RFC: in-guest CPU tick counters

[John-Mark Gurney]

Robert Crowston via freebsd-virtualization wrote this message on Wed, Jan 01, 2020 at 16:28 +0000:
> I have written a patch that exposes to a sysctl the ticks spent by each CPU executing guest code under bhyve.
> 
> This new feature differs from the existing vmm_stats code in that the existing code expresses per-vm information on a per-virtual-cpu basis. This new patch provides a per-physical-cpu counter of the aggregate number of ticks dedicated to executing guest-mode code since the vmm.ko module was loaded. Following the example of kern.cp_times, it is expressed as a new sysctl ("hw.vmm.stat.guest_ticks") rather than a system call, but I am not particularly attached to that.
> 
> The diffs may be seen here:
> https://github.com/freebsd/freebsd/compare/master...RobCrowston:vmm-host-stats
> 
> I am looking for comments. If the general idea meets with this list's approval, I will submit it to phabricator.
> 
> The new data are intended to be used by utilities like htop. To that end, I have written a separate patch for htop that colours the CPU bars to express the time spent for guest execution. After re-compiling htop, enable it with F2 ("Setup") -> "Display Options" -> "Detailed CPU time (System/IO-Wait/Hard-IRQ/Soft-IRQ/Steal/Guest)". Presently, htop only supports this feature for Linux hosts. If the above patch is accepted, I will submit the following patch to htop separately:
> https://github.com/hishamhm/htop/compare/master...RobCrowston:freebsd-vmm-counter-1

I'm worried about the security implications of this.

It is likely to expose a side channel attack on the guest machines
from a normal user on the host if these cpu cycle counters are exposed
to all users, which is the default.

The counters should be restricted on who has access to them, and only
allowing root, or the owner of the guest vmm to access them.

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."