Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp6417364rwd; Mon, 5 Jun 2023 18:28:59 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5epon2rvFOX0xNdmAWLMhcB8MYgLLn1dAy1MDsOnOAllNvY4WrNxwVrxDrqFCFWUCoDbEa X-Received: by 2002:ac8:7c56:0:b0:3f9:a73b:57a2 with SMTP id o22-20020ac87c56000000b003f9a73b57a2mr528051qtv.26.1686014938963; Mon, 05 Jun 2023 18:28:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686014938; cv=none; d=google.com; s=arc-20160816; b=NXLfBnNQBlLWAGgYfqGnSTTzryVh2y3lPdwvztZlLWxgyUJU52OEESzqNKEWTnbB5r d6X/6udvR038wLv/1Weacqx7w6fCeJyESVPDLPqtCBZ3B0IGgZHJkcfOhN+vgFa2iMDR +hGDbgTpLNE4BfmBYoyacuN7FYxhc/nh0ElWJt42mNYw9z0nz4XUtu95NSshmI8BbcA4 pUqq/9tcXgn9S4VvvCa3XO49cj5aVf2BoERKyFt31cuN4U0Lx3/klo0UE4Xebcw9KX2A pUHSF/HRAdb14Yb8JLX8cnkvvPWEBkU3ybeEXR+ZfoJRdqQhtOG4FiCRuDlmDHU8PgjN 4D/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=VaC1BVyiTSACOimpWYxrbewiqoPZUcVuky2w3w58ifU=; b=AYeWPfZH0AIka0y8X5jDmI3y9JQAo8KI4kwnY0qJeDe/JE428b6xrIyJEJsyMTTEFv e95VUASblUmOFpQr4WpHsN6zYYs7ABAUzMiF2lDx+QpFAOkq3tDVd0941BraMyeK9/08 FL9gRItogydXPi63bNQ7Io3vgxvqQihY1plU4V0Bq4Zq3ZHxKYA7JjBaPo5yUToMiQMk M7KHBfSvOXlLPbQlIle4xsTnssFMGdsx1QN18FJH3MQU3SoAwUfMSQJPn7IAEZlyBXNY gBZPMrQ8teqdK/TecnqWZImGV+Ftwmn9UJwzMVD+517erYlWqBYTix+y2QnCNbTOklAR NHyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="5gX+/+yC"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d11-20020ac85acb000000b003f4e7c7c7d6si17251qtd.606.2023.06.05.18.28.44; Mon, 05 Jun 2023 18:28:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b="5gX+/+yC"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233003AbjFFAv4 (ORCPT + 99 others); Mon, 5 Jun 2023 20:51:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45114 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231302AbjFFAvy (ORCPT ); Mon, 5 Jun 2023 20:51:54 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F0C43102 for ; Mon, 5 Jun 2023 17:51:53 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-bacfa4eefcbso11987187276.1 for ; Mon, 05 Jun 2023 17:51:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1686012713; x=1688604713; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=VaC1BVyiTSACOimpWYxrbewiqoPZUcVuky2w3w58ifU=; b=5gX+/+yCPmRKoyOpvv4Qx644IBMjX8OPyZ30BerYR6ft9ojiTI5Yf0eDv07NXMuCBD 8kygK5apPu19nj6ZM9wZh9H7qyqxfV0RqplndC6aItojYMcf4jCEeV2OvQFcORsvb97Q nDzNk1mfdCHznJfYBwkxnkolKh8f5cp2usCe4koQDHjp7Bpflwnf3imWGgR21UxtyL83 ztonG340JXI0D4rgyYc7c7DKCFPrKOUQ/d2rE/fN36E9/ox6IgrFOWTr5jZmM8ENkuli T9J6CZv8WKTD2eHyrZVe7oySyIc905jZs9WhVbnfGrQIglax+ItrqGPZzNbQY6KuC2a2 5fCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686012713; x=1688604713; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VaC1BVyiTSACOimpWYxrbewiqoPZUcVuky2w3w58ifU=; b=MgXavDUZWC9b+z+9Ck28oLFpDUQXFWf1Ob5NXGkBeVXmtoOTjh9p0E8YOyXK/wtyF6 j8pipKkETwO+qgC4VHMURD8EgTLBx+d8IZUnyPK9Hbwh9m/fI1RmDzK/4BxMYRiJvoqy aC7zW3qaizc3yoRmbdqzw3+gQgFZe2S/s4Cyrlosg+094Lmawr2LhMXO49UfhN2FKSmj k4zerDwW+2Ir9e4ftwxRzYYGMU2r/Bsb+58H2wgquQYT59c6+ebhHSeR2U22Hq2I48+l GpBWgKuFY56H6VXPSvICjtVe00539ylpng9uwk5TApUBSeIfNS8oD+kWCTI8YMgf9JxC PDZA== X-Gm-Message-State: AC+VfDy2SDGvIiPeAlhNlxovRV21UM1/Lerrtb9/RlEKpWzky5MVCf8e YBeQ2MQcVKHWuSIoGXQ6saHIGFRyAqM= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:b7ce:0:b0:bb1:569c:f381 with SMTP id u14-20020a25b7ce000000b00bb1569cf381mr429767ybj.1.1686012713004; Mon, 05 Jun 2023 17:51:53 -0700 (PDT) Date: Mon, 5 Jun 2023 17:51:51 -0700 In-Reply-To: <20230504120042.785651-1-rkagan@amazon.de> Mime-Version: 1.0 References: <20230504120042.785651-1-rkagan@amazon.de> Message-ID: Subject: Re: [PATCH] KVM: x86: vPMU: truncate counter value to allowed width From: Sean Christopherson To: Roman Kagan Cc: kvm@vger.kernel.org, Dave Hansen , Jim Mattson , Like Xu , Paolo Bonzini , x86@kernel.org, Thomas Gleixner , Eric Hankland , linux-kernel@vger.kernel.org, "H. Peter Anvin" , Borislav Petkov , Ingo Molnar Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 04, 2023, Roman Kagan wrote: > diff --git a/arch/x86/kvm/pmu.h b/arch/x86/kvm/pmu.h > index 5c7bbf03b599..6a91e1afef5a 100644 > --- a/arch/x86/kvm/pmu.h > +++ b/arch/x86/kvm/pmu.h > @@ -60,6 +60,12 @@ static inline u64 pmc_read_counter(struct kvm_pmc *pmc) > return counter & pmc_bitmask(pmc); > } > > +static inline void pmc_set_counter(struct kvm_pmc *pmc, u64 val) > +{ > + pmc->counter += val - pmc_read_counter(pmc); Ugh, not your code, but I don't see how the current code can possibly be correct. The above unpacks to counter = pmc->counter; if (pmc->perf_event && !pmc->is_paused) counter += perf_event_read_value(pmc->perf_event, &enabled, &running); pmc->counter += val - (counter & pmc_bitmask(pmc)); which distills down to counter = 0; if (pmc->perf_event && !pmc->is_paused) counter += perf_event_read_value(pmc->perf_event, &enabled, &running); pmc->counter = val - (counter & pmc_bitmask(pmc)); or more succinctly if (pmc->perf_event && !pmc->is_paused) val -= perf_event_read_value(pmc->perf_event, &enabled, &running); pmc->counter = val; which is obviously wrong. E.g. if the guest writes '0' to an active counter, the adjustment will cause pmc->counter to be loaded with a large (in unsigned terms) value, and thus quickly overflow after a write of '0'. I assume the intent it to purge any accumulated counts that occurred since the last read, but *before* the write, but then shouldn't this just be: /* Purge any events that were acculumated before the write. */ if (pmc->perf_event && !pmc->is_paused) (void)perf_event_read_value(pmc->perf_event, &enabled, &running); pmc->counter = val & pmc_bitmask(pmc); Am I missing something? I'd like to get this sorted out before applying this patch, because I really want to document what on earth this new helper is doing. Seeing a bizarre partial RMW operation in a helper with "set" as the verb is super weird.