From patchwork Sun Feb 18 08:19:27 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthew Ruffell <matthew.ruffell@canonical.com>
X-Patchwork-Id: 1900596
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=185.125.189.65; helo=lists.ubuntu.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com;
 receiver=patchwork.ozlabs.org)
Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Tcz9t6y5Yz23cb
	for <incoming@patchwork.ozlabs.org>; Sun, 18 Feb 2024 19:20:02 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com)
	by lists.ubuntu.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1rbcOx-0006aq-Fe; Sun, 18 Feb 2024 08:19:55 +0000
Received: from smtp-relay-internal-1.internal ([10.131.114.114]
 helo=smtp-relay-internal-1.canonical.com)
 by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.86_2) (envelope-from <matthew.ruffell@canonical.com>)
 id 1rbcOi-0006Z6-5e
 for kernel-team@lists.ubuntu.com; Sun, 18 Feb 2024 08:19:40 +0000
Received: from mail-oi1-f200.google.com (mail-oi1-f200.google.com
 [209.85.167.200])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 9DD6040A2B
 for <kernel-team@lists.ubuntu.com>; Sun, 18 Feb 2024 08:19:38 +0000 (UTC)
Received: by mail-oi1-f200.google.com with SMTP id
 5614622812f47-3c15074df25so774690b6e.0
 for <kernel-team@lists.ubuntu.com>; Sun, 18 Feb 2024 00:19:38 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1708244377; x=1708849177;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=x/3ntWasyY6VWMGUrHss0cLbJYWcTutKrz0sUYawWhQ=;
 b=VTNwXYdJubcXXSpgomQ8FqWYe8smwOa21alMM1RVC/rgFdg4QVrkRSVDWEpU+se3iP
 HICsAkCHe02fbb+maidY22MnMC7ipH3EahC3dDWRHGAYnDlr0gZm7lBaEOPmdg0aU7Zv
 D0nSCRoDXQWNw70fCuTFD4I7TnFSdxp+OAzdbf/c6EQchmclSX1kz+NI2oLnAAE1Kq+e
 SRQtOHOwDhG0nXf0Y7D4FM94NpIQPlqQRPgownB2YQWwdjJgzVc6NbxLdQ8enqwZLRmh
 1GF23N2QD6L5WQF7gurp3QCtvwRwtglM2MJtW9dhOd1NBhsmDjA7fsf4VIl5coeoZpN+
 HcXg==
X-Gm-Message-State: AOJu0YwXLQM9LQE9XfE/b8bwdXlxZ3nAOCqRyHQNVZn3bqqnKZLM27u3
 fgpzoozb5c3P0EzPjrIg/4tzhBT8/cNnfS03kFpMms5oy6PhURdionBzUK7HK3N/y0TkWm1RJU7
 qFPpi0Yb9XNRshO1fqO0QmqiHgwKdyiWyIn4y5NDup5PUjJnXIqQFqgbc8akOggxl0sU0+0V72E
 QPSpx/pseo2A==
X-Received: by 2002:a05:6808:2204:b0:3c1:3638:e9f8 with SMTP id
 bd4-20020a056808220400b003c13638e9f8mr10016897oib.20.1708244377077;
 Sun, 18 Feb 2024 00:19:37 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IESeZlxDkMv+x2EuyjS4hrpmPmioZzee/ZlbuQRdAsFlFhBfr+FTvlWZ7Ah2Ey6ousIAKw5XA==
X-Received: by 2002:a05:6808:2204:b0:3c1:3638:e9f8 with SMTP id
 bd4-20020a056808220400b003c13638e9f8mr10016891oib.20.1708244376786;
 Sun, 18 Feb 2024 00:19:36 -0800 (PST)
Received: from ThinkPad-X1.. (222-154-76-179-fibre.sparkbb.co.nz.
 [222.154.76.179]) by smtp.gmail.com with ESMTPSA id
 k5-20020a635605000000b005dc85821c80sm2529207pgb.12.2024.02.18.00.19.35
 for <kernel-team@lists.ubuntu.com>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 18 Feb 2024 00:19:36 -0800 (PST)
From: Matthew Ruffell <matthew.ruffell@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][Mantic][PATCH 1/1] KVM: x86/pmu: fix masking logic for
 MSR_CORE_PERF_GLOBAL_CTRL
Date: Sun, 18 Feb 2024 21:19:27 +1300
Message-Id: <20240218081927.23118-2-matthew.ruffell@canonical.com>
X-Mailer: git-send-email 2.40.1
In-Reply-To: <20240218081927.23118-1-matthew.ruffell@canonical.com>
References: <20240218081927.23118-1-matthew.ruffell@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Paolo Bonzini <pbonzini@redhat.com>

BugLink: https://bugs.launchpad.net/bugs/2054218

When commit c59a1f106f5c ("KVM: x86/pmu: Add IA32_PEBS_ENABLE
MSR emulation for extended PEBS") switched the initialization of
cpuc->guest_switch_msrs to use compound literals, it screwed up
the boolean logic:

+	u64 pebs_mask = cpuc->pebs_enabled & x86_pmu.pebs_capable;
...
-	arr[0].guest = intel_ctrl & ~cpuc->intel_ctrl_host_mask;
-	arr[0].guest &= ~(cpuc->pebs_enabled & x86_pmu.pebs_capable);
+               .guest = intel_ctrl & (~cpuc->intel_ctrl_host_mask | ~pebs_mask),

Before the patch, the value of arr[0].guest would have been intel_ctrl &
~cpuc->intel_ctrl_host_mask & ~pebs_mask.  The intent is to always treat
PEBS events as host-only because, while the guest runs, there is no way
to tell the processor about the virtual address where to put PEBS records
intended for the host.

Unfortunately, the new expression can be expanded to

	(intel_ctrl & ~cpuc->intel_ctrl_host_mask) | (intel_ctrl & ~pebs_mask)

which makes no sense; it includes any bit that isn't *both* marked as
exclude_guest and using PEBS.  So, reinstate the old logic.  Another
way to write it could be "intel_ctrl & ~(cpuc->intel_ctrl_host_mask |
pebs_mask)", presumably the intention of the author of the faulty.
However, I personally find the repeated application of A AND NOT B to
be a bit more readable.

This shows up as guest failures when running concurrent long-running
perf workloads on the host, and was reported to happen with rcutorture.
All guests on a given host would die simultaneously with something like an
instruction fault or a segmentation violation.

Reported-by: Paul E. McKenney <paulmck@kernel.org>
Analyzed-by: Sean Christopherson <seanjc@google.com>
Tested-by: Paul E. McKenney <paulmck@kernel.org>
Cc: stable@vger.kernel.org
Fixes: c59a1f106f5c ("KVM: x86/pmu: Add IA32_PEBS_ENABLE MSR emulation for extended PEBS")
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 971079464001c6856186ca137778e534d983174a)
Signed-off-by: Matthew Ruffell <matthew.ruffell@canonical.com>
---
 arch/x86/events/intel/core.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
index 2a284ba951b7..410f72b9083a 100644
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -4051,12 +4051,17 @@ static struct perf_guest_switch_msr *intel_guest_get_msrs(int *nr, void *data)
 	u64 pebs_mask = cpuc->pebs_enabled & x86_pmu.pebs_capable;
 	int global_ctrl, pebs_enable;
 
+	/*
+	 * In addition to obeying exclude_guest/exclude_host, remove bits being
+	 * used for PEBS when running a guest, because PEBS writes to virtual
+	 * addresses (not physical addresses).
+	 */
 	*nr = 0;
 	global_ctrl = (*nr)++;
 	arr[global_ctrl] = (struct perf_guest_switch_msr){
 		.msr = MSR_CORE_PERF_GLOBAL_CTRL,
 		.host = intel_ctrl & ~cpuc->intel_ctrl_guest_mask,
-		.guest = intel_ctrl & (~cpuc->intel_ctrl_host_mask | ~pebs_mask),
+		.guest = intel_ctrl & ~cpuc->intel_ctrl_host_mask & ~pebs_mask,
 	};
 
 	if (!x86_pmu.pebs)