Re: [PATCH v9 09/28] KVM: x86/pmu: Disallow "fast" RDPMC for architectural Intel PMUs

["Mi, Dapeng" <dapeng1.mi@linux.intel.com>]

On 12/2/2023 8:03 AM, Sean Christopherson wrote:
> Inject #GP on RDPMC if the "fast" flag is set for architectural Intel
> PMUs, i.e. if the PMU version is non-zero.  Per Intel's SDM, and confirmed
> on bare metal, the "fast" flag is supported only for non-architectural
> PMUs, and is reserved for architectural PMUs.
>
>    If the processor does not support architectural performance monitoring
>    (CPUID.0AH:EAX[7:0]=0), ECX[30:0] specifies the index of the PMC to be
>    read. Setting ECX[31] selects “fast” read mode if supported. In this mode,
>    RDPMC returns bits 31:0 of the PMC in EAX while clearing EDX to zero.
>
>    If the processor does support architectural performance monitoring
>    (CPUID.0AH:EAX[7:0] ≠ 0), ECX[31:16] specifies type of PMC while ECX[15:0]
>    specifies the index of the PMC to be read within that type. The following
>    PMC types are currently defined:
>    — General-purpose counters use type 0. The index x (to read IA32_PMCx)
>      must be less than the value enumerated by CPUID.0AH.EAX[15:8] (thus
>      ECX[15:8] must be zero).
>    — Fixed-function counters use type 4000H. The index x (to read
>      IA32_FIXED_CTRx) can be used if either CPUID.0AH.EDX[4:0] > x or
>      CPUID.0AH.ECX[x] = 1 (thus ECX[15:5] must be 0).
>    — Performance metrics use type 2000H. This type can be used only if
>      IA32_PERF_CAPABILITIES.PERF_METRICS_AVAILABLE[bit 15]=1. For this type,
>      the index in ECX[15:0] is implementation specific.
>
> Opportunistically WARN if KVM ever actually tries to complete RDPMC for a
> non-architectural PMU, and drop the non-existent "support" for fast RDPMC,
> as KVM doesn't support such PMUs, i.e. kvm_pmu_rdpmc() should reject the
> RDPMC before getting to the Intel code.
>
> Fixes: f5132b01386b ("KVM: Expose a version 2 architectural PMU to a guests")
> Fixes: 67f4d4288c35 ("KVM: x86: rdpmc emulation checks the counter incorrectly")
> Cc: Dapeng Mi <dapeng1.mi@linux.intel.com>
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
>   arch/x86/kvm/vmx/pmu_intel.c | 22 ++++++++++++++++++----
>   1 file changed, 18 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c
> index 6903dd9b71ad..644de27bd48a 100644
> --- a/arch/x86/kvm/vmx/pmu_intel.c
> +++ b/arch/x86/kvm/vmx/pmu_intel.c
> @@ -22,7 +22,6 @@
>   
>   /* Perf's "BASE" is wildly misleading, this is a single-bit flag, not a base. */
>   #define INTEL_RDPMC_FIXED	INTEL_PMC_FIXED_RDPMC_BASE
> -#define INTEL_RDPMC_FAST	BIT(31)
>   
>   #define MSR_PMC_FULL_WIDTH_BIT      (MSR_IA32_PMC0 - MSR_IA32_PERFCTR0)
>   
> @@ -67,10 +66,25 @@ static struct kvm_pmc *intel_rdpmc_ecx_to_pmc(struct kvm_vcpu *vcpu,
>   	struct kvm_pmc *counters;
>   	unsigned int num_counters;
>   
> -	if (idx & INTEL_RDPMC_FAST)
> -		*mask &= GENMASK_ULL(31, 0);
> +	/*
> +	 * The encoding of ECX for RDPMC is different for architectural versus
> +	 * non-architecturals PMUs (PMUs with version '0').  For architectural
> +	 * PMUs, bits 31:16 specify the PMC type and bits 15:0 specify the PMC
> +	 * index.  For non-architectural PMUs, bit 31 is a "fast" flag, and
> +	 * bits 30:0 specify the PMC index.
> +	 *
> +	 * Yell and reject attempts to read PMCs for a non-architectural PMU,
> +	 * as KVM doesn't support such PMUs.
> +	 */
> +	if (WARN_ON_ONCE(!pmu->version))
> +		return NULL;
>   
> -	idx &= ~(INTEL_RDPMC_FIXED | INTEL_RDPMC_FAST);
> +	/*
> +	 * Fixed PMCs are supported on all architectural PMUs.  Note, KVM only
> +	 * emulates fixed PMCs for PMU v2+, but the flag itself is still valid,
> +	 * i.e. let RDPMC fail due to accessing a non-existent counter.
> +	 */
> +	idx &= ~INTEL_RDPMC_FIXED;
>   	if (fixed) {
>   		counters = pmu->fixed_counters;
>   		num_counters = pmu->nr_arch_fixed_counters;

Reviewed-by: Dapeng Mi <dapeng1.mi@linux.intel.com>