Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2085669imm; Thu, 14 Jun 2018 08:31:46 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIZDJnABh5m8RHonD05hJaMhpd2oig34qXYh6Cm3grJ2KxSmL0Wl8GE62Xxmtf6LC7Iy7Gt X-Received: by 2002:a17:902:1a2:: with SMTP id b31-v6mr3458371plb.279.1528990306803; Thu, 14 Jun 2018 08:31:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528990306; cv=none; d=google.com; s=arc-20160816; b=LxzM6DG/C0Mc5OBlv41cx4n28uo4Nndf7SOC5qlctlsEWE/qfDk2dMMKb4zdpapC4f 6wfEEQbl1Au7JNe6i7eYq/MLokYR8Z1/4RWGuThll3DvOgNbylFhQIqFcMVW/CM4Ef/m /cUKJifQU8ap1UNCBlr72J0Su+aBR9GLuh92vn8PvA8/CyjqseTwauxVZHTgMyRZoOHX jwXKFlvTITxKjHlkQVtoTUCH1rymhJKD+Z4nWLanM+JXjlOpySg/3O+deQ2jiDeH95rZ vayIIs7scskXJJ9h/2OTerXSt/ZQfSPhYaFYx0MaqwI/W9cl7Te2w696td1ZIXZNDRlf Ozxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:message-id:references :in-reply-to:subject:cc:to:from:date:content-transfer-encoding :mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=oRQiFEVwU3VzDYhycOMcuzSKN1iWEj4pGEVb1hBWAB8=; b=efOqn6IjDKs/YzP4dIVyZd+V4oWc+w1SARxFVkS9VgD/5effrTa9B4g+Onug0eUvAI 3e1jeYXTuvUl0GpR/nRRPdu5eyw1TmWySPeKkSKiIaCPl2z5pEi780oSu4Hh66fMvUtC sLfJbP3b9dXHjE5cpdOMm6Xdkgwi2DgKy3siWaG7z10v40CHHxb/bgvvsUGmoK0iPlMF FuQ8iLAzOSREI8suSW1tgLwebGncy6lsogCgYWkPsX0FzO07OIL4AxBpqITTRwUQgqJT bD+jVq2WCF1xwJYB+peYBV8u6DqJcf4JJunvImL7JKwOmiDvR285p59zOQCHrKFZSvCN XKIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=gyijERiH; dkim=pass header.i=@codeaurora.org header.s=default header.b=gyijERiH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id ce9-v6si6445248plb.364.2018.06.14.08.31.32; Thu, 14 Jun 2018 08:31:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=gyijERiH; dkim=pass header.i=@codeaurora.org header.s=default header.b=gyijERiH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964912AbeFNPa5 (ORCPT + 99 others); Thu, 14 Jun 2018 11:30:57 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:54538 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964820AbeFNPa4 (ORCPT ); Thu, 14 Jun 2018 11:30:56 -0400 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id A11CA600D0; Thu, 14 Jun 2018 15:30:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1528990255; bh=TeMrxAk5XyuHDtuqYrFDucy9EnkQ5py0nxuJyCMx7j8=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=gyijERiHBN2MLIYKB5FqCbeTcALqPjabpnW3VTm3Jz7K8d3KS1CwDIMEro30GV9Lk 6/tejiOVvMJgHQ5NjTsYwG0YYO0TATRr3mUokrqyQXNCjHVbBpO2QxuamROMk1J3LF 4bvIa707bTHKYbm7XlDnWw8wqv/nkfqfWBkJsvTk= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on pdx-caf-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=2.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.0 Received: from mail.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.codeaurora.org (Postfix) with ESMTP id F0F426022C; Thu, 14 Jun 2018 15:30:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1528990255; bh=TeMrxAk5XyuHDtuqYrFDucy9EnkQ5py0nxuJyCMx7j8=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=gyijERiHBN2MLIYKB5FqCbeTcALqPjabpnW3VTm3Jz7K8d3KS1CwDIMEro30GV9Lk 6/tejiOVvMJgHQ5NjTsYwG0YYO0TATRr3mUokrqyQXNCjHVbBpO2QxuamROMk1J3LF 4bvIa707bTHKYbm7XlDnWw8wqv/nkfqfWBkJsvTk= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Thu, 14 Jun 2018 11:30:54 -0400 From: Agustin Vega-Frias To: Will Deacon Cc: Marc Zyngier , Mark Rutland , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Jeremy Linton , Catalin Marinas , Lorenzo Pieralisi , timur@codeaurora.org Subject: Re: [RFC V2 3/3] perf: qcom: Add Falkor CPU PMU IMPLEMENTATION DEFINED event support In-Reply-To: <20180613130232.GA27675@arm.com> References: <1528379808-27970-1-git-send-email-agustinv@codeaurora.org> <1528379808-27970-4-git-send-email-agustinv@codeaurora.org> <20180612144055.m2h26n64spfm6k6o@lakrids.cambridge.arm.com> <9957219b64252d3b2e19724db04a1179@codeaurora.org> <20180613103555.GC26280@arm.com> <06c81a64-904f-59fa-5751-62818d6d2107@arm.com> <20180613130232.GA27675@arm.com> Message-ID: <4a584145358bd046d735c30ba0d49db6@codeaurora.org> X-Sender: agustinv@codeaurora.org User-Agent: Roundcube Webmail/1.2.5 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On 2018-06-13 09:02, Will Deacon wrote: > On Wed, Jun 13, 2018 at 01:59:58PM +0100, Marc Zyngier wrote: >> On 13/06/18 11:35, Will Deacon wrote: [...] >> > Great :( We need to make sure we disable EL0 access during boot then, but >> > that means we need to prove for the existence of this thing in head.S >> > (since the PMU driver might not get loaded). Unfortunately it appears the only check we can do for this is through the MIDR or PMPIDRx. I'm investigating whether we can detect this through some other mechanism, but it that doesn't exists would the MIDR.PMPIDRx check be acceptable? >> > >> > Also, what's the kvm story here so that we don't accidentally open up a >> > VM-VM side-channel via these registers? How do the EL1 trapping controls >> > work? Traps for these registers are as follows: Architecture traps: - HCR_EL2.TIDCP enables a trap when accessing IMP DEF registers. kvm will set this bit for all guests and access from EL1/EL0 will cause a trap to EL2. - MDCR_EL2.TPM enables a trap when accessing the PM registers from EL1/EL0, causing accesses to trap to EL2. - MDCR_EL2.TPM enables a trap when accessing the PM registers from EL1/EL0, causing accesses to trap to EL2. IMP DEF traps: - IMP DEF register PMACTLR_EL0.UEN controls EL0 access to all IMP DEF registers related to performance monitoring: 0->disables EL0 access (default), 1->enables EL0 access - IMP DEF HACR_EL2.TCPUPMRBB enables a trap when accessing the RBB registers from EL1/EL0, causing accesses to trap to EL2. - IMP DEF HACR_EL2.TCPUPMPCCPT enables a trap when accessing the PCC registers from EL1/EL0, causing accesses to trap to EL2. - IMP DEF HACR_EL2.TCPUPMRESRRLDR enables a trap when accessing the PMRESRx_EL0 registers from EL1/EL0, causing accesses to trap to EL2. >> >> We'd trap the IMPDEF register access and inject an UNDEF (assuming >> that >> the IMPDEF trapping works correctly). I have strictly no plan to >> support >> this in a guest. > > Ah, so we could actually configure that in el2_setup and solve the host > problem if we're entered at EL2. Agustin -- does that work, and what do > we > need to do if the host is entered at EL1? > Yes, that works, I understand there is no desire to support this under virtualization. As for the question about the EL1 host, all of our firmware configurations boot the host OS at EL2. Is that sufficient guarantee or can you suggest an alternative mechanism to ensure security? Thanks, Agustín -- Qualcomm Datacenter Technologies, Inc. on behalf of the Qualcomm Technologies, Inc. Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.