[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/6] x86/vpmu: Expose PEBS and DS area in PV mode
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Tue, 24 Mar 2026 11:23:24 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7uJqH5x/m1BWWTg5UjTFkTGond1ERcQEAYFB3M2Ni6g=; b=PVvrro3L4IlMAk+E/EXygJX81K4kHLztLxaF4vLOcLLEmsrqIXZ5oX45QlaLsnUoJNuP8craH/ZZhVTXOA0htIv5YAn7IJYlkArmsaJ4iocd0MLSZjc/TVk0UCmDrkB8nQLJBEietyFWh5ysLHi+qM9hvvScp++LKL8vpmyvQgt2824jwnUe3zquScGYHvOuq+1nPfg8Ffe6D30HuloGd0h7Hu3/FQjCBPJRsSYCaiADbvj19at+MeWpD1TYVUTZ6t/QPxwG+56qGN5WZteOA/mbshXAPOK/Kptn0IePkbF5TQXPZpOgbCwr7x/qYEACaDP5+9uUKCDyWqukhe/+UA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ucXhVaHtt75P+qtxXbeSNCfIr5Usxv/VAhhjfqpFOeVKXVnUIFgplOy/QDdmecZly60Imk9rMOSuC6tVsEZUqDvf3+tYsuuIi0ZQ2C/cc7PHwTQZVEIYcsJVemsaWik9iJb2ulyob85rWftcwkBm851/knKMwg7KuW2YscgjGHiGmIqur2m0qaCjMCGrSXRIobmUgVy0Bt/cXs7Btm/PVVXj8EoiYRfBm1WPFRQbd37nc4Sik6Txlrv6qfxNYqD8cmi6IyMQYpIDJI/t9fnHLFTfekQVQSOxP6tUg7xt2uQeRpZ3t9OdDnr3lUbjHs5uOOF3KjAktDMTuzfMjajutQ==
- Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Teddy Astie <teddy.astie@xxxxxxxxxx>
- Delivery-date: Tue, 24 Mar 2026 11:23:36 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 24/03/2026 11:10 am, Jan Beulich wrote:
> On 24.03.2026 11:42, Andrew Cooper wrote:
>> On 24/03/2026 9:11 am, Jan Beulich wrote:
>>> On 10.03.2026 17:44, Teddy Astie wrote:
>>>> I don't see any reason for them for not be available, especially
>>>> since core2_vpmu_do_wrmsr has PV specific logic for MSR_IA32_DS_AREA.
>>> This is really dangerous: You allow PV domains to control whether the area
>>> is actually mapped. It lacking a mapping can, iirc, on at least some CPUs
>>> result in a complete hang.
>> It's ~all, and explicitly documented. SDM Vol3 20.4.9.3:
>>
>> "The recording of branch records in the BTS buffer (or PEBS records in
>> the PEBS buffer) may not operate properly if accesses to the linear
>> addresses in any of the three DS save area sections cause page faults,
>> VM exits, or the setting of accessed or dirty flags in the paging
>> structures (ordinary or EPT). For that reason, system software should
>> establish paging structures (both ordinary and EPT) to prevent such
>> occurrences."
>>
>> There are potentially uses for PEBS/DS, but it needs to be via explicit
>> opt in only; it is absolutely not safe to let guests have in general.
> That would extend to HVM as well then, wouldn't it?
>
>> One fun interaction would be a PV domain which gets shadowed (PV-L1TF,
>> or migrated), which will instantly violate the #PF requirement.
> Same here, just with EPT misconfig exits in place of #PF?
Yes it does extend to HVM guests too. The difference is that it already
exists for HVM guests, via the vpmu=dts option.
~Andrew
|
