From nobody Mon Jun 8 09:48:36 2026 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8D9C3ED5C7 for ; Wed, 3 Jun 2026 23:19:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780528750; cv=none; b=MmZfCGmkHSEy2p5PnSn1eyZ2QMKF2nS9RA9o1qFpl/tP3XRYP5+s/XR6OdOBfIKSnqIiWaOKfJu1UuH7K5VwM9J2LhLpXXG074v5Sx9E5SzGYMABLTYbEz7EE3vq1S15rTynbxjIUfgFYq8VoETYvavTp0UY2k6bb1WBMClA2XU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780528750; c=relaxed/simple; bh=Gqv2xee4TZDFvnv+AVdCJd2X/zl2qBOenv++IKWNhcs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Pkg6M0aKSJ5J9Se8QFRsMQBfBBGjdoPKUCcGNdxVQQ6g9akFMBhjlFaA6ezxnM+eXah/OoCjx88T7Ov+3Q+YH1xCKpeKd8NkDX3O9NVYZNmaX6tQA4K96Qdu0gv1/2fSQvJTgi9LXtJJHSuouew4PDJPKIYS5l/7uTwY5pbJOjY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=k9K/p6px; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="k9K/p6px" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-8422382178bso42630b3a.2 for ; Wed, 03 Jun 2026 16:19:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1780528749; x=1781133549; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=YCvNgkXpGChYkT9tZle/L+mr+f+wzd2BzbvRltvkljI=; b=k9K/p6pxq4eUa25itzAkonBNQ7poMV6ItqP2qLIqwDAdxXBCDGI8Z6usCoq+qoc/r4 IyusVH+Wjbdgz4+1PkdBDcPbE7WtvtzDa7QmJ+LG9UYRGyt9rmCc5FgPPNeKMojr3wD7 xqGsG0jhfJ/htjZKfWtlouzWlJcqo+VsOBxtgbDaGcnu6HLrf+Nl6sjHKH7FK7hq7NCW lnbsfjKXm3nq1peu/5cIkUCUYa6PKHDhabTKHiICisINdUhNCgTbU9nc1sEGZPU100V6 DjLPxxsW2Oc9PU91QV+MuzjV92Fj4nk7bKMyMrY5tisNpOJKf29YJIV4IViqsbThzPCJ gwhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780528749; x=1781133549; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YCvNgkXpGChYkT9tZle/L+mr+f+wzd2BzbvRltvkljI=; b=Z3A3aMiQVa+oru6BcJZz+303wypaqrvGy3Ns/38BgMVeveBYvLqIi16MdZsNs1IGgC Tq1pSWxeT7b8uHZLzaPSdmq6pWUAoBle6ndzjv5XGbglGjh7bvKQN9V1Ce7P4ULGGam1 IcJA6cz79oAUZzl0zfCRFhSUm1N8IhV+IHrVRVqor+aZ9KlVzLgf04e45FNUS4Yi1tyl odo5wadxomnbu5l4XU2eak4noySP0dkKjmJ428Gv1WSAECZSrE30zabjotk9eoBsOVYT qSZrvFEKVoVj3pDAYi4D5byPpDI9rL7cBVuniZfNxRr+d3IMLNxJUuhwJJDTC0ax5+q4 xQEw== X-Forwarded-Encrypted: i=1; AFNElJ+7cCo9rK1zaweXm8a01lmaajJrMiyXqEwEEna317Eg+ESYOWNx5IbTCF9/pSsWzdUd0T0dP6YeEIwbNDE=@vger.kernel.org X-Gm-Message-State: AOJu0YwOH5SOTfPOAUcEABuF+LsuiQb9TbFibk57wmw0X/GGNP5CjV3X +hlHlWQSA7R4AzHrsiTGhNthgsz+d7JVaHNKevdsATY2kOx2Ok919i3JoZygzrqb3f0wmGBzxp7 qvktapA== X-Received: from pfbky7.prod.google.com ([2002:a05:6a00:6f47:b0:842:58c7:c162]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:3288:b0:82c:ebae:3cb with SMTP id d2e1a72fcca58-84284f0d090mr4815454b3a.43.1780528748657; Wed, 03 Jun 2026 16:19:08 -0700 (PDT) Reply-To: Sean Christopherson Date: Wed, 3 Jun 2026 16:19:04 -0700 In-Reply-To: <20260603231905.1738487-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260603231905.1738487-1-seanjc@google.com> X-Mailer: git-send-email 2.54.0.1032.g2f8565e1d1-goog Message-ID: <20260603231905.1738487-2-seanjc@google.com> Subject: [PATCH 1/2] KVM: x86/pmu: Use hardware value when reprogramming for FIXED_CTR_CTRL changes From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Sashiko Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When (conditionally) reprogramming fixed counters, use the hardware value of FIXED_CTR_CTRL to detect changes, not the guest's original value. For guests with a mediated PMU, overwriting fixed_ctr_ctrl_hw at the start of reprogramming without actually reacting to changes in fixed_ctr_ctrl_hw can lead to KVM ignoring PMU event filters. E.g. if the guest attempts to enable a fixed PMC that is disallowed, and then toggles a different PMC in a subsequent WRMSR, KVM will update pmu->fixed_ctr_ctrl_hw and reprogram the PMC that is changing, but not the others that are now effectively enabled in pmu->fixed_ctr_ctrl_hw. Note, the perf-based PMU is unaffected, as it doesn't use fixed_ctr_ctrl_hw (which is also why keying off fixed_ctr_ctrl_hw works for both PMUs. Note #2, fixed_ctr_ctrl_hw won't mess up pmc_in_use either, because the latter isn't used by the mediated PMU. Its purpose is solely to release perf events that are no longer being actively used, and the meadiated PMU obviously doesn't create perf events. Reported-by: Sashiko Closes: https://lore.kernel.org/all/20260528005419.0228F1F00A3A@smtp.kernel= .org Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/pmu_intel.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c index 453cb3d3ec9b..a73a9515d96c 100644 --- a/arch/x86/kvm/vmx/pmu_intel.c +++ b/arch/x86/kvm/vmx/pmu_intel.c @@ -56,8 +56,16 @@ static struct x86_pmu_lbr *vcpu_to_lbr_records(struct kv= m_vcpu *vcpu) =20 static void reprogram_fixed_counters(struct kvm_pmu *pmu, u64 data) { + /* + * Compare against the value the mediated PMU shoves into hardware, not + * the guest's desired value. For the emulated PMU (proxied via perf), + * they are one and the same (fixed_ctr_ctrl_hw isn't used other than + * here). For the mediated PMU, KVM needs to reprogram the actual MSR, + * and so needs to react to potential changes in the value shoved into + * hardware, e.g. to ensure the event filter is enforced. + */ + u64 old_fixed_ctr_ctrl =3D pmu->fixed_ctr_ctrl_hw; struct kvm_pmc *pmc; - u64 old_fixed_ctr_ctrl =3D pmu->fixed_ctr_ctrl; int i; =20 pmu->fixed_ctr_ctrl =3D data; --=20 2.54.0.1032.g2f8565e1d1-goog From nobody Mon Jun 8 09:48:36 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EFE284DD6CA for ; Wed, 3 Jun 2026 23:19:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780528753; cv=none; b=BgWDJYR0zMHD7jEmo6PA8aXLrpByLnG4SiYXMDplj1yJ22kzg0kKV/lorV/8TAjLF2A1Lo0flmLZ8E5EkvvGOfsv+Rmvw7DAFEbDt6QVnh1+Z1tvyTUPAVn6L+bx3hKw26Qqyk0WzeVExTnrKfLxLu1Xx3MDzgqGZHfcb0PNUeM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780528753; c=relaxed/simple; bh=JlVNuBH3ZTrsFDPhxWaTdMzb4rxpIfWyCAqBn64489c=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=OuvjA4ZxCnPwi2chNJVPYhA0n+VoFSkib/xRZa1WBC4nNoh6cRlFbI1ZSVch/4rvFQiOP2P9TiY11GmJk8f+/lZSDCDamntDXOQZL24z54+2xX6C1AXODUD5bN1yusPaySh306HCjtWJBocurLUO51QLR7jhTrMk3zvfNPXC20s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=TjiWUoCs; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TjiWUoCs" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-36db995d083so45664a91.0 for ; Wed, 03 Jun 2026 16:19:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1780528750; x=1781133550; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=XkLs+pFHj7cSRYqiRASqlr+WFuql8+seMsgEbvBQP6s=; b=TjiWUoCsD/HeR1kAtZMoxmGhImWMaA8YD0oKatFnLLy7tyZjtgyfOtdIzYPU3Xkxau A0LU9y6+v9PAoYYW0y595Ikp6jiCe1INeIWMfBc2679mwC8SD3f4TLjlviVticQoyXEg Z83DQMOtgcTfZ+1cOT2X3OfYHDlbnisaKR2iBThdfuvwDO2FAp4UdnTES3FWr2/eqq6t vzrWPhs8LWZJ+HgD1EqntgjSJd3C6kYcgukPzHkzqj4gjqSrbrMubFc1LLCvXsD2cTE6 8PRAwo9S/xZkGYN2RzY04UcSu8/HNRTbGlrG2OjS72GiPL0nAPUTpnZ6GmSbSNyPC4KV TbSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780528750; x=1781133550; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XkLs+pFHj7cSRYqiRASqlr+WFuql8+seMsgEbvBQP6s=; b=JuyBC/Dkq8Rtsm2m7UqPoJs8xaz5IJprLznlOYztFUyQMJvVV0d0WfUw2jLfO+lNFU TVR23fMS8Y9omS7UlTxs4PqIzGmiGhEVKPydAhHRmyLfy2VGdEB3TMAMUOaCY9kPETx+ wP7Wwz1S1LFFT0qWMcZ5GV09e71cb2ypnmMuOftyndJKehsK2xiMS7VqugMThh153jRm bikAMPciqrMvNzrvyNjdbZUrMR+ruw2tHycZGdkGdYLVxrKd7y9IfnbuznBXN3ykSHjh a8VjehVQtZQyThYWQcvuQAIMbyHuC+1m+HIIA8xsZTcle/AZHFaYY9x79Hekid5r8GDE 5b9w== X-Forwarded-Encrypted: i=1; AFNElJ8JvcKt0bDIVH1VFdk5tKtBa0ztOYBEyVG+sXzH3qKdwRgMYvV0IqDaIi3y8NwbJH7vKcHh1xOhUY+jwrA=@vger.kernel.org X-Gm-Message-State: AOJu0Yxo9wsOjh6kgINYdzHo2QWtYsO3xkrPV6K7QPP+LIiYaAr0HqMC cjudvoyHvzalxPl6DGHZZS/Ggiqw1VJhb2CKLsK0yKeFBcl4wtGTdgMFJp9P/MfcklwWrGk5bkK te8lsqw== X-Received: from pjtf7.prod.google.com ([2002:a17:90a:c287:b0:36b:8553:3c3a]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2d46:b0:36b:218c:719e with SMTP id 98e67ed59e1d1-36e32f1667dmr4975212a91.21.1780528749979; Wed, 03 Jun 2026 16:19:09 -0700 (PDT) Reply-To: Sean Christopherson Date: Wed, 3 Jun 2026 16:19:05 -0700 In-Reply-To: <20260603231905.1738487-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260603231905.1738487-1-seanjc@google.com> X-Mailer: git-send-email 2.54.0.1032.g2f8565e1d1-goog Message-ID: <20260603231905.1738487-3-seanjc@google.com> Subject: [PATCH 2/2] KVM: selftests: Add regression test for mediated PMU fixed counter filter bug From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Sashiko Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a regression test where KVM would inadvertently ignore PMU event filters on writes that change _some_ bits in FIXED_CTR_CTRL, but not the enable bits for PMCs that are denied to the guest. Signed-off-by: Sean Christopherson --- tools/testing/selftests/kvm/x86/pmu_event_filter_test.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/testing/selftests/kvm/x86/pmu_event_filter_test.c b/tool= s/testing/selftests/kvm/x86/pmu_event_filter_test.c index c1232344fda8..84e4c6ca67a3 100644 --- a/tools/testing/selftests/kvm/x86/pmu_event_filter_test.c +++ b/tools/testing/selftests/kvm/x86/pmu_event_filter_test.c @@ -731,6 +731,8 @@ static void test_filter_ioctl(struct kvm_vcpu *vcpu) =20 static void intel_run_fixed_counter_guest_code(u8 idx) { + u8 nr_fixed_counters =3D this_cpu_property(X86_PROPERTY_PMU_NR_FIXED_COUN= TERS); + for (;;) { wrmsr(MSR_CORE_PERF_GLOBAL_CTRL, 0); wrmsr(MSR_CORE_PERF_FIXED_CTR0 + idx, 0); @@ -738,6 +740,10 @@ static void intel_run_fixed_counter_guest_code(u8 idx) /* Only OS_EN bit is enabled for fixed counter[idx]. */ wrmsr(MSR_CORE_PERF_FIXED_CTR_CTRL, FIXED_PMC_CTRL(idx, FIXED_PMC_KERNEL= )); wrmsr(MSR_CORE_PERF_GLOBAL_CTRL, FIXED_PMC_GLOBAL_CTRL_ENABLE(idx)); + if (nr_fixed_counters > 1) + wrmsr(MSR_CORE_PERF_FIXED_CTR_CTRL, + FIXED_PMC_CTRL(idx, FIXED_PMC_KERNEL) | + FIXED_PMC_CTRL((idx + 1) % nr_fixed_counters, FIXED_PMC_KERNEL)); __asm__ __volatile__("loop ." : "+c"((int){NUM_BRANCHES})); wrmsr(MSR_CORE_PERF_GLOBAL_CTRL, 0); =20 --=20 2.54.0.1032.g2f8565e1d1-goog