On 2/9/22 10:47, Jim Mattson wrote: > On Wed, Feb 9, 2022 at 7:41 AM Dave Hansen <dave.hansen@xxxxxxxxx> wrote: >> >> On 2/9/22 05:21, Peter Zijlstra wrote: >>> On Wed, Feb 02, 2022 at 02:35:45PM -0800, Jim Mattson wrote: >>>> 3) TDX is going to pull the rug out from under us anyway. When the TDX >>>> module usurps control of the PMU, any active host counters are going >>>> to stop counting. We are going to need a way of telling the host perf >>>> subsystem what's happening, or other host perf clients are going to >>>> get bogus data. >>> That's not acceptible behaviour. I'm all for unilaterally killing any >>> guest that does this. >> >> I'm not sure where the "bogus data" comes or to what that refers >> specifically. But, the host does have some level of control: > > I was referring to gaps in the collection of data that the host perf > subsystem doesn't know about if ATTRIBUTES.PERFMON is set for a TDX > guest. This can potentially be a problem if someone is trying to > measure events per unit of time. Ahh, that makes sense. Does SGX cause problem for these people? It can create some of the same collection gaps: performance monitoring activities are suppressed when entering an opt-out (of performance monitoring) enclave. >>> The host VMM controls whether a guest TD can use the performance >>> monitoring ISA using the TD’s ATTRIBUTES.PERFMON bit... >> >> So, worst-case, we don't need to threaten to kill guests. The host can >> just deny access in the first place. >> >> I'm not too picky about what the PMU does, but the TDX behavior didn't >> seem *that* onerous to me. The gory details are all in "On-TD >> Performance Monitoring" here: >> >>> https://www.intel.com/content/dam/develop/external/us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf >> >> My read on it is that TDX host _can_ cede the PMU to TDX guests if it >> wants. I assume the context-switching model Jim mentioned is along the >> lines of what TDX is already doing on host<->guest transitions. > > Right. If ATTRIBUTES.PERFMON is set, then "perfmon state is > context-switched by the Intel TDX module across TD entry and exit > transitions." Furthermore, the VMM has no access to guest perfmon > state. > > If you're saying that setting this bit is unacceptable, then perhaps > the TDX folks need to redesign their in-guest PMU support. It's fine with *me*, but I'm not too picky about the PMU. But, it sounded like Peter was pretty concerned about it. In any case, if we (Linux folks) need a change, it's *possible* because most of this policy is implemented in software in the TDX module. It would just be painful for the folks who came up with the existing mechanism.
