Re: [PATCH v4 2/7] arm64: KVM: Use shared area to pass PMU event state to hypervisor

[Marc Zyngier]

On Mon, 05 Feb 2024 14:17:10 +0000,
James Clark <james.clark@xxxxxxx> wrote:
>
> On 05/02/2024 13:21, Oliver Upton wrote:
> > On Mon, Feb 05, 2024 at 01:15:36PM +0000, Marc Zyngier wrote:
> >> On Mon, 05 Feb 2024 13:04:51 +0000,
> >> Oliver Upton <oliver.upton@xxxxxxxxx> wrote:
> >>>
> >>> Unless someone has strong opinions about making this work in protected
> >>> mode, I am happy to see tracing support limited to the 'normal' nVHE
> >>> configuration. The protected feature as a whole is just baggage until
> >>> upstream support is completed.
> >>
> >> Limiting tracing to non-protected mode is a must IMO. Allowing tracing
> >> when pKVM is enabled is a sure way to expose secrets that should
> >> stay... secret. The only exception I can think of is when
> >> CONFIG_NVHE_EL2_DEBUG is enabled, at which point all bets are off.
> > 
> > Zero argument there :) I left off the "and PMU" part of what I was
> > saying, because that was a feature that semi-worked in protected mode
> > before VM/VCPU shadowing support landed.
> > 
> 
> In that case I can hide all this behind CONFIG_NVHE_EL2_DEBUG for pKVM.
> This will also have the effect of disabling PMU again for pKVM because I
> moved that into this new shared area.

I'm not sure what you have in mind, but dropping PMU support for
non-protected guests when protected-mode is enabled is not an
acceptable outcome.

Hiding the trace behind a debug option is fine as this is a global
setting that has no userspace impact, but impacting guests isn't.

	M.

-- 
Without deviation from the norm, progress is not possible.