From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25203C433E0 for ; Mon, 18 Jan 2021 20:25:47 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AAE2422C9D for ; Mon, 18 Jan 2021 20:25:46 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AAE2422C9D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=IyPBsMWWv2kKBS0v1Jk8vGfwCX2NvY4I7svdocoRHMo=; b=v6zNuzQJVX45yNRNUYze1RRgM BdO1CRUeGFusAbZb+jmXpPoGPyDWXlS7Ej1hU6vChU0Sf9zsTbjCMigKltVa1Vx/VXAzuI9xr8mco aFkuhDswBfxC42jzECyEyJbIK2Kkctzhssl3ez5LIsoUOqjDyGHh2rAxrwWMM9VedFtDGlThAo3bo YA9Gmu5jkfjwbLa9ylyGYGxm9TcdZFwiHDL9v1fRTmimphDXb4OBt5T9Uqly802lJ20rlwxOaCImL Eir/OAImWQf9Pf5BxJwlCenHJYf07AJHAIFmbRmiXe1zVRRzvS2pN+ynbkUklFH2eZnpmda/mqgz7 rQtyYuepQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1l1b4F-00013X-Kv; Mon, 18 Jan 2021 20:24:03 +0000 Received: from mail-pg1-x52d.google.com ([2607:f8b0:4864:20::52d]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1l1b4C-00012k-5o for linux-arm-kernel@lists.infradead.org; Mon, 18 Jan 2021 20:24:01 +0000 Received: by mail-pg1-x52d.google.com with SMTP id c22so11575206pgg.13 for ; Mon, 18 Jan 2021 12:23:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=PRwPVFLZbO3DnAQ42ccV130KeMHAu1TzeUayWROwv/U=; b=D2VzllMwI2rSMF3fX1njbMFiKbfDpQ3IXRCYQgDbNGdf1yPZ150jNDDBeTZ+3rw+P2 5FnicS/fv346tnbPPjPFrElvpO4GK/EpxP39jG8NBTLBAGGP/hPE33tHcwGdcEesVXlt G8liJ4Y7tDRNrqjMdNcP4RQoQ5Oytb2eoShFWME3gd1RaE8PrsGULM+jnSEOK3HIZce4 JmbvAKFS56TNaJj6y6eUWun9j6i2uLH9fusqwr9RscqhgmF5FGkyhquxgXrAaDb8k6y4 MAuYwzp0Myr0wGHUZzPbT4Nb1OU3+szJhcUoaMr+09LjodIERu1H1iPD84VKmY8eg4gN lTfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=PRwPVFLZbO3DnAQ42ccV130KeMHAu1TzeUayWROwv/U=; b=QDYLX/ahiQ44ssRN9Ren45xmKnDx1oTHf/aoU4II9zQH9WJUmxnn678yyFXdIQ7E+u GrKS+XG4g7AAlb0JiCxO4E17khB5oIrP1+UcEFreNvUTGLsWr/gYwbmuEaYukDvSiOo4 Hrnd7ztsnByHoVMMHZydB3nYY3w22PLJd9R5E14OBKxVWaG/NtaWmPioRTayP+ApPiN5 EzGCDW8yITaBsn4EXOm0mM7h8+Cm1WWfSRFzlO2h9RGFvCeYnIX+pGhFLO15wKFnHPqv soLqhrAqqa55kLw6GunsgBUg0kxaifWZe6Jw2uJrru4Xk6QJtUSHoWFigIlHKp+d4Xmr LtKA== X-Gm-Message-State: AOAM5317ItxSyOAyYok05G5+1rFhJ8J8JWfH4guURNhCXohMXqLgoZaR 9XdkxCASVZviVbX/5oPg9jcO8Q== X-Google-Smtp-Source: ABdhPJy+XiAne7fTflPqmQNXkPVAJW9nmT50Uu+iH1IjIiuVrMWcUoQzrZt24boa3WoZAdDT6VX/dg== X-Received: by 2002:a63:c441:: with SMTP id m1mr1233168pgg.353.1611001437058; Mon, 18 Jan 2021 12:23:57 -0800 (PST) Received: from xps15 (S0106889e681aac74.cg.shawcable.net. [68.147.0.187]) by smtp.gmail.com with ESMTPSA id br21sm259184pjb.9.2021.01.18.12.23.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jan 2021 12:23:56 -0800 (PST) Date: Mon, 18 Jan 2021 13:23:54 -0700 From: Mathieu Poirier To: Sai Prakash Ranjan Subject: Re: [PATCH] coresight: etm4x: Add config to exclude kernel mode tracing Message-ID: <20210118202354.GC464579@xps15> References: <20201015124522.1876-1-saiprakash.ranjan@codeaurora.org> <20201015160257.GA1450102@xps15> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210118_152400_542839_49FF2E26 X-CRM114-Status: GOOD ( 25.77 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Al Grant , Denis Nikitin , Suzuki K Poulose , linux-arm-msm@vger.kernel.org, coresight@lists.linaro.org, linux-kernel@vger.kernel.org, Stephen Boyd , leo.yan@linaro.org, mnissler@google.com, linux-arm-kernel@lists.infradead.org, Mike Leach Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Fri, Jan 15, 2021 at 11:16:24AM +0530, Sai Prakash Ranjan wrote: > Hello Mathieu, Suzuki > > On 2020-10-15 21:32, Mathieu Poirier wrote: > > On Thu, Oct 15, 2020 at 06:15:22PM +0530, Sai Prakash Ranjan wrote: > > > On production systems with ETMs enabled, it is preferred to > > > exclude kernel mode(NS EL1) tracing for security concerns and > > > support only userspace(NS EL0) tracing. So provide an option > > > via kconfig to exclude kernel mode tracing if it is required. > > > This config is disabled by default and would not affect the > > > current configuration which has both kernel and userspace > > > tracing enabled by default. > > > > > > > One requires root access (or be part of a special trace group) to be > > able to use > > the cs_etm PMU. With this kind of elevated access restricting tracing > > at EL1 > > provides little in terms of security. > > > > Apart from the VM usecase discussed, I am told there are other > security concerns here regarding need to exclude kernel mode tracing > even for the privileged users/root. One such case being the ability > to analyze cryptographic code execution since ETMs can record all > branch instructions including timestamps in the kernel and there may > be other cases as well which I may not be aware of and hence have > added Denis and Mattias. Please let us know if you have any questions > further regarding this not being a security concern. Even if we were to apply this patch there are many ways to compromise a system or get the kernel to reveal important information using the perf subsystem. I would perfer to tackle the problem at that level rather than concentrating on coresight. > > After this discussion, I would like to post a v2 based on Suzuki's > feedback earlier. @Suzuki, I have a common config for ETM3 and ETM4 > but couldn't get much idea on how to implement it for Intel PTs, if > you have any suggestions there, please do share or we can have this > only for Coresight ETMs. > > Thanks, > Sai > > -- > QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member > of Code Aurora Forum, hosted by The Linux Foundation _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel