| From a01994f5e5c79d3a35e5e8cf4252c7f2147323c3 Mon Sep 17 00:00:00 2001 |
| From: Peter Zijlstra <peterz@infradead.org> |
| Date: Thu, 27 Jan 2022 12:32:51 +0100 |
| Subject: x86/perf: Default set FREEZE_ON_SMI for all |
| |
| From: Peter Zijlstra <peterz@infradead.org> |
| |
| commit a01994f5e5c79d3a35e5e8cf4252c7f2147323c3 upstream. |
| |
| Kyle reported that rr[0] has started to malfunction on Comet Lake and |
| later CPUs due to EFI starting to make use of CPL3 [1] and the PMU |
| event filtering not distinguishing between regular CPL3 and SMM CPL3. |
| |
| Since this is a privilege violation, default disable SMM visibility |
| where possible. |
| |
| Administrators wanting to observe SMM cycles can easily change this |
| using the sysfs attribute while regular users don't have access to |
| this file. |
| |
| [0] https://rr-project.org/ |
| |
| [1] See the Intel white paper "Trustworthy SMM on the Intel vPro Platform" |
| at https://bugzilla.kernel.org/attachment.cgi?id=300300, particularly the |
| end of page 5. |
| |
| Reported-by: Kyle Huey <me@kylehuey.com> |
| Suggested-by: Andrew Cooper <Andrew.Cooper3@citrix.com> |
| Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> |
| Cc: stable@kernel.org |
| Link: https://lkml.kernel.org/r/YfKChjX61OW4CkYm@hirez.programming.kicks-ass.net |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| arch/x86/events/intel/core.c | 13 +++++++++++++ |
| 1 file changed, 13 insertions(+) |
| |
| --- a/arch/x86/events/intel/core.c |
| +++ b/arch/x86/events/intel/core.c |
| @@ -4353,6 +4353,19 @@ static __initconst const struct x86_pmu |
| .lbr_read = intel_pmu_lbr_read_64, |
| .lbr_save = intel_pmu_lbr_save, |
| .lbr_restore = intel_pmu_lbr_restore, |
| + |
| + /* |
| + * SMM has access to all 4 rings and while traditionally SMM code only |
| + * ran in CPL0, 2021-era firmware is starting to make use of CPL3 in SMM. |
| + * |
| + * Since the EVENTSEL.{USR,OS} CPL filtering makes no distinction |
| + * between SMM or not, this results in what should be pure userspace |
| + * counters including SMM data. |
| + * |
| + * This is a clear privilege issue, therefore globally disable |
| + * counting SMM by default. |
| + */ |
| + .attr_freeze_on_smi = 1, |
| }; |
| |
| static __init void intel_clovertown_quirk(void) |