Zhao Liu <zhao1....@intel.com> writes: > On Fri, Apr 11, 2025 at 06:38:35AM +0200, Markus Armbruster wrote: >> Date: Fri, 11 Apr 2025 06:38:35 +0200 >> From: Markus Armbruster <arm...@redhat.com> >> Subject: Re: [PATCH 1/5] qapi/qom: Introduce kvm-pmu-filter object >> >> Zhao Liu <zhao1....@intel.com> writes: >> >> > Hi Markus >> > >> > On Thu, Apr 10, 2025 at 04:21:01PM +0200, Markus Armbruster wrote: >> >> Date: Thu, 10 Apr 2025 16:21:01 +0200 >> >> From: Markus Armbruster <arm...@redhat.com> >> >> Subject: Re: [PATCH 1/5] qapi/qom: Introduce kvm-pmu-filter object >> >> >> >> Zhao Liu <zhao1....@intel.com> writes: >> >> >> >> > Introduce the kvm-pmu-filter object and support the PMU event with raw >> >> > format. >> >> >> >> Remind me, what does the kvm-pmu-filter object do, and why would we >> >> want to use it? >> > >> > KVM PMU filter allows user space to set PMU event whitelist / blacklist >> > for Guest. Both ARM and x86's KVMs accept a list of PMU events, and x86 >> > also accpets other formats & fixed counter field. >> >> But what does the system *do* with these event lists? > > This is for security purposes, and can restrict Guest users from > accessing certain sensitive hardware information on the Host via perf or > PMU counter. > > When a PMU event is blocked by KVM, Guest users can't get the > corresponding event count via perf/PMU counter. > > EMM, if ‘system’ refers to the QEMU part, then QEMU is responsible > for checking the format and passing the list to KVM. > > Thanks, > Zhao
This helped some, thanks. To make sure I got it: KVM can restrict the guest's access to the PMU. This is either a whitelist (guest can access exactly what's on this list), or a blacklist (guest can access exactly what's not this list). QEMU's kvm-pmu-filter object provides an interface to this KVM feature. KVM takes "raw" list entries: an entry is a number, and the number's meaning depends on the architecture. The kvm-pmu-filter object can take such entries, and passes them to straight to KVM. On x86, we commonly use two slightly higher level formats: select & umask, and masked. The kvm-pmu-filter object can take entries in either format, and maps them to "raw". Correct?
