From: Mathieu Poirier <mathieu.poirier@linaro.org>
To: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
Cc: Denis Nikitin <denik@chromium.org>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
linux-arm-msm@vger.kernel.org, coresight@lists.linaro.org,
linux-kernel@vger.kernel.org, Stephen Boyd <swboyd@chromium.org>,
linux-arm-kernel@lists.infradead.org,
Mike Leach <mike.leach@linaro.org>
Subject: Re: [PATCH] coresight: etm4x: Add config to exclude kernel mode tracing
Date: Thu, 15 Oct 2020 10:02:57 -0600 [thread overview]
Message-ID: <20201015160257.GA1450102@xps15> (raw)
In-Reply-To: <20201015124522.1876-1-saiprakash.ranjan@codeaurora.org>
On Thu, Oct 15, 2020 at 06:15:22PM +0530, Sai Prakash Ranjan wrote:
> On production systems with ETMs enabled, it is preferred to
> exclude kernel mode(NS EL1) tracing for security concerns and
> support only userspace(NS EL0) tracing. So provide an option
> via kconfig to exclude kernel mode tracing if it is required.
> This config is disabled by default and would not affect the
> current configuration which has both kernel and userspace
> tracing enabled by default.
>
One requires root access (or be part of a special trace group) to be able to use
the cs_etm PMU. With this kind of elevated access restricting tracing at EL1
provides little in terms of security.
Thanks,
Mathieu
> Signed-off-by: Sai Prakash Ranjan <saiprakash.ranjan@codeaurora.org>
> ---
> drivers/hwtracing/coresight/Kconfig | 9 +++++++++
> drivers/hwtracing/coresight/coresight-etm4x-core.c | 6 +++++-
> 2 files changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/hwtracing/coresight/Kconfig b/drivers/hwtracing/coresight/Kconfig
> index c1198245461d..52435de8824c 100644
> --- a/drivers/hwtracing/coresight/Kconfig
> +++ b/drivers/hwtracing/coresight/Kconfig
> @@ -110,6 +110,15 @@ config CORESIGHT_SOURCE_ETM4X
> To compile this driver as a module, choose M here: the
> module will be called coresight-etm4x.
>
> +config CORESIGHT_ETM4X_EXCL_KERN
> + bool "Coresight ETM 4.x exclude kernel mode tracing"
> + depends on CORESIGHT_SOURCE_ETM4X
> + help
> + This will exclude kernel mode(NS EL1) tracing if enabled. This option
> + will be useful to provide more flexible options on production systems
> + where only userspace(NS EL0) tracing might be preferred for security
> + reasons.
> +
> config CORESIGHT_STM
> tristate "CoreSight System Trace Macrocell driver"
> depends on (ARM && !(CPU_32v3 || CPU_32v4 || CPU_32v4T)) || ARM64
> diff --git a/drivers/hwtracing/coresight/coresight-etm4x-core.c b/drivers/hwtracing/coresight/coresight-etm4x-core.c
> index abd706b216ac..7e5669e5cd1f 100644
> --- a/drivers/hwtracing/coresight/coresight-etm4x-core.c
> +++ b/drivers/hwtracing/coresight/coresight-etm4x-core.c
> @@ -832,6 +832,9 @@ static u64 etm4_get_ns_access_type(struct etmv4_config *config)
> {
> u64 access_type = 0;
>
> + if (IS_ENABLED(CONFIG_CORESIGHT_ETM4X_EXCL_KERN))
> + config->mode |= ETM_MODE_EXCL_KERN;
> +
> /*
> * EXLEVEL_NS, bits[15:12]
> * The Exception levels are:
> @@ -849,7 +852,8 @@ static u64 etm4_get_ns_access_type(struct etmv4_config *config)
> access_type = ETM_EXLEVEL_NS_HYP;
> }
>
> - if (config->mode & ETM_MODE_EXCL_USER)
> + if (config->mode & ETM_MODE_EXCL_USER &&
> + !IS_ENABLED(CONFIG_CORESIGHT_ETM4X_EXCL_KERN))
> access_type |= ETM_EXLEVEL_NS_APP;
>
> return access_type;
>
> base-commit: 3477326277451000bc667dfcc4fd0774c039184c
> --
> QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member
> of Code Aurora Forum, hosted by The Linux Foundation
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-10-15 16:04 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-15 12:45 [PATCH] coresight: etm4x: Add config to exclude kernel mode tracing Sai Prakash Ranjan
2020-10-15 14:27 ` Suzuki K Poulose
2020-10-16 8:30 ` Sai Prakash Ranjan
2020-10-15 16:02 ` Mathieu Poirier [this message]
[not found] ` <CADDJ8CXS8gGuXL45vR6xiHwJhZNcUJPvHMVYSGR6LDETRPJFiQ@mail.gmail.com>
2020-10-16 7:24 ` Leo Yan
2020-10-16 8:40 ` Sai Prakash Ranjan
2020-10-16 9:24 ` Leo Yan
2020-10-16 10:30 ` Sai Prakash Ranjan
2020-10-16 11:38 ` Suzuki Poulose
2020-10-16 13:14 ` Leo Yan
2020-10-16 13:17 ` Suzuki Poulose
2020-10-16 11:11 ` Suzuki Poulose
[not found] ` <dd400fd7017a5d92b55880cf28378267@codeaurora.org>
2021-01-18 14:47 ` Mattias Nissler
2021-01-18 20:23 ` Mathieu Poirier
[not found] ` <32216e9fa5c9ffb9df1123792d40eafb@codeaurora.org>
2021-01-19 8:36 ` Al Grant
[not found] ` <03b893801841f732a25072b4e62f8e0b@codeaurora.org>
2021-01-19 10:33 ` Suzuki K Poulose
2021-01-19 11:56 ` Al Grant
2021-01-20 18:48 ` Mathieu Poirier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201015160257.GA1450102@xps15 \
--to=mathieu.poirier@linaro.org \
--cc=coresight@lists.linaro.org \
--cc=denik@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mike.leach@linaro.org \
--cc=saiprakash.ranjan@codeaurora.org \
--cc=suzuki.poulose@arm.com \
--cc=swboyd@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).