Hello Mathieu, Suzuki
On 2020-10-15 21:32, Mathieu Poirier wrote:
On Thu, Oct 15, 2020 at 06:15:22PM +0530, Sai Prakash Ranjan wrote:
On production systems with ETMs enabled, it is preferred to exclude kernel mode(NS EL1) tracing for security concerns and support only userspace(NS EL0) tracing. So provide an option via kconfig to exclude kernel mode tracing if it is required. This config is disabled by default and would not affect the current configuration which has both kernel and userspace tracing enabled by default.
One requires root access (or be part of a special trace group) to be able to use the cs_etm PMU. With this kind of elevated access restricting tracing at EL1 provides little in terms of security.
Apart from the VM usecase discussed, I am told there are other security concerns here regarding need to exclude kernel mode tracing even for the privileged users/root. One such case being the ability to analyze cryptographic code execution since ETMs can record all branch instructions including timestamps in the kernel and there may be other cases as well which I may not be aware of and hence have added Denis and Mattias. Please let us know if you have any questions further regarding this not being a security concern.
After this discussion, I would like to post a v2 based on Suzuki's feedback earlier. @Suzuki, I have a common config for ETM3 and ETM4 but couldn't get much idea on how to implement it for Intel PTs, if you have any suggestions there, please do share or we can have this only for Coresight ETMs.
Thanks, Sai