Message ID | 20240123221220.3911317-1-mizhang@google.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel+bounces-36120-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2553:b0:103:945f:af90 with SMTP id p19csp633640dyi; Tue, 23 Jan 2024 14:12:49 -0800 (PST) X-Google-Smtp-Source: AGHT+IGrLJF1tfWQl+x3EDGksYFMsXo4vpMDCHpE3BaJ+9tUvK9Eg6skbkvt06e/yjko0bUcpaVJ X-Received: by 2002:ac2:596f:0:b0:50e:fc9e:b8c1 with SMTP id h15-20020ac2596f000000b0050efc9eb8c1mr2939853lfp.31.1706047969179; Tue, 23 Jan 2024 14:12:49 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706047969; cv=pass; d=google.com; s=arc-20160816; b=iseWBJefEYjXCtPB1E3fVYtZkrCHQH+vQO2KxdXBEqBydjnRG9GOR1/C5WcytqH7dY SRreZCmlzHuUoKuyZuZzfAWw0vEp8FDMfZdgatlHfcsir+VVwmrCqX7OzqgJz6M9960Q tAA9Yn+Dd0+Kx3/aP4bOhkl3ZJAP6vaIS291i2yxbYUFJGPUNz2d7nNi4p+6PSj4QQlr zhVNIDTkolur99ZxKCF+j0x2AhBp9tHQsMhAg0wUbUpee41RpVgOpKH1CKHDvxKf2jwj HSfeTige8DA/iZHJVpSN5T4urAJlsDbuH7SoZxWfxptkJu5DrdyVoIIDuFx5v1NuM90Z 7xWQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:reply-to:dkim-signature; bh=wxlcqEi9GPSMvEkZ9TLbFMdD/IrKZGyQ1yOZzIdu8Ao=; fh=MG6/EmENZ7yENtIYpDKk4aG7T+p/lKT0q6MKJvU2Ndc=; b=PP7qdZ8cPu7oE5Q8ELU/zLAifMCRZnKJBiXK8CK3Hc0aBJa2xOijeOzYaSIAzt0dSA amKtNKOyuBZFsdsjhdwnjAQgHXQ0dKx2Q/lhCIINbFZz7mYM6mOWGz98C7+DbVBd1SxX kJCm6OENepYiplafOFgEgXFUAzc5P1QSB5QLarIdj/i53Krdmn46AmN/+5aORPgH9xvz 0rcfMjg+x+uZh6sQ1gsnfzT7ZCxIJ0nD2/v/WjTD0RMsLp32p0V7qo8GAOmvMR9Rl66H NWOTA+geB/xMntUjStLZJcIk2OcPhAV8nvMBoAIOP8r85osOlZYF+3tHs9+9GUy22MSD PtHw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=g062aeWH; arc=pass (i=1 spf=pass spfdomain=flex--mizhang.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-36120-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-36120-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id r25-20020a170906351900b00a30f3eaaecasi446188eja.406.2024.01.23.14.12.48 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jan 2024 14:12:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-36120-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=g062aeWH; arc=pass (i=1 spf=pass spfdomain=flex--mizhang.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-36120-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-36120-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id C636E1F2261F for <ouuuleilei@gmail.com>; Tue, 23 Jan 2024 22:12:48 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id CE3CB4F5F2; Tue, 23 Jan 2024 22:12:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="g062aeWH" Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A6E61A27C for <linux-kernel@vger.kernel.org>; Tue, 23 Jan 2024 22:12:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706047949; cv=none; b=S6bEw1X3Xarv5v9E6JS8fZpoy9UmObR4xaGzxjRruN8gpnBljZzVgXQFaW2BHtGZFdg/gRCArhuZid1nJUkoIUNMUJfNp6ZdLPxZJ9I+6fOhkDJ0HlvSDSWc23tRHGIhXQOnIytjD51pwriMqoPiU3GX78EViS3IfaDcJanv5aY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706047949; c=relaxed/simple; bh=yQx9UthoJeKm1WZYjbBJ01OFS6LBdI2HlCCVfimdaT8=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=tUc1oi9uBfd5baT5kCWKUi1OtBIgBwfNZXjHzDHMt9IK9PhbYxpZkvPdSC1uMVp+T406iYxhxfWAS/p7Z6Eg7KIJbetF7h1u1/kY1bnkdJO9QOpuDlbnpbbLfdxtTuxH55/7Zu0M0oCw9mHPGiGpT10o1/DYWdGuca8Zz733kDk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--mizhang.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=g062aeWH; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--mizhang.bounces.google.com Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-5ff85fabbecso63897477b3.3 for <linux-kernel@vger.kernel.org>; Tue, 23 Jan 2024 14:12:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706047945; x=1706652745; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc :subject:date:message-id:reply-to; bh=wxlcqEi9GPSMvEkZ9TLbFMdD/IrKZGyQ1yOZzIdu8Ao=; b=g062aeWHJ/f59eGp3G4MeV1vBg4sYUnRdNQAJ93h4lLiWRXdH1vzSEu17AOuBonxTC d4r0kIMpXea5i2beHHMH4nYudY6+MTnD0BLNEYExmycgFmEw6GQdRdPMRQWVv/YjaIhq /ftSu74hNYvpbjGsOJ/B8uiX8gOgTL9jRle2/WLAGsIFxn/73DYFgHvpZGnKXK53de/h y0L7x6Ua7HJb2E7EH3ZfbkRougIkTPV0aXM/HukB2WV6DfODT72K+RnJKpfJ6Ozw8qOT 1vY8UeLmqihHKsTnhqnfSpLY5cOQ7mc7pQ8VHOmBx/2qdr72NkvV60Ty8EzNfSzXgUiM e6tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706047945; x=1706652745; h=cc:to:from:subject:message-id:mime-version:date:reply-to :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=wxlcqEi9GPSMvEkZ9TLbFMdD/IrKZGyQ1yOZzIdu8Ao=; b=c/TVjc/kiYfZASsb9UyfgyxMpzlOSLxYHDhlLuGsASpQFn5UKsvDNm2d7IO4r4UzpN vmnTvqk6auKLdZSFeqikUqPba7/wYhT98QZXEpF/uZDY9RaV35OcXFw7SYVW+R1qW7kk Zn7/Q62ayaVXbYC8dxmlb7viRL87fUOS0sRgGVhKGzljLC42LaGn1gtAIkrn9VDOwWfH +2XXObjpTdovEiRhT8IBSglR7eyQBYfLHpUeb8BiV2h4DDhOx9Sww8vSKPGH5318j1hK OdVf/2+M51CP5W3JjktYQ9ajNyWL3JuZ7cYExOwbzdaaqXVdmhboWo8zr89S4zaKUt3R dZEg== X-Gm-Message-State: AOJu0YxtKb76HwxSNovKRDYDmzRi0alw3H9O90CNGyaFKA10sF5qkFrV cDW9uDmadBcWndC3QpvDFGw/Vu9WB8imR5l35jVix1AfGa7Z2yRhnLob4p+UH9BA/ZIuJro/VPV t/6VR3A== X-Received: from mizhang-super.c.googlers.com ([35.247.89.60]) (user=mizhang job=sendgmr) by 2002:a81:a096:0:b0:5e6:27ee:67fb with SMTP id x144-20020a81a096000000b005e627ee67fbmr2249829ywg.4.1706047945575; Tue, 23 Jan 2024 14:12:25 -0800 (PST) Reply-To: Mingwei Zhang <mizhang@google.com> Date: Tue, 23 Jan 2024 22:12:20 +0000 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> Mime-Version: 1.0 X-Mailer: git-send-email 2.43.0.429.g432eaa2c6b-goog Message-ID: <20240123221220.3911317-1-mizhang@google.com> Subject: [PATCH] KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl From: Mingwei Zhang <mizhang@google.com> To: Sean Christopherson <seanjc@google.com>, Paolo Bonzini <pbonzini@redhat.com> Cc: "H. Peter Anvin" <hpa@zytor.com>, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Mingwei Zhang <mizhang@google.com> Content-Type: text/plain; charset="UTF-8" X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1788920955418148045 X-GMAIL-MSGID: 1788920955418148045 |
Series |
KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl
|
|
Commit Message
Mingwei Zhang
Jan. 23, 2024, 10:12 p.m. UTC
Fix type length error since pmu->fixed_ctr_ctrl is u64 but the local
variable old_fixed_ctr_ctrl is u8. Truncating the value leads to
information loss at runtime. This leads to incorrect value in old_ctrl
retrieved from each field of old_fixed_ctr_ctrl and causes incorrect code
execution within the for loop of reprogram_fixed_counters(). So fix this
type to u64.
Fixes: 76d287b2342e ("KVM: x86/pmu: Drop "u8 ctrl, int idx" for reprogram_fixed_counter()")
Signed-off-by: Mingwei Zhang <mizhang@google.com>
---
arch/x86/kvm/vmx/pmu_intel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
base-commit: 6613476e225e090cc9aad49be7fa504e290dd33d
Comments
On Tue, Jan 23, 2024, Mingwei Zhang wrote: > Fix type length error since pmu->fixed_ctr_ctrl is u64 but the local > variable old_fixed_ctr_ctrl is u8. Truncating the value leads to > information loss at runtime. This leads to incorrect value in old_ctrl > retrieved from each field of old_fixed_ctr_ctrl and causes incorrect code > execution within the for loop of reprogram_fixed_counters(). So fix this > type to u64. But what is the actual fallout from this? Stating that the bug causes incorrect code execution isn't helpful, that's akin to saying water is wet. If I'm following the code correctly, the only fallout is that KVM may unnecessarily mark a fixed PMC as in use and reprogram it. I.e. the bug can result in (minor?) performance issues, but it won't cause functional problems. Understanding what actually goes wrong matters, because I'm trying to determine whether or not this needs to be fixed in 6.8 and backported to stable trees. If the bug is relatively benign, then this is fodder for 6.9. > Fixes: 76d287b2342e ("KVM: x86/pmu: Drop "u8 ctrl, int idx" for reprogram_fixed_counter()") > Signed-off-by: Mingwei Zhang <mizhang@google.com> > --- > arch/x86/kvm/vmx/pmu_intel.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c > index a6216c874729..315c7c2ba89b 100644 > --- a/arch/x86/kvm/vmx/pmu_intel.c > +++ b/arch/x86/kvm/vmx/pmu_intel.c > @@ -71,7 +71,7 @@ static int fixed_pmc_events[] = { > static void reprogram_fixed_counters(struct kvm_pmu *pmu, u64 data) > { > struct kvm_pmc *pmc; > - u8 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl; > + u64 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl; > int i; > > pmu->fixed_ctr_ctrl = data; > > base-commit: 6613476e225e090cc9aad49be7fa504e290dd33d > -- > 2.43.0.429.g432eaa2c6b-goog >
On 1/31/24 07:43, Sean Christopherson wrote: > On Tue, Jan 23, 2024, Mingwei Zhang wrote: >> Fix type length error since pmu->fixed_ctr_ctrl is u64 but the local >> variable old_fixed_ctr_ctrl is u8. Truncating the value leads to >> information loss at runtime. This leads to incorrect value in old_ctrl >> retrieved from each field of old_fixed_ctr_ctrl and causes incorrect code >> execution within the for loop of reprogram_fixed_counters(). So fix this >> type to u64. > > But what is the actual fallout from this? Stating that the bug causes incorrect > code execution isn't helpful, that's akin to saying water is wet. > > If I'm following the code correctly, the only fallout is that KVM may unnecessarily > mark a fixed PMC as in use and reprogram it. I.e. the bug can result in (minor?) > performance issues, but it won't cause functional problems. My this issue cause "Uhhuh. NMI received for unknown reason XX on CPU XX." at VM side? The PMC is still active while the VM side handle_pmi_common() is not going to handle it? Thank you very much! Dongli Zhang > > Understanding what actually goes wrong matters, because I'm trying to determine > whether or not this needs to be fixed in 6.8 and backported to stable trees. If > the bug is relatively benign, then this is fodder for 6.9. > >> Fixes: 76d287b2342e ("KVM: x86/pmu: Drop "u8 ctrl, int idx" for reprogram_fixed_counter()") >> Signed-off-by: Mingwei Zhang <mizhang@google.com> >> --- >> arch/x86/kvm/vmx/pmu_intel.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c >> index a6216c874729..315c7c2ba89b 100644 >> --- a/arch/x86/kvm/vmx/pmu_intel.c >> +++ b/arch/x86/kvm/vmx/pmu_intel.c >> @@ -71,7 +71,7 @@ static int fixed_pmc_events[] = { >> static void reprogram_fixed_counters(struct kvm_pmu *pmu, u64 data) >> { >> struct kvm_pmc *pmc; >> - u8 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl; >> + u64 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl; >> int i; >> >> pmu->fixed_ctr_ctrl = data; >> >> base-commit: 6613476e225e090cc9aad49be7fa504e290dd33d >> -- >> 2.43.0.429.g432eaa2c6b-goog >> >
diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c index a6216c874729..315c7c2ba89b 100644 --- a/arch/x86/kvm/vmx/pmu_intel.c +++ b/arch/x86/kvm/vmx/pmu_intel.c @@ -71,7 +71,7 @@ static int fixed_pmc_events[] = { static void reprogram_fixed_counters(struct kvm_pmu *pmu, u64 data) { struct kvm_pmc *pmc; - u8 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl; + u64 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl; int i; pmu->fixed_ctr_ctrl = data;