On Fri, Apr 11, 2025 at 06:38:35AM +0200, Markus Armbruster wrote: > Date: Fri, 11 Apr 2025 06:38:35 +0200 > From: Markus Armbruster <arm...@redhat.com> > Subject: Re: [PATCH 1/5] qapi/qom: Introduce kvm-pmu-filter object > > Zhao Liu <zhao1....@intel.com> writes: > > > Hi Markus > > > > On Thu, Apr 10, 2025 at 04:21:01PM +0200, Markus Armbruster wrote: > >> Date: Thu, 10 Apr 2025 16:21:01 +0200 > >> From: Markus Armbruster <arm...@redhat.com> > >> Subject: Re: [PATCH 1/5] qapi/qom: Introduce kvm-pmu-filter object > >> > >> Zhao Liu <zhao1....@intel.com> writes: > >> > >> > Introduce the kvm-pmu-filter object and support the PMU event with raw > >> > format. > >> > >> Remind me, what does the kvm-pmu-filter object do, and why would we > >> want to use it? > > > > KVM PMU filter allows user space to set PMU event whitelist / blacklist > > for Guest. Both ARM and x86's KVMs accept a list of PMU events, and x86 > > also accpets other formats & fixed counter field. > > But what does the system *do* with these event lists?
This is for security purposes, and can restrict Guest users from accessing certain sensitive hardware information on the Host via perf or PMU counter. When a PMU event is blocked by KVM, Guest users can't get the corresponding event count via perf/PMU counter. EMM, if ‘system’ refers to the QEMU part, then QEMU is responsible for checking the format and passing the list to KVM. Thanks, Zhao
