Hello,
This v2 patch series tries to overcome the issue of the CVE 2020-8694
[1] while trying to read the RAPL MSR for populating the vitrual one on
KVM/QEMU virtual machine.
The solution proposed here is to create a helper daemon that would run
as a priviliged process and able to communicate via a socket to the QEMU
thread that deals with the ratio calculation of the energy counter.
So first it adds the SO_PEERCRED socket option in QIO CHANNEL so that
the helper daemon can check the PID of the peer (QEMU) to validate the
TID that is in the message.
Then the daemon, called qemu-vmsr-helper, is added in the tools folder.
The daemon is very similar to the qemu-pr-helper in terms of operation.
However comminucation protocol is simplier and requires only one
coroutine to handle the peer request. Only the RAPL MSRs are allowed to
be read via the helper.
And to finish the last commit adds all the RAPL MSR in KVM/QEMU like the
v1 but, instead of reading directly the MSR via readmsr(), reads the
value through a socket comminucation.
This is a follow-up of the V1 sent mid-june [2].
v1 -> v2
--------
- To overcome the CVE-2020-8694 a socket communication is created
to a priviliged helper
- Add the priviliged helper (qemu-vmsr-helper)
- Add SO_PEERCRED in qio channel socket
RFC -> v1
---------
- Add vmsr_* in front of all vmsr specific function
- Change malloc()/calloc()... with all glib equivalent
- Pre-allocate all dynamic memories when possible
- Add a Documentation of implementation, limitation and usage
Regards,
Anthony
[1]: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/running-average-power-limit-energy-reporting.html#cve-2020-8694
[2]: https://lore.kernel.org/qemu-devel/20230616140830.316655-1-aharivel@redhat.com/
Anthony Harivel (3):
qio: add support for SO_PEERCRED for socket channel
tools: build qemu-vmsr-helper
Add support for RAPL MSRs in KVM/Qemu
accel/kvm/kvm-all.c | 26 ++
docs/specs/index.rst | 1 +
docs/specs/rapl-msr.rst | 131 +++++++++
docs/tools/index.rst | 1 +
docs/tools/qemu-vmsr-helper.rst | 89 ++++++
include/io/channel.h | 20 ++
include/sysemu/kvm_int.h | 12 +
io/channel-socket.c | 17 ++
io/channel.c | 12 +
meson.build | 5 +
target/i386/cpu.h | 8 +
target/i386/kvm/kvm.c | 308 +++++++++++++++++++
target/i386/kvm/meson.build | 1 +
target/i386/kvm/vmsr_energy.c | 278 +++++++++++++++++
target/i386/kvm/vmsr_energy.h | 82 ++++++
tools/i386/qemu-vmsr-helper.c | 507 ++++++++++++++++++++++++++++++++
tools/i386/rapl-msr-index.h | 28 ++
17 files changed, 1526 insertions(+)
create mode 100644 docs/specs/rapl-msr.rst
create mode 100644 docs/tools/qemu-vmsr-helper.rst
create mode 100644 target/i386/kvm/vmsr_energy.c
create mode 100644 target/i386/kvm/vmsr_energy.h
create mode 100644 tools/i386/qemu-vmsr-helper.c
create mode 100644 tools/i386/rapl-msr-index.h
--
2.41.0