received: from um.fi.intel.com (HELO localhost) ([10.237.72.212]) by orsmga008.jf.intel.com with ESMTP; 31 Oct 2018 07:21:58 -0700 From: Alexander Shishkin To: Paolo Bonzini , Luwei Kang , kvm@vger.kernel.org, x86@kernel.org Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, rkrcmar@redhat.com, joro@8bytes.org, songliubraving@fb.com, peterz@infradead.org, kstewart@linuxfoundation.org, gregkh@linuxfoundation.org, thomas.lendacky@amd.com, konrad.wilk@oracle.com, mattst88@gmail.com, Janakarajan.Natarajan@amd.com, dwmw@amazon.co.uk, jpoimboe@redhat.com, marcorr@google.com, ubizjak@gmail.com, sean.j.christopherson@intel.com, jmattson@google.com, linux-kernel@vger.kernel.org, Chao Peng Subject: Re: [PATCH v13 08/12] KVM: x86: Add Intel PT context switch for each vcpu In-Reply-To: <2cb38ceb-9c86-4174-0b2b-9f070eb0df48@redhat.com> References: <1540368316-12998-1-git-send-email-luwei.kang@intel.com> <1540368316-12998-9-git-send-email-luwei.kang@intel.com> <87a7n37iuf.fsf@ashishki-desk.ger.corp.intel.com> <87y3af65fi.fsf@ashishki-desk.ger.corp.intel.com> <87r2g65osg.fsf@ashishki-desk.ger.corp.intel.com> <2cb38ceb-9c86-4174-0b2b-9f070eb0df48@redhat.com> Date: Wed, 31 Oct 2018 16:21:58 +0200 Message-ID: <87lg6e5h89.fsf@ashishki-desk.ger.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Paolo Bonzini writes: > On 31/10/2018 12:38, Alexander Shishkin wrote: >>> There is no standard way to tell the guest that the host overrode its >>> choice to use PT. However, the host will get a PGD/PGE packet around >>> vmentry and vmexit, so there _will_ be an indication that the guest >>> owned the MSRs for that period of time. >> >> Not if they are not tracing the kernel. > > If they are not tracing the kernel why should they be tracing the guest > at all? To trace the guest userspace, perhaps? >>> If PT context switching is enabled with the module parameter, we could >>> also reject creation of events with the attribute set. However that >>> won't help if the event is created before KVM is even loaded. >> >> In that case, modprobe kvm should fail. > > Does that mean that an unprivileged user can effectively DoS > virtualization for everyone on the machine? (Honest question). Would the leave-PT-to-the-host still be allowed? Would ignoring the module parameter in that case and falling back to this mode still be fine? I'm not really the one to brainstorm solutions here. There are possibilities of solving this, and the current patchset does not even begin to acknowledge the existence of the problem, which is what my ACK depends on. Regards, -- Alex