Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp3255674rdb; Tue, 6 Feb 2024 11:39:16 -0800 (PST) X-Google-Smtp-Source: AGHT+IGD9eBJvMY2aVfVH0s6fThT7oKQwPRyuAKzT6pkAYF/BxzBk4GzHLx8CvfP5L8Uo5Bb8pXK X-Received: by 2002:a05:6871:10c:b0:219:1494:c5a2 with SMTP id y12-20020a056871010c00b002191494c5a2mr3982608oab.42.1707248356397; Tue, 06 Feb 2024 11:39:16 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707248356; cv=pass; d=google.com; s=arc-20160816; b=iOFuhh/Zw39+ZnO46/wFwPGZHj6dQOVX8N6Ruujzb+JvkxgRTOP34DOHQ60/7jt5Jf Ig/zsQjAxuBjVlinxq5I8U9P4HumPNeGe70o+2R/zQFdaBL3p2o4I+cpFwWSuYA/LBkc uP4mXUW5c9eDRrhliTtEEn6ik++Icu6cnin+uZqj1PADGvMCW0Z1DgDN2Yn8XTrGpWNJ HhUdK66E3P9SexGjW0QJAT5KADzbGF3gbFS4mP63QHAkU71EvcUryc/aEDum3Hln7bVk h2Hs754F7cyS2ZEuRYPc/M7jDms58mK53p4cK/dt/3WtUcQre95ZSDauVijRx1/2vllo nfbA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=3x2t1xN7bqKMU9/2nY9jSJ9ybE1oFcWPEelXadRAJ+c=; fh=GY11jLPmXnzXf5poqbRRf06PX5oMYjDx4998CKe4dRQ=; b=rLpr1XUxUFRkj7ODvYuSu0VgDAi14f4eG3fqYLsRvr/H4HcIjhMmwzddshZkAXgSPv u6KbGQt65UtFhIl6WwgWhdVXlGQ+abI0Rl+pFB9lwXiIal0R1XqG1B6hJPQVEnYXaYaz 7Fuk/CQSjUNprkNt/d8N308R0dv/capoq3Krn2AaAJcafhPsKwo6VKzJ/pOsp4h7eNA7 FYk/0Ydax905iQi1THWUSPBDZkeQNeMoGW04C3zjkigRet1x/3QYQps3nIhTJdqRv3Zw 1a32WSZG9oLowRwfan5teI0uqZcjtDlUE4GJInsDW3YgyfGC7BmNQnlReKMLcd1CqHza txjQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=nBK7YDWq; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-55565-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-55565-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=1; AJvYcCWx493T1bPuMP3Jm0Mn49fz0NDtkEbI3Mv/CNI1SiBDSYddrfFK6GKcoP0lstsLTb9rpP15wK5NWPR9YNcKqgjjg0p61UYatFJwjKn3og== Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id 35-20020a631463000000b005d55aec96b2si2166392pgu.41.2024.02.06.11.39.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Feb 2024 11:39:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-55565-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=nBK7YDWq; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-55565-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-55565-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 831A5B22E25 for ; Tue, 6 Feb 2024 19:39:12 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 525F318AF8; Tue, 6 Feb 2024 19:38:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="nBK7YDWq" Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2E8F17BD4 for ; Tue, 6 Feb 2024 19:38:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707248325; cv=none; b=akTe+Mp9v/H01+X3m2DpZozuMJEoP1xfqrO2RjEuiWKGhh9OxGyAyvZREv3+Xwk3ARDB1B/qG9059IsioaoUNGzg9NQsAgLcRxjpuAYXH9lYi6vZsjlx+NZnI/xCEN600R17xbPZURDcGTmmg0NajGllFtqWouLeVij5MTZ/MKg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707248325; c=relaxed/simple; bh=ou9hy7iyyhAt6woH41QHtMnaC5Ky6OjjEI9+SjblzGU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=b1ZeJq/HOCJWFnXHx6ailOXrP4MrqVjudbdBNS6tM0BmycPewRAe9fSs1ilnR4OZPA1T/q/rRdhE9Xq10OsWfvdKTK4hMz/2fahqhKMtcbPQM9q9OQ+i8rNhMivvgQrGsnX2X8rQxFywhM/r0XLkS663PJDBRQLEvbOhI8ryeMU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=nBK7YDWq; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-6e0539d6781so1366820b3a.2 for ; Tue, 06 Feb 2024 11:38:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1707248323; x=1707853123; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=3x2t1xN7bqKMU9/2nY9jSJ9ybE1oFcWPEelXadRAJ+c=; b=nBK7YDWqNVQ07mq2/h2Dm7zH3sKJJPr4Cw6iPVYdl8oN1SDbtBLWKgw9HCNjiaRox0 RM7H7Dh800uHao7ciKKCcAAw3GY/jUfw4GiaDWDsHyMEsaRDtIq71xso5sJjdC1a5CMQ 4Q2VE13SrcKAF0KP1z8LixXg8uv0WnW0r6mSI291JkJnrouqI9oK2esEpn7OM8OiO+wd hTIV7yiJIVS4q3vL7M18n8fWh+R/o6x1HRM7YahY5+16CfL1I5q3STxwpb+kbnSua8cO DNEUIP/rzP3t+ODDZZzl9ualynYAPHQVihi84ei+gzAxFJezqALKIOvGSiLFloxZiAQf 623w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707248323; x=1707853123; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3x2t1xN7bqKMU9/2nY9jSJ9ybE1oFcWPEelXadRAJ+c=; b=meWITyVQR9bEcuHp8W5YGnZie1vlI55Of7/wpM6r9NURMjYjmW2VslwhOvdpNxAIS5 2u5erGQezpGb442HXeBfdsSNRLNBNpN0FANkRoe+OqkX+OJurd2sBWLhVwD0FPO5dDPp aO/+XxKmkaOs/AQ2f86y2YlVftPwC3dP9oWi36JILlJX5A381IIbHy2goOxCvqJ6FAMM R4+c8aKtjclioqPB8fGw5tODhU655nwCBjMF8U5tM4iXnyEs03B47lqKmYRxyd5F6eQj 5dGaggjZTq2tffEcfXRzV1iIO88ZaNn0GKtmr9F/JrBOX13H3QsfkU3MlmsbRpiAL7yh 2Fqg== X-Gm-Message-State: AOJu0YyelfxTH0govNqJAj6n9+XYgmMMenqnsMYAupxIlb9YjnLwe0TG eYJ6aLpZKIBSXJDi5EiL9uP+aWRblOtANfN4XUzhcWYDJ6PzNTBS5ZFeOaBDKMPhrR4JEDuSs2+ Ngw== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:1894:b0:6e0:610f:33b8 with SMTP id x20-20020a056a00189400b006e0610f33b8mr32712pfh.0.1707248323100; Tue, 06 Feb 2024 11:38:43 -0800 (PST) Date: Tue, 6 Feb 2024 11:38:41 -0800 In-Reply-To: <20231206032054.55070-1-likexu@tencent.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20231206032054.55070-1-likexu@tencent.com> Message-ID: Subject: Re: [PATCH v2] KVM: x86/intr: Explicitly check NMI from guest to eliminate false positives From: Sean Christopherson To: Like Xu Cc: Paolo Bonzini , Andi Kleen , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="us-ascii" +Oliver On Wed, Dec 06, 2023, Like Xu wrote: > Note that when vm-exit is indeed triggered by PMI and before HANDLING_NMI > is cleared, it's also still possible that another PMI is generated on host. > Also for perf/core timer mode, the false positives are still possible since > that non-NMI sources of interrupts are not always being used by perf/core. > In both cases above, perf/core should correctly distinguish between real > RIP sources or even need to generate two samples, belonging to host and > guest separately, but that's perf/core's story for interested warriors. Oliver has a patch[*] that he promised he would send "soon" (wink wink) to properly fix events that are configured to exclude the guest. Unless someone objects, I'm going to tweak the last part of the changelog to be: Note that when VM-exit is indeed triggered by PMI and before HANDLING_NMI is cleared, it's also still possible that another PMI is generated on host. Also for perf/core timer mode, the false positives are still possible since that non-NMI sources of interrupts are not always being used by perf/core. For events that are host-only, perf/core can and should eliminate false positives by checking event->attr.exclude_guest, i.e. events that are configured to exclude KVM guests should never fire in the guest. Events that are configured to count host and guest are trickier, perhaps impossible to handle with 100% accuracy? And regardless of what accuracy is provided by perf/core, improving KVM's accuracy is cheap and easy, with no real downsides. [*] https://git.kernel.org/pub/scm/linux/kernel/git/oupton/linux.git/commit/?h=perf/unfudge-sampling&id=6a35fa884b378f704b485c6bf887125af5da6077