From owner-freebsd-virtualization@freebsd.org Thu Jan 2 19:51:26 2020 Return-Path: Delivered-To: freebsd-virtualization@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0205A1D83ED for ; Thu, 2 Jan 2020 19:51:26 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gate2.funkthat.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47pdvc2v2gz3M1T for ; Thu, 2 Jan 2020 19:51:23 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.15.2/8.15.2) with ESMTPS id 002Jp3B7096226 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 2 Jan 2020 11:51:03 -0800 (PST) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.15.2/8.15.2/Submit) id 002Jp2EJ096225; Thu, 2 Jan 2020 11:51:02 -0800 (PST) (envelope-from jmg) Date: Thu, 2 Jan 2020 11:51:02 -0800 From: John-Mark Gurney To: Robert Crowston Cc: FreeBSD virtualization Subject: Re: RFC: in-guest CPU tick counters Message-ID: <20200102195102.GP22038@funkthat.com> References: <6fKdhaZusPRl6_RJb__9Pb0G7qzUKz9Jm-1cX26HDLrz3DJexiSJ2i-qNV5-iseDRjy1K_PE7ABijXolae03iM223LA4MOsMQ74E2rVu2qA=@protonmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6fKdhaZusPRl6_RJb__9Pb0G7qzUKz9Jm-1cX26HDLrz3DJexiSJ2i-qNV5-iseDRjy1K_PE7ABijXolae03iM223LA4MOsMQ74E2rVu2qA=@protonmail.com> X-Operating-System: FreeBSD 11.0-RELEASE-p7 amd64 X-PGP-Fingerprint: D87A 235F FB71 1F3F 55B7 ED9B D5FF 5A51 C0AC 3D65 X-Files: The truth is out there X-URL: https://www.funkthat.com/ X-Resume: https://www.funkthat.com/~jmg/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.6.1 (2016-04-27) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (gold.funkthat.com [127.0.0.1]); Thu, 02 Jan 2020 11:51:03 -0800 (PST) X-Rspamd-Queue-Id: 47pdvc2v2gz3M1T X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of jmg@gold.funkthat.com has no SPF policy when checking 208.87.223.18) smtp.mailfrom=jmg@gold.funkthat.com X-Spamd-Result: default: False [-1.16 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.980,0]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; IP_SCORE(-0.45)[ip: (-1.15), ipnet: 208.87.216.0/21(-0.58), asn: 32354(-0.46), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[funkthat.com]; AUTH_NA(1.00)[]; NEURAL_HAM_LONG(-0.93)[-0.932,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[jmg@funkthat.com,jmg@gold.funkthat.com]; FREEMAIL_TO(0.00)[protonmail.com]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:32354, ipnet:208.87.216.0/21, country:US]; FROM_NEQ_ENVFROM(0.00)[jmg@funkthat.com,jmg@gold.funkthat.com]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jan 2020 19:51:26 -0000 Robert Crowston via freebsd-virtualization wrote this message on Wed, Jan 01, 2020 at 16:28 +0000: > I have written a patch that exposes to a sysctl the ticks spent by each CPU executing guest code under bhyve. > > This new feature differs from the existing vmm_stats code in that the existing code expresses per-vm information on a per-virtual-cpu basis. This new patch provides a per-physical-cpu counter of the aggregate number of ticks dedicated to executing guest-mode code since the vmm.ko module was loaded. Following the example of kern.cp_times, it is expressed as a new sysctl ("hw.vmm.stat.guest_ticks") rather than a system call, but I am not particularly attached to that. > > The diffs may be seen here: > https://github.com/freebsd/freebsd/compare/master...RobCrowston:vmm-host-stats > > I am looking for comments. If the general idea meets with this list's approval, I will submit it to phabricator. > > The new data are intended to be used by utilities like htop. To that end, I have written a separate patch for htop that colours the CPU bars to express the time spent for guest execution. After re-compiling htop, enable it with F2 ("Setup") -> "Display Options" -> "Detailed CPU time (System/IO-Wait/Hard-IRQ/Soft-IRQ/Steal/Guest)". Presently, htop only supports this feature for Linux hosts. If the above patch is accepted, I will submit the following patch to htop separately: > https://github.com/hishamhm/htop/compare/master...RobCrowston:freebsd-vmm-counter-1 I'm worried about the security implications of this. It is likely to expose a side channel attack on the guest machines from a normal user on the host if these cpu cycle counters are exposed to all users, which is the default. The counters should be restricted on who has access to them, and only allowing root, or the owner of the guest vmm to access them. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."