Message ID | 20230214050757.9623-6-likexu@tencent.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2768233wrn; Mon, 13 Feb 2023 21:09:55 -0800 (PST) X-Google-Smtp-Source: AK7set8TSncC00ClURJgfc7A7r966K6+bDV/e2RXL9ve0vEyJM+KBb06o+M8XtseFEy0M4ipWKtq X-Received: by 2002:a17:906:d9c4:b0:887:7871:2b2f with SMTP id qk4-20020a170906d9c400b0088778712b2fmr1533318ejb.61.1676351394927; Mon, 13 Feb 2023 21:09:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676351394; cv=none; d=google.com; s=arc-20160816; b=opyQZTdhxlMvku/DMGmU/Q6N2yIW4pBo/sXbY4w/lPC1F1vCnVIr4Xk9fc0h+5xNoq G9963B1zdBe4uB7ZrH8+Up42A2W473U3TxwqxQKQKt4QSeqOo0yqNkZcQkl7KLZhoWGS sfCOF7BhvSZWOp+f294UObOq0qwrQ5s+7HliawvUTlpgrdg1sEN7DHPlVf0eZfl95bDg vQ1kJasvLW28QlzJ5uR/6fHtIM+0wOm7EjZWBWuaU0jmFMViu00IIfZoguexrxwqfIIx mStS0r4ugezRuyPG8BsIbnclCqZqSWGMljl/zDzGTnPGlRHsKGAcYNfaVevDhyOEYN/R Uyhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=W8nmMz7oCfEUvj7t/4z9Ywq4QcB70oo3SFxj8XWRGOY=; b=P+gQU65AHwWMoCCY/HUpk16IocplBzjyYzntGsh8f2Kmvk1nxA6q34juScZ73nf6Mt QpQDaErIsthdhXcm+97+qU4RWXx7LI5jezEvJxzp98G6OE+l8HnOeTTATaDEz9L8urXS P6Wbq+5fXymLzytiF5AiYscqXbE25UfqZJraVdCi3qp6/4IdXKOZgEsv2bfH39N0rIQf 7ae5wsVUDH+J4kbjGfVbhx2D45WJBRcU/sQDaoiW3NkhwivDFsCwnlnnmRiVofQZyNnY Z45+jdOe1URgR1kA4AJDGy6/DeRtzfjSiljLn3CTn5uZHxcVqoEO76UjtZy+R1Zv2Yd7 TZQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=kw0OVoUx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cj18-20020a17090715d200b008b126048876si2136051ejc.244.2023.02.13.21.09.32; Mon, 13 Feb 2023 21:09:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=kw0OVoUx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231509AbjBNFIn (ORCPT <rfc822;tebrre53rla2o@gmail.com> + 99 others); Tue, 14 Feb 2023 00:08:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39284 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231419AbjBNFIc (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 14 Feb 2023 00:08:32 -0500 Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E371613534; Mon, 13 Feb 2023 21:08:25 -0800 (PST) Received: by mail-pl1-x635.google.com with SMTP id h4so8036993pll.9; Mon, 13 Feb 2023 21:08:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=W8nmMz7oCfEUvj7t/4z9Ywq4QcB70oo3SFxj8XWRGOY=; b=kw0OVoUxjjf8coMYsV721xacjRljMn2Aah2K8+ZnzE4JMDMTy8xzJFmbYUubTGoagR GvKqbvcCHCHwpynWNoCBBQazNeNrHzTioZuAWoAdW7jzGWWhJEZ7k6/WQ02EQyRVTaJO vtnQM0m26fNZmuqYIC7i7MlrBsxQymC4hZJ08QyD5NueIOVkSQBEF2bFxQurK7rDc/FH uMW8JS6dWH4ZRIDV3L5GfSzldBIe68IkUbzsc8WnSEMF84p/1WxkZ5H4f4uppwH/F4Be LfgrJFslq/Hj9naWkw5h7N++4YEhgFEuCoLvoJ+leeAHsKS+G1yJKt091bIf9YZ7xKyG 5ovQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=W8nmMz7oCfEUvj7t/4z9Ywq4QcB70oo3SFxj8XWRGOY=; b=uOtLfptgxV54usV9CLE1U78FbDqmsjdEoNpMyQHq7UY2zSH9wlKdYO5sSOTnuDYKTh lcFSWYeFLiSYF6fn2RQNtG1pyjE2sLdB/79qBzfS62VwbfAythhIMXUwJ1hOW6CD20MA KGdsewsrCwijP9+kYvJNRcoFDBDBOV3btt8On2qWSkF/Aesat0/GfNMvVy2U0U92vDAs okAQfzr3Yiug+bmnQ0ylVPLmB6/WJKo2luCcEaAQQ5yRSoAt5CMWZUwDOofg4FpEVORq T7ObM5Po9ilC5ZTKImuLvkbZEdeit2+XyFVCR1QylLiqXgGPOlFmmjmxQMaPooDyTrb5 SWkA== X-Gm-Message-State: AO0yUKVKB2LUD1vPT9v9PrNv4H+hxP42+TkI0qgsrz8Awxud9vEZICtL uuVqB5jKcKYdLfyeCr2LK5xgDbjyTWUkPqzHkSA= X-Received: by 2002:a05:6a21:33aa:b0:bc:4d0c:ce45 with SMTP id yy42-20020a056a2133aa00b000bc4d0cce45mr1322845pzb.53.1676351305357; Mon, 13 Feb 2023 21:08:25 -0800 (PST) Received: from localhost.localdomain ([103.7.29.32]) by smtp.gmail.com with ESMTPSA id j22-20020aa79296000000b005a79f5d9f53sm8738919pfa.165.2023.02.13.21.08.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Feb 2023 21:08:25 -0800 (PST) From: Like Xu <like.xu.linux@gmail.com> X-Google-Original-From: Like Xu <likexu@tencent.com> To: Sean Christopherson <seanjc@google.com> Cc: Paolo Bonzini <pbonzini@redhat.com>, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 05/12] KVM: x86/pmu: Error when user sets the GLOBAL_STATUS reserved bits Date: Tue, 14 Feb 2023 13:07:50 +0800 Message-Id: <20230214050757.9623-6-likexu@tencent.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230214050757.9623-1-likexu@tencent.com> References: <20230214050757.9623-1-likexu@tencent.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757781840621286304?= X-GMAIL-MSGID: =?utf-8?q?1757781840621286304?= |
Series |
KVM: x86: Add AMD Guest PerfMonV2 PMU support
|
|
Commit Message
Like Xu
Feb. 14, 2023, 5:07 a.m. UTC
From: Like Xu <likexu@tencent.com> If the user space sets reserved bits when restoring the MSR_CORE_ PERF_GLOBAL_STATUS register, these bits will be accidentally returned when the guest runs a read access to this register, and cannot be cleared up inside the guest, which makes the guest's PMI handler very confused. Signed-off-by: Like Xu <likexu@tencent.com> --- arch/x86/kvm/vmx/pmu_intel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Tue, Feb 14, 2023, Like Xu wrote: > From: Like Xu <likexu@tencent.com> > > If the user space sets reserved bits when restoring the MSR_CORE_ > PERF_GLOBAL_STATUS register, these bits will be accidentally returned > when the guest runs a read access to this register, and cannot be cleared > up inside the guest, which makes the guest's PMI handler very confused. The changelog needs to state what the patch actually does. > Signed-off-by: Like Xu <likexu@tencent.com> > --- > arch/x86/kvm/vmx/pmu_intel.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c > index 904f832fc55d..aaea25d2cae8 100644 > --- a/arch/x86/kvm/vmx/pmu_intel.c > +++ b/arch/x86/kvm/vmx/pmu_intel.c > @@ -397,7 +397,7 @@ static int intel_pmu_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > reprogram_fixed_counters(pmu, data); > break; > case MSR_CORE_PERF_GLOBAL_STATUS: > - if (!msr_info->host_initiated) > + if (!msr_info->host_initiated || (data & pmu->global_ovf_ctrl_mask)) This is wrong. Bits 60:58 are reserved in IA32_PERF_GLOBAL_OVF_CTRL, but are ASCI, CTR_FREEZE, and LBR_FREEZE respectively in MSR_CORE_PERF_GLOBAL_STATUS. > return 1; /* RO MSR */ > > pmu->global_status = data; > -- > 2.39.1 >
On 7/4/2023 7:45 am, Sean Christopherson wrote: > On Tue, Feb 14, 2023, Like Xu wrote: >> From: Like Xu <likexu@tencent.com> >> >> If the user space sets reserved bits when restoring the MSR_CORE_ >> PERF_GLOBAL_STATUS register, these bits will be accidentally returned >> when the guest runs a read access to this register, and cannot be cleared >> up inside the guest, which makes the guest's PMI handler very confused. > > The changelog needs to state what the patch actually does. > >> Signed-off-by: Like Xu <likexu@tencent.com> >> --- >> arch/x86/kvm/vmx/pmu_intel.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c >> index 904f832fc55d..aaea25d2cae8 100644 >> --- a/arch/x86/kvm/vmx/pmu_intel.c >> +++ b/arch/x86/kvm/vmx/pmu_intel.c >> @@ -397,7 +397,7 @@ static int intel_pmu_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) >> reprogram_fixed_counters(pmu, data); >> break; >> case MSR_CORE_PERF_GLOBAL_STATUS: >> - if (!msr_info->host_initiated) >> + if (!msr_info->host_initiated || (data & pmu->global_ovf_ctrl_mask)) > > This is wrong. Bits 60:58 are reserved in IA32_PERF_GLOBAL_OVF_CTRL, but are > ASCI, CTR_FREEZE, and LBR_FREEZE respectively in MSR_CORE_PERF_GLOBAL_STATUS. CTR_FREEZE and LBR_FREEZE are only required for the guest CPUID.0AH: EAX[7:0]>3. PMU support (ASCI bit) for guest SGX isn't supported either. So for now, reusing pmu->global_ovf_ctrl_mask here is effective enough. > >> return 1; /* RO MSR */ >> >> pmu->global_status = data; >> -- >> 2.39.1 >>
On Fri, Apr 07, 2023, Like Xu wrote: > On 7/4/2023 7:45 am, Sean Christopherson wrote: > > On Tue, Feb 14, 2023, Like Xu wrote: > > > From: Like Xu <likexu@tencent.com> > > > > > > If the user space sets reserved bits when restoring the MSR_CORE_ > > > PERF_GLOBAL_STATUS register, these bits will be accidentally returned > > > when the guest runs a read access to this register, and cannot be cleared > > > up inside the guest, which makes the guest's PMI handler very confused. > > > > The changelog needs to state what the patch actually does. > > > > > Signed-off-by: Like Xu <likexu@tencent.com> > > > --- > > > arch/x86/kvm/vmx/pmu_intel.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c > > > index 904f832fc55d..aaea25d2cae8 100644 > > > --- a/arch/x86/kvm/vmx/pmu_intel.c > > > +++ b/arch/x86/kvm/vmx/pmu_intel.c > > > @@ -397,7 +397,7 @@ static int intel_pmu_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > > > reprogram_fixed_counters(pmu, data); > > > break; > > > case MSR_CORE_PERF_GLOBAL_STATUS: > > > - if (!msr_info->host_initiated) > > > + if (!msr_info->host_initiated || (data & pmu->global_ovf_ctrl_mask)) > > > > This is wrong. Bits 60:58 are reserved in IA32_PERF_GLOBAL_OVF_CTRL, but are > > ASCI, CTR_FREEZE, and LBR_FREEZE respectively in MSR_CORE_PERF_GLOBAL_STATUS. > > CTR_FREEZE and LBR_FREEZE are only required for the guest CPUID.0AH: EAX[7:0]>3. > PMU support (ASCI bit) for guest SGX isn't supported either. > > So for now, reusing pmu->global_ovf_ctrl_mask here is effective enough. And "good enough for now" is exactly how we end up with bugs, especially when "good enough" relies on assumptions that aren't well documented.
diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c index 904f832fc55d..aaea25d2cae8 100644 --- a/arch/x86/kvm/vmx/pmu_intel.c +++ b/arch/x86/kvm/vmx/pmu_intel.c @@ -397,7 +397,7 @@ static int intel_pmu_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) reprogram_fixed_counters(pmu, data); break; case MSR_CORE_PERF_GLOBAL_STATUS: - if (!msr_info->host_initiated) + if (!msr_info->host_initiated || (data & pmu->global_ovf_ctrl_mask)) return 1; /* RO MSR */ pmu->global_status = data;