[PATCH v2 0/3] Add support for RAPL MSRs series

Anthony Harivel posted 3 patches 1 year ago
Only 1 patches received!
accel/kvm/kvm-all.c             |  26 ++
docs/specs/index.rst            |   1 +
docs/specs/rapl-msr.rst         | 131 +++++++++
docs/tools/index.rst            |   1 +
docs/tools/qemu-vmsr-helper.rst |  89 ++++++
include/io/channel.h            |  20 ++
include/sysemu/kvm_int.h        |  12 +
io/channel-socket.c             |  17 ++
io/channel.c                    |  12 +
meson.build                     |   5 +
target/i386/cpu.h               |   8 +
target/i386/kvm/kvm.c           | 308 +++++++++++++++++++
target/i386/kvm/meson.build     |   1 +
target/i386/kvm/vmsr_energy.c   | 278 +++++++++++++++++
target/i386/kvm/vmsr_energy.h   |  82 ++++++
tools/i386/qemu-vmsr-helper.c   | 507 ++++++++++++++++++++++++++++++++
tools/i386/rapl-msr-index.h     |  28 ++
17 files changed, 1526 insertions(+)
create mode 100644 docs/specs/rapl-msr.rst
create mode 100644 docs/tools/qemu-vmsr-helper.rst
create mode 100644 target/i386/kvm/vmsr_energy.c
create mode 100644 target/i386/kvm/vmsr_energy.h
create mode 100644 tools/i386/qemu-vmsr-helper.c
create mode 100644 tools/i386/rapl-msr-index.h
[PATCH v2 0/3] Add support for RAPL MSRs series
Posted by Anthony Harivel 1 year ago
Hello,

This v2 patch series tries to overcome the issue of the CVE 2020-8694
[1] while trying to read the RAPL MSR for populating the vitrual one on
KVM/QEMU virtual machine.

The solution proposed here is to create a helper daemon that would run
as a priviliged process and able to communicate via a socket to the QEMU
thread that deals with the ratio calculation of the energy counter.

So first it adds the SO_PEERCRED socket option in QIO CHANNEL so that
the helper daemon can check the PID of the peer (QEMU) to validate the
TID that is in the message. 

Then the daemon, called qemu-vmsr-helper, is added in the tools folder.
The daemon is very similar to the qemu-pr-helper in terms of operation.
However comminucation protocol is simplier and requires only one
coroutine to handle the peer request. Only the RAPL MSRs are allowed to
be read via the helper.

And to finish the last commit adds all the RAPL MSR in KVM/QEMU like the
v1 but, instead of reading directly the MSR via readmsr(), reads the
value through a socket comminucation. 

This is a follow-up of the V1 sent mid-june [2].

v1 -> v2
--------

- To overcome the CVE-2020-8694 a socket communication is created
  to a priviliged helper

- Add the priviliged helper (qemu-vmsr-helper)

- Add SO_PEERCRED in qio channel socket

RFC -> v1
---------

- Add vmsr_* in front of all vmsr specific function

- Change malloc()/calloc()... with all glib equivalent

- Pre-allocate all dynamic memories when possible

- Add a Documentation of implementation, limitation and usage

Regards,
Anthony

[1]: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/running-average-power-limit-energy-reporting.html#cve-2020-8694
[2]: https://lore.kernel.org/qemu-devel/20230616140830.316655-1-aharivel@redhat.com/

Anthony Harivel (3):
  qio: add support for SO_PEERCRED for socket channel
  tools: build qemu-vmsr-helper
  Add support for RAPL MSRs in KVM/Qemu

 accel/kvm/kvm-all.c             |  26 ++
 docs/specs/index.rst            |   1 +
 docs/specs/rapl-msr.rst         | 131 +++++++++
 docs/tools/index.rst            |   1 +
 docs/tools/qemu-vmsr-helper.rst |  89 ++++++
 include/io/channel.h            |  20 ++
 include/sysemu/kvm_int.h        |  12 +
 io/channel-socket.c             |  17 ++
 io/channel.c                    |  12 +
 meson.build                     |   5 +
 target/i386/cpu.h               |   8 +
 target/i386/kvm/kvm.c           | 308 +++++++++++++++++++
 target/i386/kvm/meson.build     |   1 +
 target/i386/kvm/vmsr_energy.c   | 278 +++++++++++++++++
 target/i386/kvm/vmsr_energy.h   |  82 ++++++
 tools/i386/qemu-vmsr-helper.c   | 507 ++++++++++++++++++++++++++++++++
 tools/i386/rapl-msr-index.h     |  28 ++
 17 files changed, 1526 insertions(+)
 create mode 100644 docs/specs/rapl-msr.rst
 create mode 100644 docs/tools/qemu-vmsr-helper.rst
 create mode 100644 target/i386/kvm/vmsr_energy.c
 create mode 100644 target/i386/kvm/vmsr_energy.h
 create mode 100644 tools/i386/qemu-vmsr-helper.c
 create mode 100644 tools/i386/rapl-msr-index.h

-- 
2.41.0