qemu/target/i386
Chenyi Qiang 035d1ef265 i386: Add ratelimit for bus locks acquired in guest
A bus lock is acquired through either split locked access to writeback
(WB) memory or any locked access to non-WB memory. It is typically >1000
cycles slower than an atomic operation within a cache and can also
disrupts performance on other cores.

Virtual Machines can exploit bus locks to degrade the performance of
system. To address this kind of performance DOS attack coming from the
VMs, bus lock VM exit is introduced in KVM and it can report the bus
locks detected in guest. If enabled in KVM, it would exit to the
userspace to let the user enforce throttling policies once bus locks
acquired in VMs.

The availability of bus lock VM exit can be detected through the
KVM_CAP_X86_BUS_LOCK_EXIT. The returned bitmap contains the potential
policies supported by KVM. The field KVM_BUS_LOCK_DETECTION_EXIT in
bitmap is the only supported strategy at present. It indicates that KVM
will exit to userspace to handle the bus locks.

This patch adds a ratelimit on the bus locks acquired in guest as a
mitigation policy.

Introduce a new field "bus_lock_ratelimit" to record the limited speed
of bus locks in the target VM. The user can specify it through the
"bus-lock-ratelimit" as a machine property. In current implementation,
the default value of the speed is 0 per second, which means no
restrictions on the bus locks.

As for ratelimit on detected bus locks, simply set the ratelimit
interval to 1s and restrict the quota of bus lock occurence to the value
of "bus_lock_ratelimit". A potential alternative is to introduce the
time slice as a property which can help the user achieve more precise
control.

The detail of bus lock VM exit can be found in spec:
https://software.intel.com/content/www/us/en/develop/download/intel-architecture-instruction-set-extensions-programming-reference.html

Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Message-Id: <20210521043820.29678-1-chenyi.qiang@intel.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-06-17 14:11:06 -04:00
..
hax numa: Teach ram block notifiers about resizeable ram blocks 2021-05-13 18:21:13 +01:00
hvf hvf: Simplify post reset/init/loadvm hooks 2021-06-03 16:43:27 +01:00
kvm i386: Add ratelimit for bus locks acquired in guest 2021-06-17 14:11:06 -04:00
nvmm Add NVMM accelerator: x86 CPU support 2021-05-04 14:15:34 +02:00
tcg target/i386: Fix decode of cr8 2021-06-04 13:47:08 +02:00
whpx sysemu: Let VMChangeStateHandler take boolean 'running' argument 2021-03-09 23:13:57 +01:00
arch_dump.c dump: add kernel_gs_base to QEMU CPU state 2018-07-16 16:13:34 +02:00
arch_memory_mapping.c exec,dump,i386,ppc,s390x: don't include exec/cpu-all.h explicitly 2017-09-19 18:21:33 +02:00
cpu-dump.c i386/cpu_dump: support AVX512 ZMM regs dump 2021-05-31 15:53:03 -04:00
cpu-internal.h i386: split off sysemu part of cpu.c 2021-05-10 15:41:52 -04:00
cpu-param.h tcg: Split out target/arch/cpu-param.h 2019-06-10 07:03:34 -07:00
cpu-qom.h qom: Remove module_obj_name parameter from OBJECT_DECLARE* macros 2020-09-18 14:12:32 -04:00
cpu-sysemu.c i386: drop FEAT_HYPERV feature leaves 2021-05-31 15:53:03 -04:00
cpu.c i386: run accel_cpu_instance_init as post_init 2021-06-04 13:47:08 +02:00
cpu.h i386: drop FEAT_HYPERV feature leaves 2021-05-31 15:53:03 -04:00
gdbstub.c target/i386: gdbstub: only write CR0/CR2/CR3/EFER for sysemu 2021-05-10 15:41:52 -04:00
helper.c i386: make cpu_load_efer sysemu-only 2021-05-10 15:41:52 -04:00
helper.h target/i386: Remove user-only i/o stubs 2021-05-19 12:17:23 -05:00
host-cpu.c accel-cpu: make cpu_realizefn return a bool 2021-05-10 15:41:50 -04:00
host-cpu.h accel-cpu: make cpu_realizefn return a bool 2021-05-10 15:41:50 -04:00
machine.c vmstate: Constify some VMStateDescriptions 2021-05-02 17:24:50 +02:00
meson.build i386: split off sysemu part of cpu.c 2021-05-10 15:41:52 -04:00
monitor.c target/i386/sev: add support to query the attestation report 2021-06-01 09:32:23 -04:00
ops_sse_header.h x86 tcg cpus: Fix Lesser GPL version number 2020-11-15 16:41:42 +01:00
ops_sse.h x86 tcg cpus: Fix Lesser GPL version number 2020-11-15 16:41:42 +01:00
sev_i386.h target/i386/sev: add support to query the attestation report 2021-06-01 09:32:23 -04:00
sev-stub.c target/i386/sev: add support to query the attestation report 2021-06-01 09:32:23 -04:00
sev.c sev: add missing firmware error conditions 2021-06-01 09:32:48 -04:00
shift_helper_template.h x86 tcg cpus: Fix Lesser GPL version number 2020-11-15 16:41:42 +01:00
svm.h target/i386: move paging mode constants from SVM to cpu.h 2021-05-11 04:11:13 -04:00
trace-events * Update the references to some doc files (use *.rst instead of *.txt) 2021-06-02 17:08:11 +01:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
xsave_helper.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00