Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2313642pxp; Mon, 21 Mar 2022 16:40:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxBV/jhIoR/mmMfYUAiNmeYc71Z/deoRX7vE2m3szFLP9kLem9/Pi5IMGp8OD7sUOI+Rzh3 X-Received: by 2002:a05:6a00:238b:b0:4fa:aaa1:ee3c with SMTP id f11-20020a056a00238b00b004faaaa1ee3cmr4715792pfc.52.1647906030032; Mon, 21 Mar 2022 16:40:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647906030; cv=none; d=google.com; s=arc-20160816; b=YagGynC586rp8zzc6PhrOTfgqzJIUCPCq5c2naaFDtWegSZK7ty+IktbG3rM73+Sfv uGy02UrpNtKTG6PWS+4SpFhmgeo+7C6aVl1VoUIAlQXUO+oznY8kPQFrxu54cTj993C+ ygnXkbr1Mh8KwTb+J3y7g1EDgyiDd5b8cU/xtku/7bvgk7THHXf7Ix2hvFHTaKCXl7Ee rdOkPMr6xejI/5SLy4I8JvJhFXKblEc7FIfCeK4GXKrgN3QlZVRkElTzu//Mz+0ZlAzm ZU4P9ZRM+C3elZypKsXYkeDZO5EQSUD33dKDqHg9sBUZClE/0knEBk4UBDmV2bGK904k jQiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=zYTd46XXMIR/EBFVjL4wkBggwgjqAKgJIG8foIWgEVU=; b=wemtT2dyOcOe9FKq5No0PIvNq1t0CsVC+hzPTeeVix88cve6RhTBwqUXKL68l0N+H4 WmfRQpRZgbQnALkz5bTobbT+ocIqFF/d4PHe0WWmtaIDZ4AY/6IUEcm2+3l1BuzG4fJ2 hMZo0vI7R92JccWJ0hO8dIf3zwxhgjTfV5XxH/1B3gkLU/9Wzu4q3tZHEdRVly5u0wi+ Usjd5H07if+AjobRZzr4hQKAnUh6vkQgauKX1JcPXBnhLs4Ggdrrff6HfaGlzL8/X3dy qqjbTFzN3ih/fx6Fp/T0YpHq5tLnHtxQduW2sMKmUvw7WMQcn5Ipo0ZMdQvpqdQLk8X3 uQzw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=qFwNYGnX; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id b28-20020a631b5c000000b003816043f126si13494091pgm.795.2022.03.21.16.40.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Mar 2022 16:40:30 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=qFwNYGnX; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id DC0B540C2D9; Mon, 21 Mar 2022 15:54:09 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230338AbiCUWzH (ORCPT + 99 others); Mon, 21 Mar 2022 18:55:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56386 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230395AbiCUWys (ORCPT ); Mon, 21 Mar 2022 18:54:48 -0400 Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CED7D37806A for ; Mon, 21 Mar 2022 15:38:08 -0700 (PDT) Received: by mail-yb1-xb2e.google.com with SMTP id v130so30621919ybe.13 for ; Mon, 21 Mar 2022 15:38:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zYTd46XXMIR/EBFVjL4wkBggwgjqAKgJIG8foIWgEVU=; b=qFwNYGnX+e22tchIGIjV+ocVkIfa8G9W7pb7GhR3piqlo1M6aJsZoF80AetZeF33t+ qbJcMOfLLkvkiJWn1u+R0LhkbJ2d1jVaLpiv1qETysL+Lpa7AA+Ie/WzQHZgN8abrohh lCG5aB5mh5J3MjGse5g2KRTGwV/RX6g31qlMk2decWxmy61hJRWdF2fVUSOv6OhhP90k LZWBGL474isIc5KzWCCj0i0KP+hqPOsclgI8XG9smN9dTq9QkoW4Wz4YqxLn0IeaJXgT I9iqtEBurdtBHJHpJnTzA8P0N8CqvPoTKrZNXA8v8YJiPAIhlVTdFeYsSV4+78j+yprF txog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zYTd46XXMIR/EBFVjL4wkBggwgjqAKgJIG8foIWgEVU=; b=0UNCqFCy18vjlYP/RzFc2jqAERVnnyH/BPF7JzmqKYg7+L+JHtHC82E272gaJekqvG P8qvYkREm6/ta5Nr/G0Fgbt62wUNQ5/TPwSDLZHqMFFoC/WmDZm4pJ4GpVvjhmFMr3WG 2ARqPprkSctXfHkP9frbZyn8dLJ54Sh0tLvcELR49T27Aa8nQch7U1FIs42hSDPT2BAB ZPvNOYT2NVTj7QIOuuvP2Iy6mMKUO2TqVKXLs+s6AaGhwmfvdUyLPCmh/7OC9MujvzWX tzGDFfwXwpB5Re87D5XlCJFudQwq3heZUJDs93wYMta6XMgQC+g9TYcz52gu0ttug/Tg ZHfg== X-Gm-Message-State: AOAM530nOYX3kYrjTkA9TCFTLVWJEsXOzT+8bC25q3I1WzSkyvu8xzlL qLQwUkB8IbAMX3UmUoYPAZxq7/KKvCoG97BhS6yn4AGC5kC5Wg== X-Received: by 2002:a9d:6e04:0:b0:5af:6426:6d39 with SMTP id e4-20020a9d6e04000000b005af64266d39mr8523074otr.75.1647900004351; Mon, 21 Mar 2022 15:00:04 -0700 (PDT) MIME-Version: 1.0 References: <20220301143650.143749-1-mlevitsk@redhat.com> <20220301143650.143749-5-mlevitsk@redhat.com> <6a7f13d1-ed00-b4a6-c39b-dd8ba189d639@redhat.com> In-Reply-To: From: Jim Mattson Date: Mon, 21 Mar 2022 14:59:53 -0700 Message-ID: Subject: Re: [PATCH v3 4/7] KVM: x86: nSVM: support PAUSE filter threshold and count when cpu_pm=on To: Maxim Levitsky Cc: Paolo Bonzini , kvm@vger.kernel.org, Ingo Molnar , Dave Hansen , Sean Christopherson , Borislav Petkov , "H. Peter Anvin" , Thomas Gleixner , x86@kernel.org, Vitaly Kuznetsov , Joerg Roedel , linux-kernel@vger.kernel.org, Wanpeng Li Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 21, 2022 at 2:36 PM Maxim Levitsky wrote: > > On Wed, 2022-03-09 at 11:07 -0800, Jim Mattson wrote: > > On Wed, Mar 9, 2022 at 10:47 AM Paolo Bonzini wrote: > > > On 3/9/22 19:35, Jim Mattson wrote: > > > > I didn't think pause filtering was virtualizable, since the value of > > > > the internal counter isn't exposed on VM-exit. > > > > > > > > On bare metal, for instance, assuming the hypervisor doesn't intercept > > > > CPUID, the following code would quickly trigger a PAUSE #VMEXIT with > > > > the filter count set to 2. > > > > > > > > 1: > > > > pause > > > > cpuid > > > > jmp 1 > > > > > > > > Since L0 intercepts CPUID, however, L2 will exit to L0 on each loop > > > > iteration, and when L0 resumes L2, the internal counter will be set to > > > > 2 again. L1 will never see a PAUSE #VMEXIT. > > > > > > > > How do you handle this? > > > > > > > > > > I would expect that the same would happen on an SMI or a host interrupt. > > > > > > 1: > > > pause > > > outl al, 0xb2 > > > jmp 1 > > > > > > In general a PAUSE vmexit will mostly benefit the VM that is pausing, so > > > having a partial implementation would be better than disabling it > > > altogether. > > > > Indeed, the APM does say, "Certain events, including SMI, can cause > > the internal count to be reloaded from the VMCB." However, expanding > > that set of events so much that some pause loops will *never* trigger > > a #VMEXIT seems problematic. If the hypervisor knew that the PAUSE > > filter may not be triggered, it could always choose to exit on every > > PAUSE. > > > > Having a partial implementation is only better than disabling it > > altogether if the L2 pause loop doesn't contain a hidden #VMEXIT to > > L0. > > > > Hi! > > You bring up a very valid point, which I didn't think about. > > However after thinking about this, I think that in practice, > this isn't a show stopper problem for exposing this feature to the guest. > > > This is what I am thinking: > > First lets assume that the L2 is malicious. In this case no doubt > it can craft such a loop which will not VMexit on PAUSE. > But that isn't a problem - instead of this guest could have just used NOP > which is not possible to intercept anyway - no harm is done. > > Now lets assume a non malicious L2: > > > First of all the problem can only happen when a VM exit is intercepted by L0, > and not by L1. Both above cases usually don't pass this criteria since L1 is highly > likely to intercept both CPUID and IO port access. It is also highly unlikely > to allow L2 direct access to L1's mmio ranges. > > Overall there are very few cases of deterministic vm exit which is intercepted > by L0 but not L1. If that happens then L1 will not catch the PAUSE loop, > which is not different much from not catching it because of not suitable > thresholds. > > Also note that this is an optimization only - due to count and threshold, > it is not guaranteed to catch all pause loops - in fact hypervisor has > to guess these values, and update them in attempt to catch as many such > loops as it can. > > I think overall it is OK to expose that feature to the guest > and it should even improve performance in some cases - currently > at least nested KVM intercepts every PAUSE otherwise. Can I at least request that this behavior be documented as a KVM virtual CPU erratum? > > Best regards, > Maxim Levitsky > > > >