On 2021/1/25 20:18, Peter Zijlstra wrote:
On Mon, Jan 25, 2021 at 08:07:06PM +0800, Xu, Like wrote:
So under the premise that counter cross-mapping is allowed,
how can hypercall help fix it ?
Hypercall or otherwise exposing the mapping, will let the guest fix it
up when it already touches the data. Which avoids the host from having
to access the guest memory and is faster, no?
- as you may know, the mapping table is changing rapidly from
the time records to be rewritten to the time records to be read;
- the patches will modify the records before it is notified via PMI
which means it's transparent to normal guests (including Windows);
- a malicious guest would ignore the exposed mapping and the
hypercall and I don't think it can solve the leakage issue at all;
- make the guest aware of that hypercall or mapping requires more code changes
in the guest side; but now we can make it on the KVM side and we also know that
cross-mapping case rarely happens, and the overhead is acceptable based on
our tests;
Please let me know if you or Sean are not going to
buy in the PEBS records rewrite proposal in the patch 13 - 17.
---
thx,likexu