Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1577898pxb; Fri, 26 Feb 2021 14:51:41 -0800 (PST) X-Google-Smtp-Source: ABdhPJxTxGLJfY6KCuBecNyE4y0mpyQIje98r3ZLSy3wGs4phuE/oZf3szd1NeKMgGvFlizfY0gs X-Received: by 2002:a17:906:33d6:: with SMTP id w22mr5720164eja.104.1614379901339; Fri, 26 Feb 2021 14:51:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614379901; cv=none; d=google.com; s=arc-20160816; b=qd6Kot5VztBpVvw1tN7zWNdEjsoUL8ypbql+W0UyXJX1bP0GZ9TXMFa/kSvmXOrbRJ H1JjCRIwq2DF/uVqw8fJlHCRGwPNEdbkn4F2FT5sNQkpPlbrgLw/FduW5s7FWnVz18l3 HPJNr+8LpoDI4w0BzDJ24IydCjMHz+Trd7OdES9CNuRZVxDHuYlJsoUxSVoHY5VGDE7P +5pdQcQjbGIS8Rz1yQyhqd3x/kfRIAYlYS80x3rOoybvk69a7MHBTYFZgQNEs5iZ/k8O Nov7g8hncdo+ut1vjRRq/6ewyGv/VhpOvhltJrK2ZfDXPlnuWx5wqnxb7cnHlYdo4ATC V7zQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=FWfKwt6kX8wvyCzXU6S1wzKG11gxPLhSQUXPm/zfyRo=; b=yXQzeop/KL51Sb5YkNk3zLkLPnnjfn5Ap5iE1y04bh/Udys5ir00Y6AssPzCzD/Tdk OVH+UyAr2NQG+/XKyJrxG9PWEg3YBVhaKas/xE5O0kd0AvMC4r+df2FRkPQKNVZ6dtIb 5Hcx+VMJoByzv0RimrdsVRGjAN1lK5yMKMgVWNpkIFwQdcsueQ7BB5J/dNNxb1ZGibR1 j1KR/fUAHd1nl55foFMiXTIe3oY1IXFZ3VsKZOsNtrvxS+w4DVFL8plssr61v7vc66aE J1fRkstDYi/8jzR2Oxv2bLnlCXA/NK8aZS5fZ33BAvITx+wQu67F45jDBi98Qo6J233n Oo8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=BFoe7wL5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j6si4607570ejt.195.2021.02.26.14.51.18; Fri, 26 Feb 2021 14:51:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=BFoe7wL5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230104AbhBZWru (ORCPT + 99 others); Fri, 26 Feb 2021 17:47:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230001AbhBZWrp (ORCPT ); Fri, 26 Feb 2021 17:47:45 -0500 Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 96FA8C06174A for ; Fri, 26 Feb 2021 14:47:05 -0800 (PST) Received: by mail-pg1-x52c.google.com with SMTP id h4so7053713pgf.13 for ; Fri, 26 Feb 2021 14:47:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=FWfKwt6kX8wvyCzXU6S1wzKG11gxPLhSQUXPm/zfyRo=; b=BFoe7wL57k1glMCiP+TaTWRj6VJ5zCjEDlz8+lad9Fzz+M+mlAFI6XqQD6dF1v9HlB ZOfON2h9r/7U4alRF/PMshKlZ+ONIj+3+l9DUuT2dl/2+r+owhnr00JhXlqTR7q2mKeu ixt7ZQ50544Lgn3fQfJJsekG3jMOhzTHEAKPCN0L0iyDauUgjvQDcn+8/TKnXJtK1rkt iHs9d8cDsU3YyRxnJVhEFn2qFjsOVO0813bQXS2YeUDtPGT7Je6Quz8ZBee4nbdyIjDF A5Gsq92iZpx4cAspVOBYQKN4x1glYF9VrpoLum8/VKGhsW+5kzXLK9Sa6Zzihj9c6ine 6mqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=FWfKwt6kX8wvyCzXU6S1wzKG11gxPLhSQUXPm/zfyRo=; b=LcPgYAmos0F0i/F2CCYEPv1/ZOW94fdh5KMiasRdzNL+igyZMAFcJlbt/VTQ7++p74 rAYaUdgrorERCRoDdcVozhIiT2ACmEdjy0Mm1RYO8hIo8mAOwDiziilAXogHDJPyU9iu jSi6p0gM5+ouw1pm++B6zUs686tWtXS7BC1iAB5upbnHWnOOKoFz+8BTo1l4+dQqhJOw OhtIcqYV1xk8K+Ivj3nDawKp+F1hK7qOHIAag6UPf/wH/w3AgxckV2HLZRtyqR/Z2w9h 2EeYz0dH3+H5NKnEjsW5s4xKdDc2b65ddG1ULtzhPh4dzV+CNcuqh3Vwcr4XMuNX0d4G oq2w== X-Gm-Message-State: AOAM531bq+Y2mcTj1ZAp+i27qH83UKjbTYua3Gu2GjdKSgdABAIdmNVu 1595+NmXUibR78PED2p8El1A5A== X-Received: by 2002:a65:62c7:: with SMTP id m7mr4776831pgv.50.1614379624821; Fri, 26 Feb 2021 14:47:04 -0800 (PST) Received: from google.com ([2620:15c:f:10:e190:bf4c:e355:6c55]) by smtp.gmail.com with ESMTPSA id y72sm10658312pfg.126.2021.02.26.14.47.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Feb 2021 14:47:04 -0800 (PST) Date: Fri, 26 Feb 2021 14:46:57 -0800 From: Sean Christopherson To: "Xu, Like" Cc: Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/2] KVM: vmx/pmu: Fix dummy check if lbr_desc->event is created Message-ID: References: <20210223013958.1280444-1-like.xu@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 24, 2021, Xu, Like wrote: > On 2021/2/24 1:15, Sean Christopherson wrote: > > On Tue, Feb 23, 2021, Like Xu wrote: > > > If lbr_desc->event is successfully created, the intel_pmu_create_ > > > guest_lbr_event() will return 0, otherwise it will return -ENOENT, > > > and then jump to LBR msrs dummy handling. > > > > > > Fixes: 1b5ac3226a1a ("KVM: vmx/pmu: Pass-through LBR msrs when the guest LBR event is ACTIVE") > > > Signed-off-by: Like Xu > > > --- > > > arch/x86/kvm/vmx/pmu_intel.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c > > > index d1df618cb7de..d6a5fe19ff09 100644 > > > --- a/arch/x86/kvm/vmx/pmu_intel.c > > > +++ b/arch/x86/kvm/vmx/pmu_intel.c > > > @@ -320,7 +320,7 @@ static bool intel_pmu_handle_lbr_msrs_access(struct kvm_vcpu *vcpu, > > > if (!intel_pmu_is_valid_lbr_msr(vcpu, index)) > > > return false; > > > - if (!lbr_desc->event && !intel_pmu_create_guest_lbr_event(vcpu)) > > > + if (!lbr_desc->event && intel_pmu_create_guest_lbr_event(vcpu)) > > > goto dummy; ... > > AFAICT, event contention would lead to a #GP crash in the host due to > > lbr_desc->event being dereferenced, no? > > a #GP crash in the host ?Can you share more understanding about it ? The original code is will dereference a null lbr_desc->event if intel_pmu_create_guest_lbr_event() fails. if (!lbr_desc->event && intel_pmu_create_guest_lbr_event(vcpu)) <- falls through goto dummy; /* * Disable irq to ensure the LBR feature doesn't get reclaimed by the * host at the time the value is read from the msr, and this avoids the * host LBR value to be leaked to the guest. If LBR has been reclaimed, * return 0 on guest reads. */ local_irq_disable(); if (lbr_desc->event->state == PERF_EVENT_STATE_ACTIVE) { <--------- kaboom if (read) rdmsrl(index, msr_info->data); else wrmsrl(index, msr_info->data); __set_bit(INTEL_PMC_IDX_FIXED_VLBR, vcpu_to_pmu(vcpu)->pmc_in_use); local_irq_enable(); return true; }