mirror of
https://github.com/torvalds/linux.git
synced 2026-04-18 14:53:58 -04:00
59af95e028
Starting with Panther Cove, the rdpmc user disable feature is supported. This feature allows the perf system to disable user space rdpmc reads at the counter level. Currently, when a global counter is active, any user with rdpmc rights can read it, even if perf access permissions forbid it (e.g., disallow reading ring 0 counters). The rdpmc user disable feature mitigates this security concern. Details: - A new RDPMC_USR_DISABLE bit (bit 37) in each EVNTSELx MSR indicates that the GP counter cannot be read by RDPMC in ring 3. - New RDPMC_USR_DISABLE bits in IA32_FIXED_CTR_CTRL MSR (bits 33, 37, 41, 45, etc.) for fixed counters 0, 1, 2, 3, etc. - When calling rdpmc instruction for counter x, the following pseudo code demonstrates how the counter value is obtained: If (!CPL0 && RDPMC_USR_DISABLE[x] == 1) ? 0 : counter_value; - RDPMC_USR_DISABLE is enumerated by CPUID.0x23.0.EBX[2]. This patch extends the current global user space rdpmc control logic via the sysfs interface (/sys/devices/cpu/rdpmc) as follows: - rdpmc = 0: Global user space rdpmc and counter-level user space rdpmc for all counters are both disabled. - rdpmc = 1: Global user space rdpmc is enabled during the mmap-enabled time window, and counter-level user space rdpmc is enabled only for non-system-wide events. This prevents counter data leaks as count data is cleared during context switches. - rdpmc = 2: Global user space rdpmc and counter-level user space rdpmc for all counters are enabled unconditionally. The new rdpmc settings only affect newly activated perf events; currently active perf events remain unaffected. This simplifies and cleans up the code. The default value of rdpmc remains unchanged at 1. For more details about rdpmc user disable, please refer to chapter 15 "RDPMC USER DISABLE" in ISE documentation. Signed-off-by: Dapeng Mi <dapeng1.mi@linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://patch.msgid.link/20260114011750.350569-8-dapeng1.mi@linux.intel.com
45 lines
2.2 KiB
Plaintext
45 lines
2.2 KiB
Plaintext
What: /sys/bus/event_source/devices/cpu.../rdpmc
|
|
Date: November 2011
|
|
KernelVersion: 3.10
|
|
Contact: Linux kernel mailing list linux-kernel@vger.kernel.org
|
|
Description: The /sys/bus/event_source/devices/cpu.../rdpmc attribute
|
|
is used to show/manage if rdpmc instruction can be
|
|
executed in user space. This attribute supports 3 numbers.
|
|
- rdpmc = 0
|
|
user space rdpmc is globally disabled for all PMU
|
|
counters.
|
|
- rdpmc = 1
|
|
user space rdpmc is globally enabled only in event mmap
|
|
ioctl called time window. If the mmap region is unmapped,
|
|
user space rdpmc is disabled again.
|
|
- rdpmc = 2
|
|
user space rdpmc is globally enabled for all PMU
|
|
counters.
|
|
|
|
In the Intel platforms supporting counter level's user
|
|
space rdpmc disable feature (CPUID.23H.EBX[2] = 1), the
|
|
meaning of 3 numbers is extended to
|
|
- rdpmc = 0
|
|
global user space rdpmc and counter level's user space
|
|
rdpmc of all counters are both disabled.
|
|
- rdpmc = 1
|
|
No changes on behavior of global user space rdpmc.
|
|
counter level's rdpmc of system-wide events is disabled
|
|
but counter level's rdpmc of non-system-wide events is
|
|
enabled.
|
|
- rdpmc = 2
|
|
global user space rdpmc and counter level's user space
|
|
rdpmc of all counters are both enabled unconditionally.
|
|
|
|
The default value of rdpmc is 1.
|
|
|
|
Please notice:
|
|
- global user space rdpmc's behavior would change
|
|
immediately along with the rdpmc value's change,
|
|
but the behavior of counter level's user space rdpmc
|
|
won't take effect immediately until the event is
|
|
reactivated or recreated.
|
|
- The rdpmc attribute is global, even for x86 hybrid
|
|
platforms. For example, changing cpu_core/rdpmc will
|
|
also change cpu_atom/rdpmc.
|