From: Eduardo Habkost <ehabkost@redhat.com>
To: Chenyi Qiang <chenyi.qiang@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
Richard Henderson <richard.henderson@linaro.org>,
qemu-devel@nongnu.org, Xiaoyao Li <xiaoyao.li@intel.com>
Subject: Re: [PATCH v2] i386: Add ratelimit for bus locks acquired in guest
Date: Wed, 21 Apr 2021 10:12:10 -0400 [thread overview]
Message-ID: <20210421141210.mx5mt7kewahj7eij@habkost.net> (raw)
In-Reply-To: <df860e12-cea5-3d88-ba16-0dd1f8f975cb@intel.com>
On Wed, Apr 21, 2021 at 02:26:42PM +0800, Chenyi Qiang wrote:
> Hi, Eduardo, thanks for your comments!
>
>
> On 4/21/2021 12:34 AM, Eduardo Habkost wrote:
> > Hello,
> >
> > Thanks for the patch. Comments below:
> >
> > On Tue, Apr 20, 2021 at 05:37:36PM +0800, Chenyi Qiang wrote:
> > > Virtual Machines can exploit bus locks to degrade the performance of
> > > system. To address this kind of performance DOS attack, bus lock VM exit
> > > is introduced in KVM and it will report the bus locks detected in guest,
> > > which can help userspace to enforce throttling policies.
> > >
> >
> > Is there anything today that would protect the system from
> > similar attacks from userspace with access to /dev/kvm?
> >
>
> I can't fully understand your meaning for "similar attack with access to
> /dev/kvm". But there are some similar associated detection features on bare
> metal.
What I mean is: you say guests can make a performance DoS attack
on the host, and your patch mitigates that.
What would be the available methods to prevent untrusted
userspace running on the host with access to /dev/kvm from making
a similar DoS attack on the host?
>
> 1. Split lock detection:https://lore.kernel.org/lkml/158031147976.396.8941798847364718785.tip-bot2@tip-bot2/
> Some CPUs can raise an #AC trap when a split lock is attempted.
Would split_lock_detect=fatal be enough to prevent the above attacks?
Is split_lock_detect=fatal the only available way to prevent them?
>
> 2. Bus lock Debug Exception:
> https://lore.kernel.org/lkml/20210322135325.682257-1-fenghua.yu@intel.com/
> The kernel can be notified by an #DB trap after a user instruction acquires
> a bus lock and is executed.
I see a rate limit option mentioned at the above URL. Would a
host kernel bus lock rate limit option make this QEMU patch
redundant?
--
Eduardo
next prev parent reply other threads:[~2021-04-21 14:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-20 9:37 [PATCH v2] i386: Add ratelimit for bus locks acquired in guest Chenyi Qiang
2021-04-20 16:34 ` Eduardo Habkost
2021-04-21 6:26 ` Chenyi Qiang
2021-04-21 14:12 ` Eduardo Habkost [this message]
2021-04-21 14:50 ` Xiaoyao Li
2021-04-21 15:18 ` Eduardo Habkost
2021-04-21 15:33 ` Xiaoyao Li
2021-04-23 1:48 ` Chenyi Qiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210421141210.mx5mt7kewahj7eij@habkost.net \
--to=ehabkost@redhat.com \
--cc=chenyi.qiang@intel.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.