Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp3051108pxb; Thu, 10 Feb 2022 11:05:20 -0800 (PST) X-Google-Smtp-Source: ABdhPJwSA/XaURzqQUzMPz5Vy9I98Pj2DGdcE4glBcJWgy9NKDL7dKtVlkna+PnDEH105dkGOy4A X-Received: by 2002:a17:90a:de01:: with SMTP id m1mr4260696pjv.215.1644519920152; Thu, 10 Feb 2022 11:05:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644519920; cv=none; d=google.com; s=arc-20160816; b=r1AD+Uzo+ogq1ye4yJRir7QUdemb4SNp+ztxiONvjz+wPsQ+ImFr7Z22RL/HjKmh8n gHKLjShMN+dUwrSXKD9vBOhz93PAM4u/RaZ9cFcivg7Wd2VX3MINrBKrMPF8RAXH9OVy cO6lhrH2TfxN4TPjQE4YB0ADTnbHRKYoWhVrcmZyz1ckphgCytdskQMS4jeslbE1dnAj eacM+eLA7VQZPkBuwI2ywp8BZKI1WuzoEgXjHBRhq8DUaoKiJn2WHyLQIjJnsgnDjCwg wia3/faaV8xh7uX4jUEzjhaMH4VMuZTEyc+OpYcdVNWXWx1vWJ61OLkjARK7hHi00km2 Xpnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :organization:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:dkim-signature; bh=gVKJwu5ERjnZG+6nDLNO4990OulCMrqau9J8QnEaUak=; b=xDLtHFR0Tvyn5f+LBu9tsD9vD8BKMFAjs1OdcyphKx29z9XJ6S3OzwWUP29pNtjG7z qsPabM7Zr0bEq8ddR17xAwNbg6jOgE44YufSvewkPROUQvMsj6yk+CKabSohiEBr9yBx BxLczqLFB8hRvuN6CP2ifMENZPXpNQQQ3sqsQfO1Yd0AWUWvqBG8QE8q8mncjMdWpMHg 96M8HQ7XBXfNdgOZOlgbNDpxsloA+y5JpQcPShN5DDAg6HxyuJw1PWuGdz1RI8tBqTHz E5pwTw5s9qhvS2JK8Tw2Hrtt8AkvtPVfTH4t/Trj79E1ohrAMMo6OyznGPrM2i6hHZm6 vDAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=jqyceszF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 21si2418326pjb.105.2022.02.10.11.05.03; Thu, 10 Feb 2022 11:05:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=jqyceszF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241847AbiBJM4J (ORCPT + 99 others); Thu, 10 Feb 2022 07:56:09 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:37592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234200AbiBJM4I (ORCPT ); Thu, 10 Feb 2022 07:56:08 -0500 Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89B191BD; Thu, 10 Feb 2022 04:56:09 -0800 (PST) Received: by mail-pf1-x431.google.com with SMTP id y8so7324522pfa.11; Thu, 10 Feb 2022 04:56:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:organization:in-reply-to :content-transfer-encoding; bh=gVKJwu5ERjnZG+6nDLNO4990OulCMrqau9J8QnEaUak=; b=jqyceszF7jyQsxmAF0DP4Y17pXPn7jQO2JQZ0z+nSfyH3FPKgnbkG+zVPNOXq5Fptg BkU6WSrT+9gauHWAq0mnlzvwixsqtlAJkghd1nxQBfgMmx6szjsVrosQwBFb33UKgCee EN9ElQKs8NwR8ndyXktqLoP9zn8gXpKWsafqdpsfFvtKQliM2pIUX3yeOFWp6NUU+s8Z /4Exxn6Mz2f01p2S4SK9nJdIsFIqDeZ6oYjRHtBNcRpYJLH5sZ35EXbkRRou/I9L5WSo ysSymDcaIDL54X8n7lRey0i8VeykGf31qt+HdP3tWMpT8cth0lJs3EEBGQuRtwevtY0c BNbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:organization:in-reply-to :content-transfer-encoding; bh=gVKJwu5ERjnZG+6nDLNO4990OulCMrqau9J8QnEaUak=; b=amc7el1kwdm8hu3baHB+SmCh2Jn01t566NMSmxCrB6+ko/S0Re4NQi/4D2hWgWOhB/ 2SilfdZd5wft6Hzkw1dAuQMpRbBHHNzkLxTGTJNlQfdJ06at5Ude+vWqkNOQT8oIchTp qZh41x75VuRfMD6EQ1mT2SmRFDwkkG/BZ/B5jL3zDpvrKkVVsAzolpowM9EeIM3qvOhK a1oTmbmY8VNGS3dznWZYxwvonRbB7rf8hvue7I3+BG2W9zHe4AMqCf+QGtaoacecREo0 9V6Ht4f9lSqd28Ao4BlE/xWOS/3jvkT8tqXcilyHJV+ZJ7jlN75wFyhtlfIKHFA3LoC3 zlOg== X-Gm-Message-State: AOAM531dkuVeJz19Mas/nHa2LP3bsPor5RNO18ZFQOTr0JktblRf2ufh 963L6wkOZ/gpgFdFT/Qu2d0= X-Received: by 2002:a05:6a02:18e:: with SMTP id bj14mr6227006pgb.352.1644497769066; Thu, 10 Feb 2022 04:56:09 -0800 (PST) Received: from [192.168.255.10] ([103.7.29.32]) by smtp.gmail.com with ESMTPSA id v17sm22423250pfm.10.2022.02.10.04.56.05 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 10 Feb 2022 04:56:08 -0800 (PST) Message-ID: <76d94feb-3f9e-36da-5f5c-c9e047778b7e@gmail.com> Date: Thu, 10 Feb 2022 20:55:57 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.6.0 Subject: Re: [PATCH kvm/queue v2 2/3] perf: x86/core: Add interface to query perfmon_event_map[] directly Content-Language: en-US To: Dave Hansen , Peter Zijlstra , David Dunn Cc: Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Stephane Eranian , Jim Mattson , Arnaldo Carvalho de Melo References: <20220117085307.93030-1-likexu@tencent.com> <20220117085307.93030-3-likexu@tencent.com> <20220202144308.GB20638@worktop.programming.kicks-ass.net> <69c0fc41-a5bd-fea9-43f6-4724368baf66@intel.com> <67a731dd-53ba-0eb8-377f-9707e5c9be1b@intel.com> From: Like Xu Organization: Tencent In-Reply-To: <67a731dd-53ba-0eb8-377f-9707e5c9be1b@intel.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/2/2022 2:57 am, Dave Hansen wrote: > On 2/9/22 10:47, Jim Mattson wrote: >> On Wed, Feb 9, 2022 at 7:41 AM Dave Hansen wrote: >>> >>> On 2/9/22 05:21, Peter Zijlstra wrote: >>>> On Wed, Feb 02, 2022 at 02:35:45PM -0800, Jim Mattson wrote: >>>>> 3) TDX is going to pull the rug out from under us anyway. When the TDX >>>>> module usurps control of the PMU, any active host counters are going >>>>> to stop counting. We are going to need a way of telling the host perf >>>>> subsystem what's happening, or other host perf clients are going to >>>>> get bogus data. >>>> That's not acceptible behaviour. I'm all for unilaterally killing any >>>> guest that does this. >>> >>> I'm not sure where the "bogus data" comes or to what that refers >>> specifically. But, the host does have some level of control: >> >> I was referring to gaps in the collection of data that the host perf >> subsystem doesn't know about if ATTRIBUTES.PERFMON is set for a TDX >> guest. This can potentially be a problem if someone is trying to >> measure events per unit of time. > > Ahh, that makes sense. > > Does SGX cause problem for these people? It can create some of the same > collection gaps: > > performance monitoring activities are suppressed when entering > an opt-out (of performance monitoring) enclave. > Are the end perf user aware of the collection gaps caused by the code running under SGX? As far as I know there shouldn't be one yet, we may need a tool like "perf-kvm" for SGX enclaves. >>>> The host VMM controls whether a guest TD can use the performance >>>> monitoring ISA using the TD’s ATTRIBUTES.PERFMON bit... >>> >>> So, worst-case, we don't need to threaten to kill guests. The host can >>> just deny access in the first place. The KVM module parameter "enable_pmu" might be respected, together with a per-TD guest user space control option. >>> >>> I'm not too picky about what the PMU does, but the TDX behavior didn't >>> seem *that* onerous to me. The gory details are all in "On-TD >>> Performance Monitoring" here: >>> >>>> https://www.intel.com/content/dam/develop/external/us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf >>> >>> My read on it is that TDX host _can_ cede the PMU to TDX guests if it >>> wants. I assume the context-switching model Jim mentioned is along the >>> lines of what TDX is already doing on host<->guest transitions. >> >> Right. If ATTRIBUTES.PERFMON is set, then "perfmon state is >> context-switched by the Intel TDX module across TD entry and exit >> transitions." Furthermore, the VMM has no access to guest perfmon >> state. Even the guest TD is under off-TD debug and is untrusted ? I think we (host administrators) need to profile off-TD guests to locate performance bottlenecks with a holistic view, regardless of whether the ATTRIBUTES.PERFMON bit is cleared or not. Perhaps shared memory could be a way to pass guests performance data to the host if PMU activities are suppressed across TD entry and exit transitions for the guest TD is under off-TD debug and is untrusted. >> >> If you're saying that setting this bit is unacceptable, then perhaps >> the TDX folks need to redesign their in-guest PMU support. > > It's fine with *me*, but I'm not too picky about the PMU. But, it > sounded like Peter was pretty concerned about it. One protocol I've seen is that the (TD or normal) guest cannot compromise the host's availability to PMU resources (at least in the host runtime). It's pretty fine and expected that performance data within the trusted TDX guest should be logically isolated from host data (without artificial aggregation). > > In any case, if we (Linux folks) need a change, it's *possible* because > most of this policy is implemented in software in the TDX module. It > would just be painful for the folks who came up with the existing mechanism. > When the code to enable ATTRIBUTES.PERFMON appears in the mailing list, we can have more discussions in a very good time window.