include/sysemu/kvm_int.h | 1 + qemu-options.hx | 16 +++++++++++++ target/arm/kvm.c | 22 ++++++++++++++++++ target/arm/kvm64.c | 49 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 88 insertions(+)
The KVM_ARM_VCPU_PMU_V3_FILTER provide the ability to let the VMM decide
which PMU events are provided to the guest. Add a new option
`pmu-filter` as -accel sub-option to set the PMU Event Filtering.
The `pmu-filter` has such format:
pmu-filter="{A,D}:start-end[;{A,D}:start-end...]"
The A means "allow" and D means "deny", start if the first event of the
range and the end is the last one. For example:
pmu-filter="A:0x11-0x11;A:0x23-0x3a,D:0x30-0x30"
This will allow event 0x11 (The cycle counter), events 0x23 to 0x3a is
also allowed except the event 0x30 is denied, and all the other events
are disallowed.
Here is an real example shows how to use the PMU Event Filtering, when
we launch a guest by use kvm, add such command line:
# qemu-system-aarch64 \
-accel kvm,pmu-filter="D:0x11-0x11"
And then in guest, use the perf to count the cycle:
# perf stat sleep 1
Performance counter stats for 'sleep 1':
1.22 msec task-clock # 0.001 CPUs utilized
1 context-switches # 820.695 /sec
0 cpu-migrations # 0.000 /sec
55 page-faults # 45.138 K/sec
<not supported> cycles
1128954 instructions
227031 branches # 186.323 M/sec
8686 branch-misses # 3.83% of all branches
1.002492480 seconds time elapsed
0.001752000 seconds user
0.000000000 seconds sys
As we can see, the cycle counter has been disabled in the guest, but
other pmu events are still work.
Signed-off-by: Shaoqin Huang <shahuang@redhat.com>
---
include/sysemu/kvm_int.h | 1 +
qemu-options.hx | 16 +++++++++++++
target/arm/kvm.c | 22 ++++++++++++++++++
target/arm/kvm64.c | 49 ++++++++++++++++++++++++++++++++++++++++
4 files changed, 88 insertions(+)
diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h
index fd846394be..8f4601474f 100644
--- a/include/sysemu/kvm_int.h
+++ b/include/sysemu/kvm_int.h
@@ -120,6 +120,7 @@ struct KVMState
uint32_t xen_caps;
uint16_t xen_gnttab_max_frames;
uint16_t xen_evtchn_max_pirq;
+ char *kvm_pmu_filter;
};
void kvm_memory_listener_register(KVMState *s, KVMMemoryListener *kml,
diff --git a/qemu-options.hx b/qemu-options.hx
index 42fd09e4de..dd3518092c 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -187,6 +187,7 @@ DEF("accel", HAS_ARG, QEMU_OPTION_accel,
" tb-size=n (TCG translation block cache size)\n"
" dirty-ring-size=n (KVM dirty ring GFN count, default 0)\n"
" eager-split-size=n (KVM Eager Page Split chunk size, default 0, disabled. ARM only)\n"
+ " pmu-filter={A,D}:start-end[;...] (KVM PMU Event Filter, default no filter. ARM only)\n"
" notify-vmexit=run|internal-error|disable,notify-window=n (enable notify VM exit and set notify window, x86 only)\n"
" thread=single|multi (enable multi-threaded TCG)\n", QEMU_ARCH_ALL)
SRST
@@ -259,6 +260,21 @@ SRST
impact on the memory. By default, this feature is disabled
(eager-split-size=0).
+ ``pmu-filter={A,D}:start-end[;...]``
+ KVM implements pmu event filtering to prevent a guest from being able to
+ sample certain events. It has the following format:
+
+ pmu-filter="{A,D}:start-end[;{A,D}:start-end...]"
+
+ The A means "allow" and D means "deny", start if the first event of the
+ range and the end is the last one. For example:
+
+ pmu-filter="A:0x11-0x11;A:0x23-0x3a,D:0x30-0x30"
+
+ This will allow event 0x11 (The cycle counter), events 0x23 to 0x3a is
+ also allowed except the event 0x30 is denied, and all the other events
+ are disallowed.
+
``notify-vmexit=run|internal-error|disable,notify-window=n``
Enables or disables notify VM exit support on x86 host and specify
the corresponding notify window to trigger the VM exit if enabled.
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 7903e2ddde..74796de055 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -1108,6 +1108,21 @@ static void kvm_arch_set_eager_split_size(Object *obj, Visitor *v,
s->kvm_eager_split_size = value;
}
+static char *kvm_arch_get_pmu_filter(Object *obj, Error **errp)
+{
+ KVMState *s = KVM_STATE(obj);
+
+ return g_strdup(s->kvm_pmu_filter);
+}
+
+static void kvm_arch_set_pmu_filter(Object *obj, const char *pmu_filter,
+ Error **errp)
+{
+ KVMState *s = KVM_STATE(obj);
+
+ s->kvm_pmu_filter = g_strdup(pmu_filter);
+}
+
void kvm_arch_accel_class_init(ObjectClass *oc)
{
object_class_property_add(oc, "eager-split-size", "size",
@@ -1116,4 +1131,11 @@ void kvm_arch_accel_class_init(ObjectClass *oc)
object_class_property_set_description(oc, "eager-split-size",
"Eager Page Split chunk size for hugepages. (default: 0, disabled)");
+
+ object_class_property_add_str(oc, "pmu-filter",
+ kvm_arch_get_pmu_filter,
+ kvm_arch_set_pmu_filter);
+
+ object_class_property_set_description(oc, "pmu-filter",
+ "PMU Event Filtering description for guest pmu. (default: NULL, disabled)");
}
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index 3c175c93a7..ce03b22312 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -10,6 +10,7 @@
*/
#include "qemu/osdep.h"
+#include <asm-arm64/kvm.h>
#include <sys/ioctl.h>
#include <sys/ptrace.h>
@@ -131,16 +132,64 @@ static bool kvm_arm_set_device_attr(CPUState *cs, struct kvm_device_attr *attr,
return true;
}
+static void kvm_arm_pmu_filter_init(CPUState *cs)
+{
+ struct kvm_pmu_event_filter filter;
+ struct kvm_device_attr attr = {
+ .group = KVM_ARM_VCPU_PMU_V3_CTRL,
+ .attr = KVM_ARM_VCPU_PMU_V3_FILTER,
+ };
+ KVMState *kvm_state = cs->kvm_state;
+ char *tmp;
+ char *str, act;
+
+ if (!kvm_state->kvm_pmu_filter)
+ return;
+
+ tmp = g_strdup(kvm_state->kvm_pmu_filter);
+
+ for (str = strtok(tmp, ";"); str != NULL; str = strtok(NULL, ";")) {
+ unsigned short start = 0, end = 0;
+
+ sscanf(str, "%c:%hx-%hx", &act, &start, &end);
+ if ((act != 'A' && act != 'D') || (!start && !end)) {
+ error_report("skipping invalid filter %s\n", str);
+ continue;
+ }
+
+ filter = (struct kvm_pmu_event_filter) {
+ .base_event = start,
+ .nevents = end - start + 1,
+ .action = act == 'A' ? KVM_PMU_EVENT_ALLOW :
+ KVM_PMU_EVENT_DENY,
+ };
+
+ attr.addr = (uint64_t)&filter;
+ if (!kvm_arm_set_device_attr(cs, &attr, "PMU Event Filter")) {
+ error_report("Failed to init PMU Event Filter\n");
+ abort();
+ }
+ }
+
+ g_free(tmp);
+}
+
void kvm_arm_pmu_init(CPUState *cs)
{
struct kvm_device_attr attr = {
.group = KVM_ARM_VCPU_PMU_V3_CTRL,
.attr = KVM_ARM_VCPU_PMU_V3_INIT,
};
+ static bool pmu_filter_init = false;
if (!ARM_CPU(cs)->has_pmu) {
return;
}
+ if (!pmu_filter_init) {
+ kvm_arm_pmu_filter_init(cs);
+ pmu_filter_init = true;
+ }
+
if (!kvm_arm_set_device_attr(cs, &attr, "PMU")) {
error_report("failed to init PMU");
abort();
--
2.40.1
Hi, On Mon, 13 Nov 2023, Shaoqin Huang wrote: > + ``pmu-filter={A,D}:start-end[;...]`` > + KVM implements pmu event filtering to prevent a guest from being able to > + sample certain events. It has the following format: > + > + pmu-filter="{A,D}:start-end[;{A,D}:start-end...]" > + > + The A means "allow" and D means "deny", start if the first event of the ^ is Also it should be stated that the first filter action defines if the whole list is an allow or a deny list. > +static void kvm_arm_pmu_filter_init(CPUState *cs) > +{ > + struct kvm_pmu_event_filter filter; > + struct kvm_device_attr attr = { > + .group = KVM_ARM_VCPU_PMU_V3_CTRL, > + .attr = KVM_ARM_VCPU_PMU_V3_FILTER, > + }; > + KVMState *kvm_state = cs->kvm_state; > + char *tmp; > + char *str, act; > + > + if (!kvm_state->kvm_pmu_filter) > + return; > + > + tmp = g_strdup(kvm_state->kvm_pmu_filter); > + > + for (str = strtok(tmp, ";"); str != NULL; str = strtok(NULL, ";")) { > + unsigned short start = 0, end = 0; > + > + sscanf(str, "%c:%hx-%hx", &act, &start, &end); > + if ((act != 'A' && act != 'D') || (!start && !end)) { > + error_report("skipping invalid filter %s\n", str); > + continue; > + } > + > + filter = (struct kvm_pmu_event_filter) { > + .base_event = start, > + .nevents = end - start + 1, > + .action = act == 'A' ? KVM_PMU_EVENT_ALLOW : > + KVM_PMU_EVENT_DENY, > + }; > + > + attr.addr = (uint64_t)&filter; That could move to the initialization of attr (the address of filter doesn't change). > + if (!kvm_arm_set_device_attr(cs, &attr, "PMU Event Filter")) { > + error_report("Failed to init PMU Event Filter\n"); > + abort(); > + } > + } > + > + g_free(tmp); > +} > + > void kvm_arm_pmu_init(CPUState *cs) > { > struct kvm_device_attr attr = { > .group = KVM_ARM_VCPU_PMU_V3_CTRL, > .attr = KVM_ARM_VCPU_PMU_V3_INIT, > }; > + static bool pmu_filter_init = false; > > if (!ARM_CPU(cs)->has_pmu) { > return; > } > + if (!pmu_filter_init) { > + kvm_arm_pmu_filter_init(cs); > + pmu_filter_init = true; pmu_filter_init could move inside kvm_arm_pmu_filter_init() - maybe together with a comment that this only needs to be called for 1 vcpu. Thanks, Sebastian
Hi Sebastian, On 11/15/23 20:17, Sebastian Ott wrote: > Hi, > > On Mon, 13 Nov 2023, Shaoqin Huang wrote: >> + ``pmu-filter={A,D}:start-end[;...]`` >> + KVM implements pmu event filtering to prevent a guest from >> being able to >> + sample certain events. It has the following format: >> + >> + pmu-filter="{A,D}:start-end[;{A,D}:start-end...]" >> + >> + The A means "allow" and D means "deny", start if the first event >> of the > ^ > is > Thanks for point it out. > Also it should be stated that the first filter action defines if the whole > list is an allow or a deny list. > >> +static void kvm_arm_pmu_filter_init(CPUState *cs) >> +{ >> + struct kvm_pmu_event_filter filter; >> + struct kvm_device_attr attr = { >> + .group = KVM_ARM_VCPU_PMU_V3_CTRL, >> + .attr = KVM_ARM_VCPU_PMU_V3_FILTER, >> + }; >> + KVMState *kvm_state = cs->kvm_state; >> + char *tmp; >> + char *str, act; >> + >> + if (!kvm_state->kvm_pmu_filter) >> + return; >> + >> + tmp = g_strdup(kvm_state->kvm_pmu_filter); >> + >> + for (str = strtok(tmp, ";"); str != NULL; str = strtok(NULL, ";")) { >> + unsigned short start = 0, end = 0; >> + >> + sscanf(str, "%c:%hx-%hx", &act, &start, &end); >> + if ((act != 'A' && act != 'D') || (!start && !end)) { >> + error_report("skipping invalid filter %s\n", str); >> + continue; >> + } >> + >> + filter = (struct kvm_pmu_event_filter) { >> + .base_event = start, >> + .nevents = end - start + 1, >> + .action = act == 'A' ? KVM_PMU_EVENT_ALLOW : >> + KVM_PMU_EVENT_DENY, >> + }; >> + >> + attr.addr = (uint64_t)&filter; > > That could move to the initialization of attr (the address of filter > doesn't change). > It looks better. Will change it. >> + if (!kvm_arm_set_device_attr(cs, &attr, "PMU Event Filter")) { >> + error_report("Failed to init PMU Event Filter\n"); >> + abort(); >> + } >> + } >> + >> + g_free(tmp); >> +} >> + >> void kvm_arm_pmu_init(CPUState *cs) >> { >> struct kvm_device_attr attr = { >> .group = KVM_ARM_VCPU_PMU_V3_CTRL, >> .attr = KVM_ARM_VCPU_PMU_V3_INIT, >> }; >> + static bool pmu_filter_init = false; >> >> if (!ARM_CPU(cs)->has_pmu) { >> return; >> } >> + if (!pmu_filter_init) { >> + kvm_arm_pmu_filter_init(cs); >> + pmu_filter_init = true; > > pmu_filter_init could move inside kvm_arm_pmu_filter_init() - maybe > together with a comment that this only needs to be called for 1 vcpu. Good idea. Will do that. Thanks, Shaoqin > > Thanks, > Sebastian >
© 2016 - 2024 Red Hat, Inc.