Re: RFC: in-guest CPU tick counters

[John-Mark Gurney]

Robert Crowston via freebsd-virtualization wrote this message on Wed, Jan 01, 
2020 at 16:28 +:
> I have written a patch that exposes to a sysctl the ticks spent by each CPU 
> executing guest code under bhyve.
> 
> This new feature differs from the existing vmm_stats code in that the 
> existing code expresses per-vm information on a per-virtual-cpu basis. This 
> new patch provides a per-physical-cpu counter of the aggregate number of 
> ticks dedicated to executing guest-mode code since the vmm.ko module was 
> loaded. Following the example of kern.cp_times, it is expressed as a new 
> sysctl ("hw.vmm.stat.guest_ticks") rather than a system call, but I am not 
> particularly attached to that.
> 
> The diffs may be seen here:
> https://github.com/freebsd/freebsd/compare/master...RobCrowston:vmm-host-stats
> 
> I am looking for comments. If the general idea meets with this list's 
> approval, I will submit it to phabricator.
> 
> The new data are intended to be used by utilities like htop. To that end, I 
> have written a separate patch for htop that colours the CPU bars to express 
> the time spent for guest execution. After re-compiling htop, enable it with 
> F2 ("Setup") -> "Display Options" -> "Detailed CPU time 
> (System/IO-Wait/Hard-IRQ/Soft-IRQ/Steal/Guest)". Presently, htop only 
> supports this feature for Linux hosts. If the above patch is accepted, I will 
> submit the following patch to htop separately:
> https://github.com/hishamhm/htop/compare/master...RobCrowston:freebsd-vmm-counter-1

I'm worried about the security implications of this.

It is likely to expose a side channel attack on the guest machines
from a normal user on the host if these cpu cycle counters are exposed
to all users, which is the default.

The counters should be restricted on who has access to them, and only
allowing root, or the owner of the guest vmm to access them.

-- 
  John-Mark Gurney  Voice: +1 415 225 5579

 "All that I will do, has been done, All that I have, has not."
___
freebsd-virtualization@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to 
"freebsd-virtualization-unsubscr...@freebsd.org"

RFC: in-guest CPU tick counters

[Robert Crowston via freebsd-virtualization]

I have written a patch that exposes to a sysctl the ticks spent by each CPU 
executing guest code under bhyve.

This new feature differs from the existing vmm_stats code in that the existing 
code expresses per-vm information on a per-virtual-cpu basis. This new patch 
provides a per-physical-cpu counter of the aggregate number of ticks dedicated 
to executing guest-mode code since the vmm.ko module was loaded. Following the 
example of kern.cp_times, it is expressed as a new sysctl 
("hw.vmm.stat.guest_ticks") rather than a system call, but I am not 
particularly attached to that.

The diffs may be seen here:
https://github.com/freebsd/freebsd/compare/master...RobCrowston:vmm-host-stats

I am looking for comments. If the general idea meets with this list's approval, 
I will submit it to phabricator.

The new data are intended to be used by utilities like htop. To that end, I 
have written a separate patch for htop that colours the CPU bars to express the 
time spent for guest execution. After re-compiling htop, enable it with F2 
("Setup") -> "Display Options" -> "Detailed CPU time 
(System/IO-Wait/Hard-IRQ/Soft-IRQ/Steal/Guest)". Presently, htop only supports 
this feature for Linux hosts. If the above patch is accepted, I will submit the 
following patch to htop separately:
https://github.com/hishamhm/htop/compare/master...RobCrowston:freebsd-vmm-counter-1

Happy New Year,
Rob Crowston.
___
freebsd-virtualization@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to 
"freebsd-virtualization-unsubscr...@freebsd.org"