| From: |
| Megha Dey <megha.dey-AT-linux.intel.com> |
| To: |
| x86-AT-kernel.org, linux-kernel-AT-vger.kernel.org, linux-doc-AT-vger.kernel.org |
| Subject: |
| [PATCH V0 0/3] perf/x86/intel: Add Branch Monitoring support |
| Date: |
| Fri, 3 Nov 2017 11:00:03 -0700 |
| Message-ID: |
| <1509732006-5917-1-git-send-email-megha.dey@linux.intel.com> |
| Cc: |
| tglx-AT-linutronix.de, mingo-AT-redhat.com, hpa-AT-zytor.com, andriy.shevchenko-AT-linux.intel.com, kstewart-AT-linuxfoundation.org, yu-cheng.yu-AT-intel.com, len.brown-AT-intel.com, gregkh-AT-linuxfoundation.org, peterz-AT-infradead.org, acme-AT-kernel.org, alexander.shishkin-AT-linux.intel.com, jolsa-AT-redhat.com, namhyung-AT-kernel.org, vikas.shivappa-AT-linux.intel.com, pombredanne-AT-nexb.com, me-AT-kylehuey.com, bp-AT-suse.de, grzegorz.andrejczuk-AT-intel.com, tony.luck-AT-intel.com, corbet-AT-lwn.net, ravi.v.shankar-AT-intel.com, megha.dey-AT-intel.com, Megha Dey <megha.dey-AT-linux.intel.com> |
This patchset adds support for Intel's branch monitoring feature. This
feature uses heuristics to detect the occurrence of an ROP(Return Oriented
Programming) or ROP like(JOP: Jump oriented programming) attack. These
heuristics are based off certain performance monitoring statistics,
measured dynamically over a short configurable window period. ROP is a
malware trend in which the attacker can compromise a return pointer held
on the stack to redirect execution to a different desired instruction.
Currently, only the Cannonlake family of Intel processors support this
feature. This feature is enabled by CONFIG_PERF_EVENTS_INTEL_BM.
Once the kernel is compiled with CONFIG_PERF_EVENTS_INTEL_BM=y on a
Cannonlake system, the following perf events are added which can be viewed
with perf list:
intel_bm/branch-misp/ [Kernel PMU event]
intel_bm/call-ret/ [Kernel PMU event]
intel_bm/far-branch/ [Kernel PMU event]
intel_bm/indirect-branch-misp/ [Kernel PMU event]
intel_bm/ret-misp/ [Kernel PMU event]
intel_bm/rets/ [Kernel PMU event]
A perf-based kernel driver has been used to monitor the occurrence of
one of the 6 branch monitoring events. There are 2 counters that each
can select between one of these events for evaluation over a specified
instruction window size (0 to 1023). For each counter, a threshold value
(0 to 127) can be configured to set a point at which an interrupt is
generated. The entire system can monitor a maximum of 2 events(either
from the same or different tasks) at any given time.
Apart from the kernel driver, this patchset adds CPUID of Cannonlake
processors to Intel family list and the Documentation/x86/intel_bm.txt
file with some information about Intel Branch monitoring.
Megha Dey (3):
x86/cpu/intel: Add Cannonlake to Intel family
perf/x86/intel/bm.c: Add Intel Branch Monitoring support
x86, bm: Add documentation on Intel Branch Monitoring
Documentation/x86/intel_bm.txt | 216 ++++++++++++
arch/x86/events/Kconfig | 10 +
arch/x86/events/intel/Makefile | 2 +
arch/x86/events/intel/bm.c | 635 ++++++++++++++++++++++++++++++++++++
arch/x86/include/asm/intel-family.h | 2 +
arch/x86/include/asm/msr-index.h | 5 +
include/linux/perf_event.h | 8 +-
kernel/events/core.c | 8 +
8 files changed, 885 insertions(+), 1 deletion(-)
create mode 100644 Documentation/x86/intel_bm.txt
create mode 100644 arch/x86/events/intel/bm.c
--
1.9.1
