Re: [PATCH] coresight: etm4x: Add config to exclude kernel mode tracing

From: Suzuki Poulose
Date: Fri Oct 16 2020 - 07:11:55 EST

Next message: Sudeep Holla: "Re: [PATCH V2 1/2] opp: Allow dev_pm_opp_get_opp_table() to return -EPROBE_DEFER"
Previous message: Hans de Goede: "Re: [RFC] Documentation: Add documentation for new performance_profile sysfs class (Also Re: [PATCH 0/4] powercap/dtpm: Add the DTPM framework)"
In reply to: Sai Prakash Ranjan: "Re: [PATCH] coresight: etm4x: Add config to exclude kernel mode tracing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/16/20 7:40 AM, Denis Nikitin wrote:

Hi Mathieu,

I think one of the use cases could be VMs.
Is there isolation between EL1 guest kernels which we can control from perf in a system wide mode?

The proposed solution doesn't solve this for VMs anyway. It only
excludes EL1 *OR* EL2, depending on the host kernel's running EL.
We cannot support Virtual ETM access for VMs with memory mapped
accesses.

Unforutnately, trace filtering is the solution for preventing tracing
for EL1 guest/kernel (available from v8.4 Self Hosted extensions). Other
option is to add support for "exclude_guest" support for CoreSight for perf.
But again this can't be controlled by sysfs. And it can't be enforced for perf, if not specified. Again it all goes back to the root
permission hammer lock which Mathieu pointed out.

With the v8.4 Self hosted trace extensions, Guest and Host both could
control individually if they can be traced (both EL0 and EL1/2).

Suzuki

Thanks,
Denis

On Thu, Oct 15, 2020 at 9:03 AM Mathieu Poirier <mathieu.poirier@xxxxxxxxxx <mailto:mathieu.poirier@xxxxxxxxxx>> wrote:

On Thu, Oct 15, 2020 at 06:15:22PM +0530, Sai Prakash Ranjan wrote:
> On production systems with ETMs enabled, it is preferred to
> exclude kernel mode(NS EL1) tracing for security concerns and
> support only userspace(NS EL0) tracing. So provide an option
> via kconfig to exclude kernel mode tracing if it is required.
> This config is disabled by default and would not affect the
> current configuration which has both kernel and userspace
> tracing enabled by default.
>

One requires root access (or be part of a special trace group) to be
able to use
the cs_etm PMU. With this kind of elevated access restricting
tracing at EL1
provides little in terms of security.

Thanks,
Mathieu

> Signed-off-by: Sai Prakash Ranjan
<saiprakash.ranjan@xxxxxxxxxxxxxx
<mailto:saiprakash.ranjan@xxxxxxxxxxxxxx>>
> ---
> drivers/hwtracing/coresight/Kconfig | 9 +++++++++
> drivers/hwtracing/coresight/coresight-etm4x-core.c | 6 +++++-
> 2 files changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/hwtracing/coresight/Kconfig
b/drivers/hwtracing/coresight/Kconfig
> index c1198245461d..52435de8824c 100644
> --- a/drivers/hwtracing/coresight/Kconfig
> +++ b/drivers/hwtracing/coresight/Kconfig
> @@ -110,6 +110,15 @@ config CORESIGHT_SOURCE_ETM4X
> To compile this driver as a module, choose M here: the
> module will be called coresight-etm4x.
>
> +config CORESIGHT_ETM4X_EXCL_KERN
> + bool "Coresight ETM 4.x exclude kernel mode tracing"
> + depends on CORESIGHT_SOURCE_ETM4X
> + help
> + This will exclude kernel mode(NS EL1) tracing if enabled.
This option
> + will be useful to provide more flexible options on
production systems
> + where only userspace(NS EL0) tracing might be preferred
for security
> + reasons.
> +
> config CORESIGHT_STM
> tristate "CoreSight System Trace Macrocell driver"
> depends on (ARM && !(CPU_32v3 || CPU_32v4 || CPU_32v4T)) ||
ARM64
> diff --git a/drivers/hwtracing/coresight/coresight-etm4x-core.c
b/drivers/hwtracing/coresight/coresight-etm4x-core.c
> index abd706b216ac..7e5669e5cd1f 100644
> --- a/drivers/hwtracing/coresight/coresight-etm4x-core.c
> +++ b/drivers/hwtracing/coresight/coresight-etm4x-core.c
> @@ -832,6 +832,9 @@ static u64 etm4_get_ns_access_type(struct
etmv4_config *config)
> {
> u64 access_type = 0;
>
> + if (IS_ENABLED(CONFIG_CORESIGHT_ETM4X_EXCL_KERN))
> + config->mode |= ETM_MODE_EXCL_KERN;
> +
> /*
> * EXLEVEL_NS, bits[15:12]
> * The Exception levels are:
> @@ -849,7 +852,8 @@ static u64 etm4_get_ns_access_type(struct
etmv4_config *config)
> access_type = ETM_EXLEVEL_NS_HYP;
> }
>
> - if (config->mode & ETM_MODE_EXCL_USER)
> + if (config->mode & ETM_MODE_EXCL_USER &&
> + !IS_ENABLED(CONFIG_CORESIGHT_ETM4X_EXCL_KERN))
> access_type |= ETM_EXLEVEL_NS_APP;
>
> return access_type;
>
> base-commit: 3477326277451000bc667dfcc4fd0774c039184c
> --
> QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is
a member
> of Code Aurora Forum, hosted by The Linux Foundation
>

Next message: Sudeep Holla: "Re: [PATCH V2 1/2] opp: Allow dev_pm_opp_get_opp_table() to return -EPROBE_DEFER"
Previous message: Hans de Goede: "Re: [RFC] Documentation: Add documentation for new performance_profile sysfs class (Also Re: [PATCH 0/4] powercap/dtpm: Add the DTPM framework)"
In reply to: Sai Prakash Ranjan: "Re: [PATCH] coresight: etm4x: Add config to exclude kernel mode tracing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]