On 05/02/2024 13:21, Oliver Upton wrote:
On Mon, Feb 05, 2024 at 01:15:36PM +0000, Marc Zyngier wrote:
On Mon, 05 Feb 2024 13:04:51 +0000, Oliver Upton oliver.upton@linux.dev wrote:
Unless someone has strong opinions about making this work in protected mode, I am happy to see tracing support limited to the 'normal' nVHE configuration. The protected feature as a whole is just baggage until upstream support is completed.
Limiting tracing to non-protected mode is a must IMO. Allowing tracing when pKVM is enabled is a sure way to expose secrets that should stay... secret. The only exception I can think of is when CONFIG_NVHE_EL2_DEBUG is enabled, at which point all bets are off.
Zero argument there :) I left off the "and PMU" part of what I was saying, because that was a feature that semi-worked in protected mode before VM/VCPU shadowing support landed.
In that case I can hide all this behind CONFIG_NVHE_EL2_DEBUG for pKVM. This will also have the effect of disabling PMU again for pKVM because I moved that into this new shared area.
The same place will be used to store the state for normal nVHE and at least then there is some code re-use and flexibility to use trace and PMU for debugging if needed. And the copy on every switch gets deleted.
-
James Clark