[RFC,34/41] KVM: x86/pmu: Intercept EVENT_SELECT MSR

Message ID	20240126085444.324918-35-xiong.y.zhang@linux.intel.com (mailing list archive)
State	New, archived
Headers	show Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 505BA14F522; Fri, 26 Jan 2024 08:58:29 +0000 (UTC) From: Xiong Zhang <xiong.y.zhang@linux.intel.com> To: seanjc@google.com, pbonzini@redhat.com, peterz@infradead.org, mizhang@google.com, kan.liang@intel.com, zhenyuw@linux.intel.com, dapeng1.mi@linux.intel.com, jmattson@google.com Cc: kvm@vger.kernel.org, linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org, zhiyuan.lv@intel.com, eranian@google.com, irogers@google.com, samantha.alt@intel.com, like.xu.linux@gmail.com, chao.gao@intel.com, xiong.y.zhang@linux.intel.com, Xiong Zhang <xiong.y.zhang@intel.com> Subject: [RFC PATCH 34/41] KVM: x86/pmu: Intercept EVENT_SELECT MSR Date: Fri, 26 Jan 2024 16:54:37 +0800 Message-Id: <20240126085444.324918-35-xiong.y.zhang@linux.intel.com> In-Reply-To: <20240126085444.324918-1-xiong.y.zhang@linux.intel.com> References: <20240126085444.324918-1-xiong.y.zhang@linux.intel.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	KVM: x86/pmu: Introduce passthrough vPM \| expand [RFC,00/41] KVM: x86/pmu: Introduce passthrough vPM [RFC,01/41] perf: x86/intel: Support PERF_PMU_CAP_VPMU_PASSTHROUGH [RFC,02/41] perf: Support guest enter/exit interfaces [RFC,03/41] perf: Set exclude_guest onto nmi_watchdog [RFC,04/41] perf: core/x86: Add support to register a new vector for PMI handling [RFC,05/41] KVM: x86/pmu: Register PMI handler for passthrough PMU [RFC,06/41] perf: x86: Add function to switch PMI handler [RFC,07/41] perf/x86: Add interface to reflect virtual LVTPC_MASK bit onto HW [RFC,08/41] KVM: x86/pmu: Add get virtual LVTPC_MASK bit function [RFC,09/41] perf: core/x86: Forbid PMI handler when guest own PMU [RFC,10/41] perf: core/x86: Plumb passthrough PMU capability from x86_pmu to x86_pmu_cap [RFC,11/41] KVM: x86/pmu: Introduce enable_passthrough_pmu module parameter and propage to KVM inst… [RFC,12/41] KVM: x86/pmu: Plumb through passthrough PMU to vcpu for Intel CPUs [RFC,13/41] KVM: x86/pmu: Add a helper to check if passthrough PMU is enabled [RFC,14/41] KVM: x86/pmu: Allow RDPMC pass through [RFC,15/41] KVM: x86/pmu: Manage MSR interception for IA32_PERF_GLOBAL_CTRL [RFC,16/41] KVM: x86/pmu: Create a function prototype to disable MSR interception [RFC,17/41] KVM: x86/pmu: Implement pmu function for Intel CPU to disable MSR interception [RFC,18/41] KVM: x86/pmu: Intercept full-width GP counter MSRs by checking with perf capabilities [RFC,19/41] KVM: x86/pmu: Whitelist PMU MSRs for passthrough PMU [RFC,20/41] KVM: x86/pmu: Introduce PMU operation prototypes for save/restore PMU context [RFC,21/41] KVM: x86/pmu: Introduce function prototype for Intel CPU to save/restore PMU context [RFC,22/41] x86: Introduce MSR_CORE_PERF_GLOBAL_STATUS_SET for passthrough PMU [RFC,23/41] KVM: x86/pmu: Implement the save/restore of PMU state for Intel CPU [RFC,24/41] KVM: x86/pmu: Zero out unexposed Counters/Selectors to avoid information leakage [RFC,25/41] KVM: x86/pmu: Introduce macro PMU_CAP_PERF_METRICS [RFC,26/41] KVM: x86/pmu: Add host_perf_cap field in kvm_caps to record host PMU capability [RFC,27/41] KVM: x86/pmu: Clear PERF_METRICS MSR for guest [RFC,28/41] KVM: x86/pmu: Switch IA32_PERF_GLOBAL_CTRL at VM boundary [RFC,29/41] KVM: x86/pmu: Exclude existing vLBR logic from the passthrough PMU [RFC,30/41] KVM: x86/pmu: Switch PMI handler at KVM context switch boundary [RFC,31/41] KVM: x86/pmu: Call perf_guest_enter() at PMU context switch [RFC,32/41] KVM: x86/pmu: Add support for PMU context switch at VM-exit/enter [RFC,33/41] KVM: x86/pmu: Make check_pmu_event_filter() an exported function [RFC,34/41] KVM: x86/pmu: Intercept EVENT_SELECT MSR [RFC,35/41] KVM: x86/pmu: Allow writing to event selector for GP counters if event is allowed [RFC,36/41] KVM: x86/pmu: Intercept FIXED_CTR_CTRL MSR [RFC,37/41] KVM: x86/pmu: Allow writing to fixed counter selector if counter is exposed [RFC,38/41] KVM: x86/pmu: Introduce PMU helper to increment counter [RFC,39/41] KVM: x86/pmu: Implement emulated counter increment for passthrough PMU [RFC,40/41] KVM: x86/pmu: Separate passthrough PMU logic in set/get_msr() from non-passthrough vPMU [RFC,41/41] KVM: nVMX: Add nested virtualization support for passthrough PMU

Message ID

20240126085444.324918-35-xiong.y.zhang@linux.intel.com (mailing list archive)

State

New, archived

Headers

From: Xiong Zhang <xiong.y.zhang@linux.intel.com>
To: seanjc@google.com,
	pbonzini@redhat.com,
	peterz@infradead.org,
	mizhang@google.com,
	kan.liang@intel.com,
	zhenyuw@linux.intel.com,
	dapeng1.mi@linux.intel.com,
	jmattson@google.com
Cc: kvm@vger.kernel.org,
	linux-perf-users@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	zhiyuan.lv@intel.com,
	eranian@google.com,
	irogers@google.com,
	samantha.alt@intel.com,
	like.xu.linux@gmail.com,
	chao.gao@intel.com,
	xiong.y.zhang@linux.intel.com,
	Xiong Zhang <xiong.y.zhang@intel.com>
Subject: [RFC PATCH 34/41] KVM: x86/pmu: Intercept EVENT_SELECT MSR
Date: Fri, 26 Jan 2024 16:54:37 +0800
Message-Id: <20240126085444.324918-35-xiong.y.zhang@linux.intel.com>
In-Reply-To: <20240126085444.324918-1-xiong.y.zhang@linux.intel.com>
References: <20240126085444.324918-1-xiong.y.zhang@linux.intel.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

KVM: x86/pmu: Introduce passthrough vPM | expand

Commit Message

Xiong Zhang Jan. 26, 2024, 8:54 a.m. UTC

From: Xiong Zhang <xiong.y.zhang@intel.com>

Event selectors for GP counters are still intercepted for the purpose of
security, i.e., preventing guest from using unallowed events to steal
information or take advantages of any CPU errata.

Signed-off-by: Xiong Zhang <xiong.y.zhang@intel.com>
Signed-off-by: Mingwei Zhang <mizhang@google.com>
---
 arch/x86/kvm/vmx/pmu_intel.c | 1 -
 arch/x86/kvm/vmx/vmx.c       | 1 -
 2 files changed, 2 deletions(-)

Comments

Sean Christopherson April 11, 2024, 9:55 p.m. UTC | #1

On Fri, Jan 26, 2024, Xiong Zhang wrote:
> From: Xiong Zhang <xiong.y.zhang@intel.com>
> 
> Event selectors for GP counters are still intercepted for the purpose of
> security, i.e., preventing guest from using unallowed events to steal
> information or take advantages of any CPU errata.

Heh, so then they shouldn't have been passed through in the first place.

> Signed-off-by: Xiong Zhang <xiong.y.zhang@intel.com>
> Signed-off-by: Mingwei Zhang <mizhang@google.com>
> ---
>  arch/x86/kvm/vmx/pmu_intel.c | 1 -
>  arch/x86/kvm/vmx/vmx.c       | 1 -
>  2 files changed, 2 deletions(-)
> 
> diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c
> index 9bbd5084a766..621922005184 100644
> --- a/arch/x86/kvm/vmx/pmu_intel.c
> +++ b/arch/x86/kvm/vmx/pmu_intel.c
> @@ -809,7 +809,6 @@ void intel_passthrough_pmu_msrs(struct kvm_vcpu *vcpu)
>  	int i;
>  
>  	for (i = 0; i < vcpu_to_pmu(vcpu)->nr_arch_gp_counters; i++) {
> -		vmx_set_intercept_for_msr(vcpu, MSR_ARCH_PERFMON_EVENTSEL0 + i, MSR_TYPE_RW, false);
>  		vmx_set_intercept_for_msr(vcpu, MSR_IA32_PERFCTR0 + i, MSR_TYPE_RW, false);
>  		if (fw_writes_is_enabled(vcpu))
>  			vmx_set_intercept_for_msr(vcpu, MSR_IA32_PMC0 + i, MSR_TYPE_RW, false);
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index d28afa87be70..1a518800d154 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -698,7 +698,6 @@ static bool is_valid_passthrough_msr(u32 msr)
>  	case MSR_LBR_CORE_FROM ... MSR_LBR_CORE_FROM + 8:
>  	case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 8:
>  		/* LBR MSRs. These are handled in vmx_update_intercept_for_lbr_msrs() */
> -	case MSR_ARCH_PERFMON_EVENTSEL0 ... MSR_ARCH_PERFMON_EVENTSEL0 + 7:
>  	case MSR_IA32_PMC0 ... MSR_IA32_PMC0 + 7:
>  	case MSR_IA32_PERFCTR0 ... MSR_IA32_PERFCTR0 + 7:
>  	case MSR_CORE_PERF_FIXED_CTR_CTRL:
> -- 
> 2.34.1
>

diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c
index 9bbd5084a766..621922005184 100644
--- a/arch/x86/kvm/vmx/pmu_intel.c
+++ b/arch/x86/kvm/vmx/pmu_intel.c
@@ -809,7 +809,6 @@  void intel_passthrough_pmu_msrs(struct kvm_vcpu *vcpu)
 	int i;
 
 	for (i = 0; i < vcpu_to_pmu(vcpu)->nr_arch_gp_counters; i++) {
-		vmx_set_intercept_for_msr(vcpu, MSR_ARCH_PERFMON_EVENTSEL0 + i, MSR_TYPE_RW, false);
 		vmx_set_intercept_for_msr(vcpu, MSR_IA32_PERFCTR0 + i, MSR_TYPE_RW, false);
 		if (fw_writes_is_enabled(vcpu))
 			vmx_set_intercept_for_msr(vcpu, MSR_IA32_PMC0 + i, MSR_TYPE_RW, false);
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index d28afa87be70..1a518800d154 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -698,7 +698,6 @@  static bool is_valid_passthrough_msr(u32 msr)
 	case MSR_LBR_CORE_FROM ... MSR_LBR_CORE_FROM + 8:
 	case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 8:
 		/* LBR MSRs. These are handled in vmx_update_intercept_for_lbr_msrs() */
-	case MSR_ARCH_PERFMON_EVENTSEL0 ... MSR_ARCH_PERFMON_EVENTSEL0 + 7:
 	case MSR_IA32_PMC0 ... MSR_IA32_PMC0 + 7:
 	case MSR_IA32_PERFCTR0 ... MSR_IA32_PERFCTR0 + 7:
 	case MSR_CORE_PERF_FIXED_CTR_CTRL:

[RFC,34/41] KVM: x86/pmu: Intercept EVENT_SELECT MSR

Commit Message

Comments

Patch