On 2/13/2023 6:40 PM, Peter Zijlstra wrote: > On Mon, Feb 06, 2023 at 06:05:44AM +0000, Manali Shukla wrote: >> Add a function to set per-cpu ibs_flags based on an active or inactive >> PreventHostIBS window. >> >> MSR_AMD64_IBSFETCHCTL[IbsFetchEn] and MSR_AMD64_IBSOPCTL[IbsOpEn] bits >> need to be cleared for PreventHostIBS feature to be enabled before VMRUN >> is executed. >> >> ENABLE bit and VALID bit for MSR_AMD64_IBSFETCHCTL are contained in the >> same MSR and same is the case with MSR_AMD64_IBSOPCTL. >> >> Consider the following scenario: >> - The IBS MSR which has ENABLE bit set and VALID bit clear is read. >> - During the process of clearing the ENABLE bit and writing the IBS MSR >> to disable IBS, an IBS event can occur that sets the VALID bit. >> - The write operation on IBS MSR can clear the newly set VALID bit. >> - Since this situation is occurring in the CLGI/STGI window >> (PreventHostIBS window), the actual NMI is not taken. >> - Once VMRUN is issued, it will exit with VMEXIT_NMI. As soon as STGI is >> executed, the pending NMI will trigger. >> - The IBS NMI handler checks for the VALID bit to determine if the NMI >> is generated because of IBS. >> - Since VALID bit is now clear, it doesn't recognize that an IBS event >> is occurred. Due to this reason, the dazed and confused unknown NMI >> messages are generated. >> >> amd_prevent_hostibs_window() is added to avoid these messages when >> PreventHostIBS window is active and PreventHostIBS feature is enabled >> for the guest. >> >> Signed-off-by: Manali Shukla <manali.shukla@xxxxxxx> > > URGH... so am I reading this right that this is a sodding terrible > software implementation of perf_event_attr::exclude_guest ? Not exactly. Unlike exclude_guest where profiler decides whether it wants to trace guest data or not, PreventHostIBS gives control to the Guest. Secured guests(SEV-ES/SEV-SNP) can disallow the use of IBS by the hypervisor, in order to limit the information which can be gathered by host from its execution. -Manali
