[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/arm: Expose the PMU to the guests


  • To: Michal Orzel <michal.orzel@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Thu, 30 Sep 2021 11:40:18 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=1Xxz7R5B15hALx4NDFcBV82CATwyw1U5VEPiwOZ+KW4=; b=hi6oDab/OEjh8iUdtFQLpgozJHDz5oXy1r4bh8N+DqKTlq9uBK21JwuGTKUHnq0j0vJbKwxFgqZ5Tol6zodkUY0FgGfJqNoOeyMDqGFHKFoHTam+9chS7Uu6zlw0lAKjsyqSX9HU+m9FAYnH+QvkOkmHD0ezbtfe4toV2T1eYSuIFhJJVW1YbB/VXbFVufwascYDEbBCjvcHpX5EELjiGePHDYi+WuKLcGZkSs3spePMqOnXifQowD/A8V/uLoZdJZaZWdRb8mxfcwpX2WLO5IhrvyTgmtl3sjti8OviZqDeQOGUJmJGYhDaA3IIpvk8EOzzaLj+GxESH5hSLrJLyQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kRSEeCqQh4GAwjdMCOfGPmvQUWtippdy+SDWecAqRSwtTMjEcEGyUTS1FFj1mQ/7qqlBtaCLy5C9IeDRGwmxTG9K/+JkpyeoGhmjEFWjrHLACiZ9QU4/+JkCehvqhhf72qemik2+h3X/SC+GUcRYxUQ5yCSOUcoHN9yp1ck1t9YMTiViELqstmZlMKh5jNLgfGg4URNLvDcJdtgqxWDFZdjP/SfWkTEL3EOcv7w2rZviOWCTCfOOkyp4M7lqEU0CLk1sCHWYf9XAs66KQUl8Bg6lDaeTRxxtBkZ1C6mVKjUy1XLtGX24k8E90w/O4ApfgmNOPNiBZ6wY1zi847IaCg==
  • Authentication-results: esa1.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "Volodymyr Babchuk" <Volodymyr_Babchuk@xxxxxxxx>, <bertrand.marquis@xxxxxxx>, "Julien Grall" <jgrall@xxxxxxxxxx>
  • Delivery-date: Thu, 30 Sep 2021 10:40:54 +0000
  • Ironport-data: A9a23:A658V6MFDLo1TFPvrR2ukcFynXyQoLVcMsEvi/4bfWQNrUom3mAOz 2ofC22OM/3ZZmenf952OoSz/EwEu8PRy4VmTgto+SlhQUwRpJueD7x1DKtR0wB+jCHnZBg6h ynLQoCYdKjYdpJYz/uUGuCJQUNUjMlkfZKhTr6ZUsxNbVU8En552Ek7w7RRbrNA2rBVPSvc4 bsenOWHULOV82Yc3rU8sv/rRLtH5ZweiRtA1rAMTakjUGz2zhH5OKk3N6CpR0YUd6EPdgKMq 0Qv+5nilo/R109F5tpICd8XeGVSKlLZFVDmZna7x8FOK/WNz8A/+v9TCRYSVatYozDOlot8k 45oibmxFCQUB+7FgcRGDRYNRkmSPYUekFPGCX22sMjVxEzaaXr8hf5pCSnaP6VBpLwxWzsXs 6VFdnZdNXhvhMrvqF6/YsBqit4uM4/AO4QHt2s75TrYEewnUdbIRKCiCdpwgWts35AVQKi2i 8wxSQBzfA+eQ0V0K1pKGZIenr+0h3DPbGgNwL6SjfVuuDWCpOBr65DyNPLFd9rMQt9a9m6ar G/b+2XyAjkBKceSjzGC9xqEh/DNtTP2XpoIE7+1/eIsh0ecrkQWCRYWXF/9puOrh0qWUshab UcT/0IGvaU0sUCmUNT5dxm5u2Kf+A4RXcJKFO834x3LzbDbiy6bG2wFQzhpeNEg8sgsSlQC3 FKTg8ngAzAptbSPUG+c7Z+dtzb0Mi8QRUcAajUNSQ8t6tzqsoY1yBnIS75LLqmxidHkHCDq9 BqDpiM+mrY7gNYC0uOw+lWvqym3upHDQwox5wPWdmGo9AV0YMiifYPAwVrU9/FbN66CU0KM+ nMDnqCjAPsmVM/X0nbXGaNUQe/vt63t3CDgbUBHGt4orDn2oFufWIENwwxHZ05wEp1admq8C KPMgj956JhWNXqsSKZ4ZYOtFsgnpZTd+cTZuuP8NIQXPckoHOOT1GQ+PRfPgzCFfF0Ey/lXB HuNTSq74Z/244xJyyCqD8MUzLMm3Cw3wW67qXvTlE/8iev2iJJ4U9443LqyggIRsP7sTOb9q Y832y62J/N3C7aWjs7/q9N7ELzyBSJnba0aUuQOHgJ5HiJoGXs6F9jayq47dopuksx9z7mTp CDhAh4IlASu2hUrzDlmjFg4M9sDur4l8BoG0dEEZw70ixDPn671hEvgS3fHVeZ+r7EypRKFZ /IEZ9+BEpxypsfvoFwggW3GhNU6LnyD3FvWVwL8OWRXV8MwFmThp46/FiOypXZmM8ZCnZZny 1FW/liAGsRrqsULJJu+Vc9DOHvr5iVCxLIuARGYSjSREW21mLVXx+XKpqZfC+kHKAnZxyvc0 ACTABwCovLKrZNz+97M7Z1oZa/1ewenNkYFTWTd85isMizWojiqzYNaCb7adjHBTmLkvq6lY LwNnf37NfQGmndMspZ9TOk3nf5vuYO3qu8I1BlgEVXKc0+vVuFqLE6Z0JQdraZK3LJY51e7A xrd5tlANLyVE8r5C1pNdhE9Z+GO2KhMyDnf5Pg4Omvg4ypz8ObVWEleJUDU2idcMKF0IMUux uJ44Jwa7Am2ixwLNNeaj38LqzTQfyJYC6h+78MUGo7mjAYv22puW52EB3+k+oyLZvVNLlIuf m2eip3diukO3UHFaXcySyTAhLIPmZQUtRlW51YePFDVyMHdj/o60RANozQ6SgNZkkdO3+5pY zU5MkR0IeOF/ityhdgFVGepQlkTCBqc80336l0IiGyGEBX4Cj2TdDUwabSX4UQU02NAZTwKr riXxVHsXSvuYMysjDA5XlRoqqC7QNF8nuEYdBtLwyhR80EGXAfY
  • Ironport-hdrordr: A9a23:LyPz9qN6X5SBOMBcT0j155DYdb4zR+YMi2TDiHoedfUFSKOlfp 6V8MjztSWVtN4QMEtQ/exoS5PwP080kqQFnrX5XI3SIDUO3VHIEGgM1/qY/9SNIVyZygcZ79 YcT0EcMqyCMbEZt7eD3ODQKb9Jq7PrgcPY55at854ud3AMV0gJ1XYINu/xKDwOeOApP+tdKH PR3Ls8m9L2Ek5nH/hTS0N1ENTrlpnurtbLcBQGDxko5E2nii6p0qfzF1y90g0FWz1C7L8++S yd+jaJp5mLgrWe8FvxxmXT55NZlJ/IzcZCPtWFjowwJi/3ggilSYx9U/mpvSwzosuo9FE2+e O87SsIDoBW0Tf8b2u1qRzi103J1ysv0WbrzRuijX7qsaXCNXgHIvsEobgcXgrS6kImst05+r lMxXilu51eCg6FtDjh5vDTPisa1HackD4Hq6o+nnZfWYwRZPt6tooE5n5YF58GAWbT9J0nKu 9zF8vRjcwmMm9yV0qp+lWH/ebcGUjaRny9Mw4/U42uonhrdUlCvg4lLJd1pAZYyHo/I6M0rN gsfJ4YzI2n46ctHNRA7dw6ML+K41r2MFrx2VKpUCHa/Z48SgXwQr7MkfgIDbKRCdA1JKVbou WJbLofjx9oR37T
  • Ironport-sdr: fWVKFkz/Yl7WtH62gTl9gDwVRx3WGXntpoVc5ChQL/O+fBeO5powsEqoT3IMG747U0CHRylZlg OthQLBZp1n5qam61R6r2dpN9bwAw/S7mF798P2A9DueHnwgIHSx5qaqqnSPbGUmyXpF7NIjFe5 OkCzchmvq4sa2/zpvJPK198xq05ItNIb1oNUs5Dtx6r4drFSJpJbYKrmZ/dru4jbfKwIkWJz6T 4u6KX4Pkwia9dr1Ws52lNIa51AgV+vd3JkXQJkFDYNcqmhfNj641tU2+sJOCKnkBVLqLiSQCMR M+QUH3upmP4xfD+CgFktX755
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 30/09/2021 10:26, Michal Orzel wrote:
> diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
> index 4b1e3028d2..4a75203b9f 100644
> --- a/docs/man/xl.cfg.5.pod.in
> +++ b/docs/man/xl.cfg.5.pod.in
> @@ -2843,6 +2843,18 @@ Currently, only the "sbsa_uart" model is supported for 
> ARM.
>  
>  =back
>  
> +=item B<vpmu=BOOLEAN>
> +
> +Specifies whether to enable the access to PMU registers by disabling
> +the PMU traps.
> +
> +This change does not expose the full PMU to the guest.
> +Currently there is no support for virtualization, interrupts, etc.
> +
> +Enabling this option may result in potential security holes.
> +
> +If this option is not specified then it will default to B<false>.

There are rather better ways of phrasing this...

It isn't "maybe security holes".  There are two salient points.

1) vPMU, by design and purpose, exposes system level performance
information to the guest.  Only to be used by sufficiently privileged
domains (however the system admin cares to draw this particular line).

2) Feature is experimental, and thus might explode on you.  Bugfixes
welcome.

> +
>  =head3 x86
>  
>  =over 4
> diff --git a/tools/include/libxl.h b/tools/include/libxl.h
> index b9ba16d698..c6694e977d 100644
> --- a/tools/include/libxl.h
> +++ b/tools/include/libxl.h
> @@ -502,6 +502,13 @@
>   */
>  #define LIBXL_HAVE_X86_MSR_RELAXED 1
>  
> +/*
> + * LIBXL_HAVE_ARM_VPMU indicates the toolstack has support for enabling
> + * the access to PMU registers by disabling the PMU traps. This is done
> + * by setting the libxl_domain_build_info arch_arm.vpmu field.
> + */
> +#define LIBXL_HAVE_ARM_VPMU 1

Please make this generic, not ARM-specific.

The domctl flag is (correctly) common, and x86 could do with this too,
as well as other architectures.

Don't worry about plumbing the x86 side to work - that's a little more
involved, and can be done at a later date.


However, you do need Xen to report the availability of vPMU on the
hardware as a prerequisite.  The toolstack needs to be able to know
whether XEN_DOMCTL_CDF_pmu will be accepted so it can error out in a
useful way on hardware lacking the capabilities.

You probably want to follow the example in
a48066d25c652aeecafba5a3f33e77ad9a9c07f6

> diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h
> index 96696e3842..a55ceb81db 100644
> --- a/xen/include/public/domctl.h
> +++ b/xen/include/public/domctl.h
> @@ -70,9 +70,12 @@ struct xen_domctl_createdomain {
>  #define XEN_DOMCTL_CDF_iommu          (1U<<_XEN_DOMCTL_CDF_iommu)
>  #define _XEN_DOMCTL_CDF_nested_virt   6
>  #define XEN_DOMCTL_CDF_nested_virt    (1U << _XEN_DOMCTL_CDF_nested_virt)
> +/* Should we expose the vPMU to the guest? */
> +#define _XEN_DOMCTL_CDF_pmu           7
> +#define XEN_DOMCTL_CDF_pmu            (1U << _XEN_DOMCTL_CDF_pmu)
>  
>  /* Max XEN_DOMCTL_CDF_* constant.  Used for ABI checking. */
> -#define XEN_DOMCTL_CDF_MAX XEN_DOMCTL_CDF_nested_virt
> +#define XEN_DOMCTL_CDF_MAX XEN_DOMCTL_CDF_pmu

Without an adjustment in the Ocaml bindings, the ABI check will fail.

~Andrew




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.