| Message ID | 20240709175145.9986-1-manali.shukla@amd.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add support for the Bus Lock Threshold | expand |
On 7/9/2024 11:21 PM, Manali Shukla wrote: > Malicious guests can cause bus locks to degrade the performance of a > system. Non-WB (write-back) and misaligned locked RMW > (read-modify-write) instructions are referred to as "bus locks" and > require system wide synchronization among all processors to guarantee > the atomicity. The bus locks can impose notable performance penalties > for all processors within the system. > > Support for the Bus Lock Threshold is indicated by CPUID > Fn8000_000A_EDX[29] BusLockThreshold=1, the VMCB provides a Bus Lock > Threshold enable bit and an unsigned 16-bit Bus Lock Threshold count. > > VMCB intercept bit > VMCB Offset Bits Function > 14h 5 Intercept bus lock operations > > Bus lock threshold count > VMCB Offset Bits Function > 120h 15:0 Bus lock counter > > During VMRUN, the bus lock threshold count is fetched and stored in an > internal count register. Prior to executing a bus lock within the > guest, the processor verifies the count in the bus lock register. If > the count is greater than zero, the processor executes the bus lock, > reducing the count. However, if the count is zero, the bus lock > operation is not performed, and instead, a Bus Lock Threshold #VMEXIT > is triggered to transfer control to the Virtual Machine Monitor (VMM). > > A Bus Lock Threshold #VMEXIT is reported to the VMM with VMEXIT code > 0xA5h, VMEXIT_BUSLOCK. EXITINFO1 and EXITINFO2 are set to 0 on > a VMEXIT_BUSLOCK. On a #VMEXIT, the processor writes the current > value of the Bus Lock Threshold Counter to the VMCB. > > More details about the Bus Lock Threshold feature can be found in AMD > APM [1]. > > Patches are prepared on kvm-x86/svm (704ec48fc2fb) > > Testing done: > - Added a selftest for the Bus Lock Threadshold functionality. > - Tested the Bus Lock Threshold functionality on SEV and SEV-ES guests. > - Tested the Bus Lock Threshold functionality on nested guests. > > Qemu changes can be found on: > Repo: https://github.com/AMDESE/qemu.git > Branch: buslock_threshold > > Qemu commandline to use the bus lock threshold functionality: > qemu-system-x86_64 -enable-kvm -cpu EPYC-Turin,+svm -M q35,bus-lock-ratelimit=10 \ .. > > [1]: AMD64 Architecture Programmer's Manual Pub. 24593, April 2024, > Vol 2, 15.14.5 Bus Lock Threshold. > https://bugzilla.kernel.org/attachment.cgi?id=306250 > > Manali Shukla (2): > x86/cpufeatures: Add CPUID feature bit for the Bus Lock Threshold > KVM: x86: nSVM: Implement support for nested Bus Lock Threshold > > Nikunj A Dadhania (2): > KVM: SVM: Enable Bus lock threshold exit > KVM: selftests: Add bus lock exit test > > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/svm.h | 5 +- > arch/x86/include/uapi/asm/svm.h | 2 + > arch/x86/kvm/governed_features.h | 1 + > arch/x86/kvm/svm/nested.c | 25 ++++ > arch/x86/kvm/svm/svm.c | 48 ++++++++ > arch/x86/kvm/svm/svm.h | 1 + > arch/x86/kvm/x86.h | 1 + > tools/testing/selftests/kvm/Makefile | 1 + > .../selftests/kvm/x86_64/svm_buslock_test.c | 114 ++++++++++++++++++ > 10 files changed, 198 insertions(+), 1 deletion(-) > create mode 100644 tools/testing/selftests/kvm/x86_64/svm_buslock_test.c > > > base-commit: 704ec48fc2fbd4e41ec982662ad5bf1eee33eeb2 A gentle reminder. -Manali
On 7/30/2024 10:22 AM, Manali Shukla wrote: > On 7/9/2024 11:21 PM, Manali Shukla wrote: >> Malicious guests can cause bus locks to degrade the performance of a >> system. Non-WB (write-back) and misaligned locked RMW >> (read-modify-write) instructions are referred to as "bus locks" and >> require system wide synchronization among all processors to guarantee >> the atomicity. The bus locks can impose notable performance penalties >> for all processors within the system. >> >> Support for the Bus Lock Threshold is indicated by CPUID >> Fn8000_000A_EDX[29] BusLockThreshold=1, the VMCB provides a Bus Lock >> Threshold enable bit and an unsigned 16-bit Bus Lock Threshold count. >> >> VMCB intercept bit >> VMCB Offset Bits Function >> 14h 5 Intercept bus lock operations >> >> Bus lock threshold count >> VMCB Offset Bits Function >> 120h 15:0 Bus lock counter >> >> During VMRUN, the bus lock threshold count is fetched and stored in an >> internal count register. Prior to executing a bus lock within the >> guest, the processor verifies the count in the bus lock register. If >> the count is greater than zero, the processor executes the bus lock, >> reducing the count. However, if the count is zero, the bus lock >> operation is not performed, and instead, a Bus Lock Threshold #VMEXIT >> is triggered to transfer control to the Virtual Machine Monitor (VMM). >> >> A Bus Lock Threshold #VMEXIT is reported to the VMM with VMEXIT code >> 0xA5h, VMEXIT_BUSLOCK. EXITINFO1 and EXITINFO2 are set to 0 on >> a VMEXIT_BUSLOCK. On a #VMEXIT, the processor writes the current >> value of the Bus Lock Threshold Counter to the VMCB. >> >> More details about the Bus Lock Threshold feature can be found in AMD >> APM [1]. >> >> Patches are prepared on kvm-x86/svm (704ec48fc2fb) >> >> Testing done: >> - Added a selftest for the Bus Lock Threadshold functionality. >> - Tested the Bus Lock Threshold functionality on SEV and SEV-ES guests. >> - Tested the Bus Lock Threshold functionality on nested guests. >> >> Qemu changes can be found on: >> Repo: https://github.com/AMDESE/qemu.git >> Branch: buslock_threshold >> >> Qemu commandline to use the bus lock threshold functionality: >> qemu-system-x86_64 -enable-kvm -cpu EPYC-Turin,+svm -M q35,bus-lock-ratelimit=10 \ .. >> >> [1]: AMD64 Architecture Programmer's Manual Pub. 24593, April 2024, >> Vol 2, 15.14.5 Bus Lock Threshold. >> https://bugzilla.kernel.org/attachment.cgi?id=306250 >> >> Manali Shukla (2): >> x86/cpufeatures: Add CPUID feature bit for the Bus Lock Threshold >> KVM: x86: nSVM: Implement support for nested Bus Lock Threshold >> >> Nikunj A Dadhania (2): >> KVM: SVM: Enable Bus lock threshold exit >> KVM: selftests: Add bus lock exit test >> >> arch/x86/include/asm/cpufeatures.h | 1 + >> arch/x86/include/asm/svm.h | 5 +- >> arch/x86/include/uapi/asm/svm.h | 2 + >> arch/x86/kvm/governed_features.h | 1 + >> arch/x86/kvm/svm/nested.c | 25 ++++ >> arch/x86/kvm/svm/svm.c | 48 ++++++++ >> arch/x86/kvm/svm/svm.h | 1 + >> arch/x86/kvm/x86.h | 1 + >> tools/testing/selftests/kvm/Makefile | 1 + >> .../selftests/kvm/x86_64/svm_buslock_test.c | 114 ++++++++++++++++++ >> 10 files changed, 198 insertions(+), 1 deletion(-) >> create mode 100644 tools/testing/selftests/kvm/x86_64/svm_buslock_test.c >> >> >> base-commit: 704ec48fc2fbd4e41ec982662ad5bf1eee33eeb2 > > A gentle reminder. > > -Manali A gentle reminder. - Manali
Malicious guests can cause bus locks to degrade the performance of a system. Non-WB (write-back) and misaligned locked RMW (read-modify-write) instructions are referred to as "bus locks" and require system wide synchronization among all processors to guarantee the atomicity. The bus locks can impose notable performance penalties for all processors within the system. Support for the Bus Lock Threshold is indicated by CPUID Fn8000_000A_EDX[29] BusLockThreshold=1, the VMCB provides a Bus Lock Threshold enable bit and an unsigned 16-bit Bus Lock Threshold count. VMCB intercept bit VMCB Offset Bits Function 14h 5 Intercept bus lock operations Bus lock threshold count VMCB Offset Bits Function 120h 15:0 Bus lock counter During VMRUN, the bus lock threshold count is fetched and stored in an internal count register. Prior to executing a bus lock within the guest, the processor verifies the count in the bus lock register. If the count is greater than zero, the processor executes the bus lock, reducing the count. However, if the count is zero, the bus lock operation is not performed, and instead, a Bus Lock Threshold #VMEXIT is triggered to transfer control to the Virtual Machine Monitor (VMM). A Bus Lock Threshold #VMEXIT is reported to the VMM with VMEXIT code 0xA5h, VMEXIT_BUSLOCK. EXITINFO1 and EXITINFO2 are set to 0 on a VMEXIT_BUSLOCK. On a #VMEXIT, the processor writes the current value of the Bus Lock Threshold Counter to the VMCB. More details about the Bus Lock Threshold feature can be found in AMD APM [1]. Patches are prepared on kvm-x86/svm (704ec48fc2fb) Testing done: - Added a selftest for the Bus Lock Threadshold functionality. - Tested the Bus Lock Threshold functionality on SEV and SEV-ES guests. - Tested the Bus Lock Threshold functionality on nested guests. Qemu changes can be found on: Repo: https://github.com/AMDESE/qemu.git Branch: buslock_threshold Qemu commandline to use the bus lock threshold functionality: qemu-system-x86_64 -enable-kvm -cpu EPYC-Turin,+svm -M q35,bus-lock-ratelimit=10 \ .. [1]: AMD64 Architecture Programmer's Manual Pub. 24593, April 2024, Vol 2, 15.14.5 Bus Lock Threshold. https://bugzilla.kernel.org/attachment.cgi?id=306250 Manali Shukla (2): x86/cpufeatures: Add CPUID feature bit for the Bus Lock Threshold KVM: x86: nSVM: Implement support for nested Bus Lock Threshold Nikunj A Dadhania (2): KVM: SVM: Enable Bus lock threshold exit KVM: selftests: Add bus lock exit test arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/svm.h | 5 +- arch/x86/include/uapi/asm/svm.h | 2 + arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/svm/nested.c | 25 ++++ arch/x86/kvm/svm/svm.c | 48 ++++++++ arch/x86/kvm/svm/svm.h | 1 + arch/x86/kvm/x86.h | 1 + tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/x86_64/svm_buslock_test.c | 114 ++++++++++++++++++ 10 files changed, 198 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/kvm/x86_64/svm_buslock_test.c base-commit: 704ec48fc2fbd4e41ec982662ad5bf1eee33eeb2