Hi Markus,
> > This is for security purposes, and can restrict Guest users from
> > accessing certain sensitive hardware information on the Host via perf or
> > PMU counter.
> >
> > When a PMU event is blocked by KVM, Guest users can't get the
> > corresponding event count via perf/PMU counter.
> >
> > EMM, if ‘system’ refers to the QEMU part, then QEMU is responsible
> > for checking the format and passing the list to KVM.
> >
> > Thanks,
> > Zhao
>
> This helped some, thanks. To make sure I got it:
>
> KVM can restrict the guest's access to the PMU. This is either a
> whitelist (guest can access exactly what's on this list), or a blacklist
> (guest can access exactly what's not this list).
Yes! The "action" field controls if it's a "whitelist" (allow) or
"blacklist" (deny).
And "access" means Guest could get the event count, if "no access", then
Guest would get nothing.
For example, if we set a the whitelist ony for the event (select: 0xc4,
umask: 0) in QEMU:
pmu='{"qom-type":"kvm-pmu-filter","id":"f0","action":"allow","events":[{"format":"x86-select-umask","select":196,"umask":0}]}'
then in Guest, this command tries to get count of 2 events:
perf stat -e cpu/event=0xc4,name=branches/,cpu/event=0xc5,name=branch-misses/
sleep 1
Since another event (select: 0xc5, umask: 0) is not on whitelist, its
"access" is blocked by KVM, so user would get the result like:
Performance counter stats for 'sleep 1':
348709 branches
0 branch-misses
1.015962921 seconds time elapsed
0.000000000 seconds user
0.015195000 seconds sys
The "allowed" event has the normal output, and the result of "denied"
event is zero.
> QEMU's kvm-pmu-filter object provides an interface to this KVM feature.
Yes!
> KVM takes "raw" list entries: an entry is a number, and the number's
> meaning depends on the architecture.
Yes, and meaning also depends on format. masked-entry format has special
meaning (with a flag).
> The kvm-pmu-filter object can take such entries, and passes them to
> straight to KVM.
>
> On x86, we commonly use two slightly higher level formats: select &
> umask, and masked. The kvm-pmu-filter object can take entries in either
> format, and maps them to "raw".
>
> Correct?
Yes, Markus, you're right! (And sorry for late reply.)
And "raw" format as a lower level format can be used for other arches
(e.g., ARM).
Thanks,
Zhao
