On 3/15/2023 10:33 AM, Manali Shukla wrote: > On 2/6/2023 11:35 AM, Manali Shukla wrote: >> Adds support for PreventHostIBS feature for SEV-ES and SNP guests. >> Currently, the hypervisor is able to inspect instruction based samples >> from the guest and gather execution information. With enablement of >> PreventHostIBS feature, SEV-ES and SNP guests may choose to disallow >> use of instruction based sampling by the hypervisor in order to limit >> the information gathered about their execution. (More information in >> Section 15.36.17 APM Volume 2) >> >> While implementing this feature, unknown NMIs were being seen. On >> further investigation, a race was found effecting the IBS FETCH/OP >> MSR. >> >> ENABLE bit and VALID bit for IBS_FETCH_CTL are contained in the same >> MSR and same is the case with IBS_OP_CTL. >> >> Consider the following scenario: >> - The IBS MSR which has ENABLE bit set and VALID bit clear is read. >> - During the process of clearing the ENABLE bit and writing the IBS >> MSR to disable IBS, an IBS event can occur that sets the VALID bit. >> - The write operation on IBS MSR can clear the newly set VALID bit. >> - Since this situation is occurring in the CLGI/STGI window >> (PreventHostIBS window), the actual NMI is not taken. >> - Once VMRUN is issued, it will exit with VMEXIT_NMI and as soon as >> STGI is executed, the pending NMI will trigger. >> - The IBS NMI handler checks for the VALID bit to determine if the NMI >> is generated because of IBS. >> - Since VALID bit is now clear, it doesn't recognize that an IBS event >> is occurred which in turn generates the dazed and confused unknown >> NMI messages. >> >> Per-cpu ibs_flags which indicates whether PreventHostIBS window is >> active/inactive are added to avoid the above mentioned race. >> >> An active PreventHostIBS window is set before calling VMRUN and >> cleared after STGI. PreventHostIBS window check is added to >> perf_ibs_handle_irq(), to avoid unknown NMIs and treat them as handled >> when window is active. >> >> There are 2 patches in this series. >> 1) Add amd_prevent_hostibs_window() function to set per-cpu ibs_flags >> based on an active/inactive PreventHostIBS window. >> 2) Enable PreventHostIBS for SEV-ES and SNP guests. >> >> Testing done: >> - Executed program symbols in guest are not captured in host when >> PreventHostIBS feature is enabled. >> - Generated 1000+ NMIs using cpuid command, no unknown NMIs are seen >> after enablement of PreventHostIBS feature. >> >> Qemu commandline to enable PreventHostIBS on guest. >> >> qemu-system-x86_64 -enable-kvm -cpu EPYC-v4,+nohostibs \ .. >> >> Manali Shukla (2): >> perf/x86/amd: Add amd_prevent_hostibs_window() to set per-cpu >> ibs_flags >> KVM: SEV: PreventHostIBS enablement for SEV-ES and SNP guest >> >> arch/x86/events/amd/ibs.c | 64 ++++++++++++++++++++++++++++++ >> arch/x86/include/asm/cpufeatures.h | 1 + >> arch/x86/include/asm/perf_event.h | 20 ++++++++++ >> arch/x86/kvm/svm/sev.c | 10 +++++ >> arch/x86/kvm/svm/svm.c | 39 +++++++++++++++++- >> arch/x86/kvm/svm/svm.h | 1 + >> 6 files changed, 133 insertions(+), 2 deletions(-) >> > > A gentle reminder for the review. > > -Manali A gentle reminder for the review. -Manali