Since we aren't using QEMU, I don't have those patches ready yet, but I can work on them if you want to review them at the same time as this patch. The architectural events (minus the LLC events) are probably a reasonable starting point for the whitelist. Eric On Thu, Jun 6, 2019 at 12:31 AM Wei Wang <wei.w.wang@xxxxxxxxx> wrote: > > On 06/06/2019 05:35 AM, Eric Hankland wrote: > >>> Right - I'm aware there are other ways of detecting this - it's still > >>> a class of events that some people don't want to surface. I'll ask if > >>> there are any better examples. > > I asked and it sounds like we are treating all events as potentially > > insecure until they've been reviewed. If Intel were to publish > > official (reasonably substantiated) guidance stating that the PMU is > > secure, then I think we'd be happy without such a safeguard in place, > > but short of that I think we want to err on the side of caution. > > > > I'm not aware of any vendors who'd published statements like that. > > Anyway, are you ready to share your QEMU patches or the events you want > to be on the whitelists? > > > Best, > Wei