Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1965708pxa; Thu, 6 Aug 2020 22:36:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwUkKOrTr4ovil98XH6aoUTmsozi/THw4CEbtSN/K6uTcnxJMgjVKfmJfA8NPat3PwhT2OQ X-Received: by 2002:a17:906:248f:: with SMTP id e15mr7405072ejb.296.1596778599175; Thu, 06 Aug 2020 22:36:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596778599; cv=none; d=google.com; s=arc-20160816; b=jqbSORn2swNmHXRsyrk9fSerCqk1woqqYet3WfhtCABw4Zacsdec8s8h7zBsDwZKoK eZe4HjA6e57xNsnmXVi8vmzyaXLR1h0C4HORPAQdzzqILmq8LyFrRm/oP2eRzj+dhyBR YzwFsOBZO/oOP/Uu+W+B6lVACrXLxKzusv+aB7iQwiEOtEHjCJsv3xI4F+D8L0YTTBE+ M/8vcj6S4eXVT51GNyXLhVy0JdA+dayUrAJPCpccW9Hom2qdCtbKX7UKwDcoFDQPfuTq 7nWUs2MzRvPNqgbiqd0I3qpFUZa1C9YhrEoI5i6EdYk1RDw7Qlr68uNmUVJP6S05EeUw 1O2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:ironport-sdr:ironport-sdr; bh=mVaJjLgGcXwARCbicBPu3qf23byRzQsJZ08MfmHk7Tk=; b=MB4N714+iAyFGUaCXB6ksUluXwKGhxYVg17Bq2AQbl7mRWGVR8hAYgihJZ/5KSQZmk Borcb3eGyKnsw4TPU7DQ4sWIyN41zRMI8o/zVzd0FG+ZtdsKzhIxbaFOt/8Z3PAaAjXu oO64e1rHyCIWHsZx4fpOtMNA7ttEsXS8Rhq0v9BOhVQ3bl+3gg1fvnN5X1jivDWQrmsZ dpHCYoHwETG5sa4OR1WWv7NmWw1sp78xtCsL3JqS4TYuoBqvz57VbfvK71frFG9+eI+m 018mP069n9KTouh3pXGjgchZseK9x+fKIpTTXljLuaLcNp9Siw+OcmuzTYIeMgTppFak BRyA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w15si4675127eja.399.2020.08.06.22.36.16; Thu, 06 Aug 2020 22:36:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726094AbgHGFcp (ORCPT + 99 others); Fri, 7 Aug 2020 01:32:45 -0400 Received: from mga18.intel.com ([134.134.136.126]:63274 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725379AbgHGFco (ORCPT ); Fri, 7 Aug 2020 01:32:44 -0400 IronPort-SDR: OZj2mWmemSxL3M3jVB6tmNbDdos9PYyBchb8TJIlWVUHfedhT4ZpAjtIgYX/hZGohW41mCEReW xkqnqp8j5Q9g== X-IronPort-AV: E=McAfee;i="6000,8403,9705"; a="140596035" X-IronPort-AV: E=Sophos;i="5.75,444,1589266800"; d="scan'208";a="140596035" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Aug 2020 22:32:43 -0700 IronPort-SDR: pLfGEBJpI7xx0p5sg0RMxkJZgy6UhOtl8I9/47/YNbBasKhay6fkpbB7i5Uc1RFBaRc9nlUSg9 A922vMQpXvJA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,444,1589266800"; d="scan'208";a="323660042" Received: from yjin15-mobl1.ccr.corp.intel.com (HELO [10.238.5.239]) ([10.238.5.239]) by orsmga008.jf.intel.com with ESMTP; 06 Aug 2020 22:32:40 -0700 Subject: Re: [PATCH v1 2/2] perf/core: Fake regs for leaked kernel samples To: peterz@infradead.org Cc: mingo@redhat.com, oleg@redhat.com, acme@kernel.org, jolsa@kernel.org, Linux-kernel@vger.kernel.org, ak@linux.intel.com, kan.liang@intel.com, yao.jin@intel.com, alexander.shishkin@linux.intel.com, mark.rutland@arm.com References: <20200731025617.16243-1-yao.jin@linux.intel.com> <20200731025617.16243-2-yao.jin@linux.intel.com> <20200804114900.GI2657@hirez.programming.kicks-ass.net> <4c958d61-11a7-9f3e-9e7d-d733270144a1@linux.intel.com> <20200805124454.GP2657@hirez.programming.kicks-ass.net> <797aa4de-c618-f340-ad7b-cef38c96b035@linux.intel.com> <20200806091827.GY2674@hirez.programming.kicks-ass.net> <20200806092454.GE35926@hirez.programming.kicks-ass.net> From: "Jin, Yao" Message-ID: <207564ba-6faa-e054-af3f-5af233cc0637@linux.intel.com> Date: Fri, 7 Aug 2020 13:32:39 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: <20200806092454.GE35926@hirez.programming.kicks-ass.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Peter, On 8/6/2020 5:24 PM, peterz@infradead.org wrote: > On Thu, Aug 06, 2020 at 11:18:27AM +0200, peterz@infradead.org wrote: >> On Thu, Aug 06, 2020 at 10:26:29AM +0800, Jin, Yao wrote: >> >>>> +static struct pt_regs *sanitize_sample_regs(struct perf_event *event, struct pt_regs *regs) >>>> +{ >>>> + struct pt_regs *sample_regs = regs; >>>> + >>>> + /* user only */ >>>> + if (!event->attr.exclude_kernel || !event->attr.exclude_hv || >>>> + !event->attr.exclude_host || !event->attr.exclude_guest) >>>> + return sample_regs; >>>> + >>> >>> Is this condition correct? >>> >>> Say counting user event on host, exclude_kernel = 1 and exclude_host = 0. It >>> will go "return sample_regs" path. >> >> I'm not sure, I'm terminally confused on virt stuff. > > [A] > >> Suppose we have nested virt: >> >> L0-hv >> | >> G0/L1-hv >> | >> G1 >> >> And we're running in G0, then: >> >> - 'exclude_hv' would exclude L0 events >> - 'exclude_host' would ... exclude L1-hv events? >> - 'exclude_guest' would ... exclude G1 events? > > [B] > >> Then the next question is, if G0 is a host, does the L1-hv run in >> G0 userspace or G0 kernel space? >> >> I was assuming G0 userspace would not include anything L1 (kvm is a >> kernel module after all), but what do I know. >> >>>> @@ -11609,7 +11636,8 @@ SYSCALL_DEFINE5(perf_event_open, >>>> if (err) >>>> return err; >>>> - if (!attr.exclude_kernel) { >>>> + if (!attr.exclude_kernel || !attr.exclude_callchain_kernel || >>>> + !attr.exclude_hv || !attr.exclude_host || !attr.exclude_guest) { >>>> err = perf_allow_kernel(&attr); >>>> if (err) >>>> return err; >>>> >>> >>> I can understand the conditions "!attr.exclude_kernel || !attr.exclude_callchain_kernel". >>> >>> But I'm not very sure about the "!attr.exclude_hv || !attr.exclude_host || !attr.exclude_guest". >> >> Well, I'm very sure G0 userspace should never see L0 or G1 state, so >> exclude_hv and exclude_guest had better be true. >> >>> On host, exclude_hv = 1, exclude_guest = 1 and exclude_host = 0, right? >> >> Same as above, is G0 host state G0 userspace? >> >>> So even exclude_kernel = 1 but exclude_host = 0, we will still go >>> perf_allow_kernel path. Please correct me if my understanding is wrong. >> >> Yes, because with those permission checks in place it means you have >> permission to see kernel bits. > > So if I understand 'exclude_host' wrong -- a distinct possibility -- can > we then pretty please have the above [A-B] corrected and put in a > comment near perf_event_attr and the exclude_* comments changed to refer > to that? > In my previous mail, I explained what I understood for 'exclude_host', but not sure if it's correct. Needs more review comments. Thanks Jin Yao