On Wed, Sep 06, 2023 at 09:08:25PM +0530, Manali Shukla wrote: > Hi Peter, > > Thank you for looking into this. > > On 9/5/2023 9:17 PM, Peter Zijlstra wrote: > > On Mon, Sep 04, 2023 at 09:53:34AM +0000, Manali Shukla wrote: > > > >> Note that, since IBS registers are swap type C [2], the hypervisor is > >> responsible for saving and restoring of IBS host state. Hypervisor > >> does so only when IBS is active on the host to avoid unnecessary > >> rdmsrs/wrmsrs. Hypervisor needs to disable host IBS before saving the > >> state and enter the guest. After a guest exit, the hypervisor needs to > >> restore host IBS state and re-enable IBS. > > > > Why do you think it is OK for a guest to disable the host IBS when > > entering a guest? Perhaps the host was wanting to profile the guest. > > > > 1. Since IBS registers are of swap type C [1], only guest state is saved > and restored by the hardware. Host state needs to be saved and restored by > hypervisor. In order to save IBS registers correctly, IBS needs to be > disabled before saving the IBS registers. > > 2. As per APM [2], > "When a VMRUN is executed to an SEV-ES guest with IBS virtualization enabled, the > IbsFetchCtl[IbsFetchEn] and IbsOpCtl[IbsOpEn] MSR bits must be 0. If either of > these bits are not 0, the VMRUN will fail with a VMEXIT_INVALID error code." > This is enforced by hardware on SEV-ES guests when VIBS is enabled on SEV-ES > guests. I'm not sure I'm fluent in virt speak (in fact, I'm sure I'm not). Is the above saying that a host can never IBS profile a guest? Does the current IBS thing assert perf_event_attr::exclude_guest is set? I can't quickly find anything :-(
