KVM: x86: PMU Event Filter
Some events can provide a guest with information about other guests or the host (e.g. L3 cache stats); providing the capability to restrict access to a "safe" set of events would limit the potential for the PMU to be used in any side channel attacks. This change introduces a new VM ioctl that sets an event filter. If the guest attempts to program a counter for any blacklisted or non-whitelisted event, the kernel counter won't be created, so any RDPMC/RDMSR will show 0 instances of that event. Signed-off-by: Eric Hankland <ehankland@google.com> [Lots of changes. All remaining bugs are probably mine. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Eric Hankland
committed by
Paolo Bonzini
Paolo Bonzini
parent
cdc238eb72
commit
66bb8a065f
@@ -422,4 +422,14 @@ struct kvm_nested_state {
|
||||
__u8 data[0];
|
||||
};
|
||||
|
||||
/* for KVM_CAP_PMU_EVENT_FILTER */
|
||||
struct kvm_pmu_event_filter {
|
||||
__u32 action;
|
||||
__u32 nevents;
|
||||
__u64 events[0];
|
||||
};
|
||||
|
||||
#define KVM_PMU_EVENT_ALLOW 0
|
||||
#define KVM_PMU_EVENT_DENY 1
|
||||
|
||||
#endif /* _ASM_X86_KVM_H */
|
||||
|
||||
Reference in New Issue
Block a user