Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp7281036ybi; Wed, 5 Jun 2019 14:37:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqxV/20nNcWpTydq5f7zJq+Ub0mi1NqvkfMgXPyalPQZdOg8jODbeF7uETcuQWlSX3kRca9L X-Received: by 2002:a65:4907:: with SMTP id p7mr1136292pgs.288.1559770646825; Wed, 05 Jun 2019 14:37:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559770646; cv=none; d=google.com; s=arc-20160816; b=L/mH5YQpw6sG3KLQgitTsh7dzY7dU8/Hfmn2UWbPh5RHAhDkQXmYRwo8fsKRG7URbF UpS5YOQj4ACKLz0MUfEx6GrME5VCXmwc7qJ7iIzBQRzFchQ1YVw0Yc7ECdRh06Yi4NIK oU0N7wPIOsTEZvjUmVktLq4PqlPTfi7Nk4zKpo3yIvc+Oso9/hFv2ROnCUNNCJTD3pnw ydrlY20fsPAaVOzsz3hZ/QwbLfFN/LKCIBGDtBLHQ2QsEYRVbOlzD4PMvaZdHV3ALRsK 5+ytZObQfgm+QD75UyAYkH4Bg7Vv7CoSA1g9YfCOlyy4MqPjnju6CDWlFVNyxZggCBBM gbuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=3HJ2goV4jEKftWqAv0Grr7eo423VwLhYIaDyaqlSbT0=; b=HaoY3LVb8RBwYN3jQAHrqc+sZ6/T5JK+nl/rUEEadnFiRFM/f6Sh+L5doME3l+nE1j +VARBkeNIwuuGq7zY8v7u8AsrjKgtBxfe/QFBUU1zZSS/uNLRykEQB+SGQQVYB8mnF4B yDnnM6cxECg7leg0lGa4JY7MzjPR7X61TrOX6fdrvntfxNjKzcTrVur3AlOUt/LefeFM PKQwXpobq/k7J9i7LrSoBdsivUoD6+KvEVCxoGv0vsZEst42Rml8r2xVJK8U3feZZb2Y EqAgFaiJa8RNFUNdZPBq08AW51fEcQYeYFQ/YYwjzjtsiVHIu/xwUcMeK7Gzj3xrl2Xp yscw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=nsvN7fZV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c8si30841328pfn.208.2019.06.05.14.37.10; Wed, 05 Jun 2019 14:37:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=nsvN7fZV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726653AbfFEVfw (ORCPT + 99 others); Wed, 5 Jun 2019 17:35:52 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:35791 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726527AbfFEVfv (ORCPT ); Wed, 5 Jun 2019 17:35:51 -0400 Received: by mail-ed1-f65.google.com with SMTP id p26so72115edr.2 for ; Wed, 05 Jun 2019 14:35:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3HJ2goV4jEKftWqAv0Grr7eo423VwLhYIaDyaqlSbT0=; b=nsvN7fZVAZ/h1eN5//77QOSHPdr3k1bT5mfH1g86/hqP1vblB/IlFq4rujjhkWszCV pehShCeBBH0GLDociLASh/YfXF5t7XGoBtqjTOm/8eh0S8MFJg6l98bYSZQ4TQE8g2P8 h4mw2fwvTybozUZfNz160UxsUzVjYtCNKYgkxngdLIKEjmTwB6QMGb9cG1WwqItMbOc8 S/CzDA1Uhqns2ue+7irTn55kE/WXwowEf/l2ls/EZWxiQO/UQ3GwsCxoWqn2LnB7OpCb nlEq6h9AtwkDWKNkZuvo0dhxaaLTRRCaaMZXfhAmFDeSuOYsdsDEhIThCA3wmR5qINPL 3S6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3HJ2goV4jEKftWqAv0Grr7eo423VwLhYIaDyaqlSbT0=; b=O9D5udiThdXJb/iaBnxYUqdSiYwFbqwDg26VIDdwnxlW3XCbnsnDQe/ek/Pup+x98F Qqw4slj6zfwUtXjCUB25HoEhv5+ytoSctFlP1g+nAYF2qcR0SS/2D25fTt5FGb+7S32e iQJykPukeHyXj+RWrPnLkXEqEhTgI3+aSHWwzmG+sn/9076fg1Tx+fMZRqFSzaTxNHMa Zlafo9yTE9qjonFv6kVoIVQYo+3bbWEoi4lD7OMfv+I5tGVgwGb639tbwnIxeeg3J2wU 0jOdet1jn90ZvgNJc1mIMroSHsqUDTBzzUrH293qql9cveHN54RojE9IilvcILHFUmKM 4c9g== X-Gm-Message-State: APjAAAUsO2UlYAS8z0MxOZkRUMyLlScFOD3p6id6jNFFX/7t7O/YsQxj vLK6OrmZWsZ2fD670DvtSyfVfNoy0ZVBmZeAfNmzEQ== X-Received: by 2002:a50:f389:: with SMTP id g9mr45647001edm.130.1559770549632; Wed, 05 Jun 2019 14:35:49 -0700 (PDT) MIME-Version: 1.0 References: <5CEC9667.30100@intel.com> <5CEE3AC4.3020904@intel.com> <5CF07D37.9090805@intel.com> <5CF2599B.3030001@intel.com> <5CF5F6AE.90706@intel.com> In-Reply-To: From: Eric Hankland Date: Wed, 5 Jun 2019 14:35:37 -0700 Message-ID: Subject: Re: [PATCH v1] KVM: x86: PMU Whitelist To: Wei Wang Cc: Cfir Cohen , Paolo Bonzini , rkrcmar@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Stephane Eranian Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org >> Right - I'm aware there are other ways of detecting this - it's still >> a class of events that some people don't want to surface. I'll ask if >> there are any better examples. I asked and it sounds like we are treating all events as potentially insecure until they've been reviewed. If Intel were to publish official (reasonably substantiated) guidance stating that the PMU is secure, then I think we'd be happy without such a safeguard in place, but short of that I think we want to err on the side of caution. Eric