Received: by 2002:a05:7412:d1aa:b0:fc:a2b0:25d7 with SMTP id ba42csp1739059rdb; Wed, 31 Jan 2024 07:43:45 -0800 (PST) X-Google-Smtp-Source: AGHT+IFJiqrEWnaOcQJVzK93kEEVLqRWwG7Ck6B0XJeXPwr413VZwkvPJhiJ+9gF9Gi9CjMW0QXs X-Received: by 2002:a50:9e67:0:b0:55f:43af:4a29 with SMTP id z94-20020a509e67000000b0055f43af4a29mr1303725ede.18.1706715825239; Wed, 31 Jan 2024 07:43:45 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706715825; cv=pass; d=google.com; s=arc-20160816; b=NkOi0fpddnx3yiCqje4KHEHgulXsE2tPZ36IUVKMgyBiYTHIuw5W6vt7FuobMmGls7 KoUbwQako3uNlVbStjlfkGSDTveQwT+W6ZDCHYcjEBK4OK84vLXu43b1nJ45uTqFGgb5 OppYF9BakqL/aIYGBYp3CYY9ThP5AmEj6MRyj6lhgkuTtzWx0VqDt7iYd5FwK4TRe53V rlfvOVnbN1NHFcy7skf5O18NhVfo+Sjo2WFUftdNf+qaHxnShmeTCmy2a5mekqcbBZeA FOPskSga4N3X/4XYyvHuYP35H3WPruJLjd2y4aBbRVfKrobWIPrMZWfRhmBA4gMLaQgL Ie6Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=rXirN1TSqSLWWOLHNkxUHkuNKeZ8QnnuiK8GRbGZ3WI=; fh=rwtEk/yYvA9X9HOKVsahSi7zPFLxq29st3N8Dv/oRVY=; b=W+3PCZfuy2jdkzZ8Kma4Gb1gfXwmrHrKTGXhByrkmu98fbTVO7zfinIn//+QC0S1KT SFGNHMac5ePC5sLB0ZGhgXbShytERoPXgMlbHnD/QBWV7avYSzLJ80IB96DcX2Usp36N RHNqQA3dDxSMY5gcAbGsAzTx86SUZEcPNKhHdLLD7p3ccnUNTIHatmWRweMvpn80lXXU KDlGzoWT60C9LtHl30oKKxWxLT6Zpx/m6mfKD2KlYkcXAJsctdveNBDVIASsAi6rOkYk f8d8iUHzOSBddXCH+djdYIKjKU6eWEBcavbUE/0DYJSWxUzf79r9ExBBjI0o7bRxwwGb 98gQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=nZUKm2bO; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-46732-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-46732-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Forwarded-Encrypted: i=1; AJvYcCVUilEegh2vTa0MBLIHdhTxv7alAFUwj28654he1xZqBCv358sw3p6C8yhchJ/S8akpAx9h8QJ4RKiPRF3FkoL4Zll1qehjxiWBSiCBWA== Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id q25-20020aa7d459000000b0055ef9f8b135si3388686edr.404.2024.01.31.07.43.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jan 2024 07:43:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-46732-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=nZUKm2bO; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-46732-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-46732-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 040AF1F23046 for ; Wed, 31 Jan 2024 15:43:45 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 607E8129A9C; Wed, 31 Jan 2024 15:43:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="nZUKm2bO" Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 218AF80C07 for ; Wed, 31 Jan 2024 15:43:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706715813; cv=none; b=Mped+qu/7mevDuXDpmzzCsBbXezV7ppxs2Whjke8Meo7mt4o2c4HQ9pqcetefrr0xzNhasBw6YRR9wQeeI2CT1ATF3D2UsG4gfxZBWGYK4DJvpHrDYFJr2WjoOk3JOTa/I7GfJuHLApTNKkLdQ/uu3u8Rlcs0Qn8SW2QFei53bk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706715813; c=relaxed/simple; bh=vhbrZMHFjelXGRFhJ+BjMGubacmhxkKYeRxhEF4X3Wg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=DFPzsvZsDOeYVq/Q7iR/MhiVORXJZnnauFTk2U8f7TYi/9xxIuHr/nUHTlQj8AgCjRM3oyX3YUH8r5AQQMgqGHWugpHbqYHQfPh+QYI7LsUC5yPc/GL2IvjGt894huYAtCzGxV0UYXvu8szatZNZZYgSx8g4sZdrvS8+RpygUGA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=nZUKm2bO; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-60404484c23so23311037b3.1 for ; Wed, 31 Jan 2024 07:43:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706715811; x=1707320611; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=rXirN1TSqSLWWOLHNkxUHkuNKeZ8QnnuiK8GRbGZ3WI=; b=nZUKm2bOv4Y/oKKlz7W08nhMwawd3ALiBhncqSJXQONTBJWACJvQOsl8sUaJ/mnTxK Pw6SemBuJSNhNzBfJTU/H6PqjnVinmKWmqeTgLKQsz9XkdA+MuGjyv81WMZIIBCmwt7i /kAex6UlC3z7Wk7N08RX+WQlQfA6L4AbHADXbAQCiNX1mMnzJG6LJQ3lD1rzdSh6Jexk 7M9pu4Q7B0Yz1OqoKlngXKTvFNjCRr63x2l3wNcqkj9tngcK1XaIbWuyMRWfGlfWDa+9 8kNaj66Q2T8ZR5OaWbvC7IS5AzS1wi5my9Uj/k0O+oOkAco0FOGkTiNcNJs5CULgqvoc TYJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706715811; x=1707320611; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rXirN1TSqSLWWOLHNkxUHkuNKeZ8QnnuiK8GRbGZ3WI=; b=jVGtUWP15rCNrzoRf2+8So/xjSjR+WfxbimeA2OFizufL9tBhOlAXp6xj09e4Y2CiP u6LTxe1hL7YfE7mlDMTwTa2HnKVC8M8pb3Z9U0j5qGGplrs1LL5GH9h/qjtXHnFDd4HX 5bU3hA4WPVdUY0kJ72LIiybgG5sJAdVn/dp9LEmjgyuJvpDm31ka9jIuIdIh65rvNqiT 9Kr5bDxVeT1wAb5AldRtetERY4Ph1knB3On64ManW4noHkXTzRuMSDVVnZ03/3p2GywM ijrrSUwOkncqfGEvmKilJVuVQbXH3tmVfQECjfNLGVMTw8+k9jRMiAOnmt5rBtm1h7yg aOIA== X-Gm-Message-State: AOJu0YyFJrsTl/8RFKEPWH7lo0lmlNwb02T+7VZcn2b65mvGHBw75AoR gZjJQHbUQegYRRlwZKj4ZwV/r/V7NdkJlNZme8flEprXrAaIDnH11jJKO7R+cpFV9GgKebQunLy OLQ== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a81:4cd5:0:b0:604:9ba:9a03 with SMTP id z204-20020a814cd5000000b0060409ba9a03mr394475ywa.2.1706715811197; Wed, 31 Jan 2024 07:43:31 -0800 (PST) Date: Wed, 31 Jan 2024 07:43:29 -0800 In-Reply-To: <20240123221220.3911317-1-mizhang@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240123221220.3911317-1-mizhang@google.com> Message-ID: Subject: Re: [PATCH] KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl From: Sean Christopherson To: Mingwei Zhang Cc: Paolo Bonzini , "H. Peter Anvin" , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="us-ascii" On Tue, Jan 23, 2024, Mingwei Zhang wrote: > Fix type length error since pmu->fixed_ctr_ctrl is u64 but the local > variable old_fixed_ctr_ctrl is u8. Truncating the value leads to > information loss at runtime. This leads to incorrect value in old_ctrl > retrieved from each field of old_fixed_ctr_ctrl and causes incorrect code > execution within the for loop of reprogram_fixed_counters(). So fix this > type to u64. But what is the actual fallout from this? Stating that the bug causes incorrect code execution isn't helpful, that's akin to saying water is wet. If I'm following the code correctly, the only fallout is that KVM may unnecessarily mark a fixed PMC as in use and reprogram it. I.e. the bug can result in (minor?) performance issues, but it won't cause functional problems. Understanding what actually goes wrong matters, because I'm trying to determine whether or not this needs to be fixed in 6.8 and backported to stable trees. If the bug is relatively benign, then this is fodder for 6.9. > Fixes: 76d287b2342e ("KVM: x86/pmu: Drop "u8 ctrl, int idx" for reprogram_fixed_counter()") > Signed-off-by: Mingwei Zhang > --- > arch/x86/kvm/vmx/pmu_intel.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c > index a6216c874729..315c7c2ba89b 100644 > --- a/arch/x86/kvm/vmx/pmu_intel.c > +++ b/arch/x86/kvm/vmx/pmu_intel.c > @@ -71,7 +71,7 @@ static int fixed_pmc_events[] = { > static void reprogram_fixed_counters(struct kvm_pmu *pmu, u64 data) > { > struct kvm_pmc *pmc; > - u8 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl; > + u64 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl; > int i; > > pmu->fixed_ctr_ctrl = data; > > base-commit: 6613476e225e090cc9aad49be7fa504e290dd33d > -- > 2.43.0.429.g432eaa2c6b-goog >