Received: by 2002:a05:7208:3228:b0:82:47:81bb with SMTP id cb40csp547921rbb; Fri, 12 Apr 2024 09:03:14 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWWmFq+e+P4CLnIwZK/NR1rIm/04rbqwTODFrZqfyyfpUOE/fKKqXwQM1VrIh3y0I/s91eYaMkHzLmaXvOodXtBoCb+7+4D2yo1QOnU5g== X-Google-Smtp-Source: AGHT+IHj+YXFfFFita2H23akdK8gwvZePABTuM2bvxyVHFFfxg5bvmzrkKpPrXEENPTJ0tf4CzUT X-Received: by 2002:a05:6122:2009:b0:4da:a82e:95f5 with SMTP id l9-20020a056122200900b004daa82e95f5mr3091522vkd.5.1712937794606; Fri, 12 Apr 2024 09:03:14 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712937794; cv=pass; d=google.com; s=arc-20160816; b=z7nJsWVlhJU/lsY7qN/S2wG2UEr2SiLS2jxQj8gXorRlaw6HJz/rePqsqDjLyFPH0G OY/EWMhZ9TpS0eftM07kwbYqT3m45c7akil/T6u42AZUqgBSrAi5Q2EBHtVZs9cbWttX vaFvmE6Bn7RBzNOsSDXRSFQco/JSq5L4FdXg2As/ztMrhIsIIIUNv3yUzca9nvCLMxdm Z+RbfRi9HE4lJTYGQDzBdVf2VKSlFL6mvCCTEQ/K2pSZXNnZX4TR5LQxS74MrSvgfs/z 4Qxsy+J/c20lYd1+rRQ0EX9gezOHbj8vnh425qY3vQ7tKr7wf2m1A3onmIj80US7aVt7 jEWg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :in-reply-to:date:dkim-signature; bh=7zE2NMeREY9M0RzVWCwQFXSSfNx2GjxIaqj3+nSSE88=; fh=maJhqLdcBYNgJzS0oTkvquDuw8diJWCSO7iFbIhAx8U=; b=u7J6Y3LZPe6RYS6UIfubapZYYQsu5Nrt/wSLrirBBAH8Jwbhe2L9BNfm0n5yuWhaJE BmVf6+m1C9K5zdevuL/7THwuGuw/gXNs/lc/OZxnjxKmvt71vQQfMqR4iDFI7o1ZFN0F 8ZZW1fPerpCdJ2ovQi893Wlj5ejkJuUAIeu8CJCuGySwzK/7Y5+0EE3MCDlbv+19Hz8d 654/y5yi6MKxqJAJA+QfMbMX83p6/EDDRJy/BUp/eklfxJ6QdrHSpCGG5a/IpsG9Y5PP kvjecEU9kr2UvAjdyMww3UjXRbK0tI7JhbEmBBPKgCuggSXF49qtuXH17OXle3aE3Vhd d83w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Xv8SKoQu; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-143000-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-143000-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id bl38-20020a05610250a600b0047a94362a8bsi278514vsb.388.2024.04.12.09.03.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Apr 2024 09:03:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-143000-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Xv8SKoQu; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-143000-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-143000-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 1FD461C20993 for ; Fri, 12 Apr 2024 16:03:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4304B149016; Fri, 12 Apr 2024 16:01:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Xv8SKoQu" Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 130671487F6 for ; Fri, 12 Apr 2024 16:01:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712937716; cv=none; b=hjwYqLLTyLWg4qBWTNa1vbcUJMgWRwm7/GPoIZKGJDy2ovlYU/ZhSG0rm82ivi/SMcJLL5SJOIiOsL7HKJInD5ehHi8zZj+yvunoITotTVC0GiNsztIp20Ug63mPn8tgt8HTu8wyOCDV2DiYZzToXXiyVCGT17juuLNRAyQKRIM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712937716; c=relaxed/simple; bh=29mMxzABJNu2s6sXXHWuTqJmU9ZiVLQYln8kPDantDM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Txli5SCUlZn7M8C9kdVB1Ns4h6kCrYC+ruc3rCW0yPcLuUZkZcXnYIXajwiGDhI0EBAQsAZ7MbFqK1PAOztpptczwoJBODhq9ObYHx/9fAkD1H9MLnihgIG0iz89T0xi/VAJvJqvz2oL0T+aBbInIF5OYfR3cymgg4YJJlvxOSc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Xv8SKoQu; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2a6f2c7c1b8so775738a91.1 for ; Fri, 12 Apr 2024 09:01:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712937714; x=1713542514; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=7zE2NMeREY9M0RzVWCwQFXSSfNx2GjxIaqj3+nSSE88=; b=Xv8SKoQuY/mTjeQyYKDLH/lyGjpzQM1s2vyQFMUcc9Fgk7LIEVxFZmCc2GHJNro/1Y z3iwG2NxaEFVdgEZVwgphJTR+zPnu5F+kIdv87w4XZwpEDp/XPMWanc0d+yT2hFQxzGZ eXQmkVHJGvcIikUyLSfpnxewE1WXsuFf+ILmjaEM8iCtSFppU+ZD9Sx3zEtTk4RrKDdm Nq5FQp0Qk3sQ72qD6f6llk1A3Av2t1qht/PDS9W6FGiGdGdRTvgP8MazmUYeRSb05Nzr V7hNr3Th1junatKzNhdmg9bsdcL2i3gvWjfBE+UAb/P5+5Z3fiziiXwpJcbwVP7VgO5g UaTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712937714; x=1713542514; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=7zE2NMeREY9M0RzVWCwQFXSSfNx2GjxIaqj3+nSSE88=; b=LRMt8Dl7xOyuFlm4mrrBiqmkb8heVuDsktdbh6uMRLdq12EDpnNq9pqeqjhkJqCwAb GbEG3fqeEoMtdQUz5csnSZy9GL6PTJcM64db+372ko6z2wTc6guhGiqIRmx1Ljjyh13R l0l01XMmAWx5TzDBTZFOGwAsIBXE0qTGDAtZxVGfuv52psFGp0CHrEubnVp0ixacD4WF LpLQVjGE27BRfIguOOY2AXkjH/2DhK1DJnGb9KLtZ4p5E4Mb+MAb/1W/pfeFCzOFyHel mT91gPafZ2bb2uTvZQ91AZW4rAAztRawwcK6iy8WoGPiMPQGk6wscR3m2OOpmmbsEgr5 TeyQ== X-Forwarded-Encrypted: i=1; AJvYcCXhtnw5PQl9GM+AHPdIiMGlRPSlZfQZt5G4Kox8AYKf4kJuDkszWc8X3vYxKRvVFuzn/hXv8xxc36SDfxMmUhJv4BcipojU+D+eONM1 X-Gm-Message-State: AOJu0YwfKslQ9zWFM/3C28fOWdsvVvjxIfeHMqXXjkXZH/pAm2LXLAkB Y2Qguxot72WfyX5d6Qw+cmPPmFDaVQtEWMYJE7+eCinopSZ1He4Emv0woKfw/D7oEWH+ewLMaOe O9Q== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90a:66cf:b0:2a5:227f:dd7c with SMTP id z15-20020a17090a66cf00b002a5227fdd7cmr8569pjl.1.1712937714332; Fri, 12 Apr 2024 09:01:54 -0700 (PDT) Date: Fri, 12 Apr 2024 09:01:52 -0700 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240126085444.324918-1-xiong.y.zhang@linux.intel.com> <20240126085444.324918-19-xiong.y.zhang@linux.intel.com> Message-ID: Subject: Re: [RFC PATCH 18/41] KVM: x86/pmu: Intercept full-width GP counter MSRs by checking with perf capabilities From: Sean Christopherson To: Jim Mattson Cc: Xiong Zhang , pbonzini@redhat.com, peterz@infradead.org, mizhang@google.com, kan.liang@intel.com, zhenyuw@linux.intel.com, dapeng1.mi@linux.intel.com, kvm@vger.kernel.org, linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org, zhiyuan.lv@intel.com, eranian@google.com, irogers@google.com, samantha.alt@intel.com, like.xu.linux@gmail.com, chao.gao@intel.com, Xiong Zhang Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Thu, Apr 11, 2024, Jim Mattson wrote: > On Thu, Apr 11, 2024 at 2:23=E2=80=AFPM Sean Christopherson wrote: > > > > On Fri, Jan 26, 2024, Xiong Zhang wrote: > > > From: Mingwei Zhang > > > > > > Intercept full-width GP counter MSRs in passthrough PMU if guest does= not > > > have the capability to write in full-width. In addition, opportunisti= cally > > > add a warning if non-full-width counter MSRs are also intercepted, in= which > > > case it is a clear mistake. > > > > > > Co-developed-by: Xiong Zhang > > > Signed-off-by: Xiong Zhang > > > Signed-off-by: Mingwei Zhang > > > --- > > > arch/x86/kvm/vmx/pmu_intel.c | 10 +++++++++- > > > 1 file changed, 9 insertions(+), 1 deletion(-) > > > > > > diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_inte= l.c > > > index 7f6cabb2c378..49df154fbb5b 100644 > > > --- a/arch/x86/kvm/vmx/pmu_intel.c > > > +++ b/arch/x86/kvm/vmx/pmu_intel.c > > > @@ -429,6 +429,13 @@ static int intel_pmu_set_msr(struct kvm_vcpu *vc= pu, struct msr_data *msr_info) > > > default: > > > if ((pmc =3D get_gp_pmc(pmu, msr, MSR_IA32_PERFCTR0)) |= | > > > (pmc =3D get_gp_pmc(pmu, msr, MSR_IA32_PMC0))) { > > > + if (is_passthrough_pmu_enabled(vcpu) && > > > + !(msr & MSR_PMC_FULL_WIDTH_BIT) && > > > + !msr_info->host_initiated) { > > > + pr_warn_once("passthrough PMU never int= ercepts non-full-width PMU counters\n"); > > > + return 1; > > > > This is broken, KVM must be prepared to handle WRMSR (and RDMSR and RDP= MC) that > > come in through the emulator. >=20 > Don't tell me that we are still supporting CPUs that don't have > "unrestricted guest"! Sigh. Heh, KVM still supports CPUs without VMX virtual NMIs :-) Practically speaking, if we want to eliminate things like emulated WRMSR/RD= MSR, a Kconfig to build a reduced emulator would be the way to go. But while a = reduced emulator would be nice for host security, I don't think it would buy us muc= h from a code perspective, since KVM still needs to handle host userspace MSR acce= sses. E.g. KVM could have conditional sanity checks for MSRs that are supposed to= be passed through, but unless a reduced emulator is a hard requirement for pas= sthrough PMUs, we'd still need the code to handle the emulated accesses. And even i= f a reduced emulator were a hard requirement, I'd still push for a WARN-and-con= tinue approach, not a "inject a bogus #GP because KVM screwed up" approach.