KVM: x86: PMU Event Filter

See KVM_ARM_VCPU_INIT for details of vcpu features that require finalization

using this ioctl.

4.120 KVM_SET_PMU_EVENT_FILTER

Capability: KVM_CAP_PMU_EVENT_FILTER

Architectures: x86

Type: vm ioctl

Parameters: struct kvm_pmu_event_filter (in)

Returns: 0 on success, -1 on error

struct kvm_pmu_event_filter {

       __u32 action;

       __u32 nevents;

       __u64 events[0];

};

This ioctl restricts the set of PMU events that the guest can program.

The argument holds a list of events which will be allowed or denied.

The eventsel+umask of each event the guest attempts to program is compared

against the events field to determine whether the guest should have access.

This only affects general purpose counters; fixed purpose counters can

be disabled by changing the perfmon CPUID leaf.

Valid values for 'action':

#define KVM_PMU_EVENT_ALLOW 0

#define KVM_PMU_EVENT_DENY 1

5. The kvm_run structure

------------------------

	bool guest_can_read_msr_platform_info;

	bool exception_payload_enabled;

	struct kvm_pmu_event_filter *pmu_event_filter;

};

struct kvm_vm_stat {

	__u8 data[0];

};

/* for KVM_CAP_PMU_EVENT_FILTER */

struct kvm_pmu_event_filter {

       __u32 action;

       __u32 nevents;

       __u64 events[0];

};

#define KVM_PMU_EVENT_ALLOW 0

#define KVM_PMU_EVENT_DENY 1

#endif /* _ASM_X86_KVM_H */

#include "lapic.h"

#include "pmu.h"

/* This keeps the total size of the filter under 4k. */

#define KVM_PMU_EVENT_FILTER_MAX_EVENTS 63

/* NOTE:

 * - Each perf counter is defined as "struct kvm_pmc";

 * - There are two types of perf counters: general purpose (gp) and fixed.

{

	unsigned config, type = PERF_TYPE_RAW;

	u8 event_select, unit_mask;

	struct kvm *kvm = pmc->vcpu->kvm;

	struct kvm_pmu_event_filter *filter;

	int i;

	bool allow_event = true;

	if (eventsel & ARCH_PERFMON_EVENTSEL_PIN_CONTROL)

		printk_once("kvm pmu: pin control bit is ignored\n");

	if (!(eventsel & ARCH_PERFMON_EVENTSEL_ENABLE) || !pmc_is_enabled(pmc))

		return;

	filter = srcu_dereference(kvm->arch.pmu_event_filter, &kvm->srcu);

	if (filter) {

		for (i = 0; i < filter->nevents; i++)

			if (filter->events[i] ==

			    (eventsel & AMD64_RAW_EVENT_MASK_NB))

				break;

		if (filter->action == KVM_PMU_EVENT_ALLOW &&

		    i == filter->nevents)

			allow_event = false;

		if (filter->action == KVM_PMU_EVENT_DENY &&

		    i < filter->nevents)

			allow_event = false;

	}

	if (!allow_event)

		return;

	event_select = eventsel & ARCH_PERFMON_EVENTSEL_EVENT;

	unit_mask = (eventsel & ARCH_PERFMON_EVENTSEL_UMASK) >> 8;

{

	kvm_pmu_reset(vcpu);

}

int kvm_vm_ioctl_set_pmu_event_filter(struct kvm *kvm, void __user *argp)

{

	struct kvm_pmu_event_filter tmp, *filter;

	size_t size;

	int r;

	if (copy_from_user(&tmp, argp, sizeof(tmp)))

		return -EFAULT;

	if (tmp.action != KVM_PMU_EVENT_ALLOW &&

	    tmp.action != KVM_PMU_EVENT_DENY)

		return -EINVAL;

	if (tmp.nevents > KVM_PMU_EVENT_FILTER_MAX_EVENTS)

		return -E2BIG;

	size = struct_size(filter, events, tmp.nevents);

	filter = kmalloc(size, GFP_KERNEL_ACCOUNT);

	if (!filter)

		return -ENOMEM;

	r = -EFAULT;

	if (copy_from_user(filter, argp, size))

		goto cleanup;

	/* Ensure nevents can't be changed between the user copies. */

	*filter = tmp;

	mutex_lock(&kvm->lock);

	rcu_swap_protected(kvm->arch.pmu_event_filter, filter,

			   mutex_is_locked(&kvm->lock));

	mutex_unlock(&kvm->lock);

	synchronize_srcu_expedited(&kvm->srcu);

 	r = 0;

cleanup:

	kfree(filter);

 	return r;

}

void kvm_pmu_reset(struct kvm_vcpu *vcpu);

void kvm_pmu_init(struct kvm_vcpu *vcpu);

void kvm_pmu_destroy(struct kvm_vcpu *vcpu);

int kvm_vm_ioctl_set_pmu_event_filter(struct kvm *kvm, void __user *argp);

bool is_vmware_backdoor_pmc(u32 pmc_idx);