From: sashiko-bot@kernel.org
To: "Colton Lewis" <coltonlewis@google.com>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v7 19/20] KVM: arm64: selftests: Add test case for Partitioned PMU
Date: Mon, 04 May 2026 22:19:21 +0000 [thread overview]
Message-ID: <20260504221921.ABE9DC2BCB8@smtp.kernel.org> (raw)
In-Reply-To: <20260504211813.1804997-20-coltonlewis@google.com>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [Medium] The KVM_ARM_VCPU_PMU_V3_ENABLE_PARTITION attribute expects an unsigned int, but a pointer to a 1-byte bool is passed, leading to an out-of-bounds stack read and potentially incorrect test execution.
- [Low] The 'pmu_partitioned' field added to 'struct vpmu_vm' is assigned but never read or utilized.
--
commit f6902795d8749ec81b1bab36231a48757e124a66
Author: Colton Lewis <coltonlewis@google.com>
KVM: arm64: selftests: Add test case for Partitioned PMU
This commit adds testing for the Partitioned PMU by running all tests for
both Emulated and Partitioned PMU implementations. It modifies the setup
functions to take the implementation type as an argument and configures the
vCPU attribute accordingly.
> diff --git a/tools/testing/selftests/kvm/arm64/vpmu_counter_access.c b/tools/testing/selftests/kvm/arm64/vpmu_counter_access.c
> index ae36325c022fb..9702f1d43b832 100644
> --- a/tools/testing/selftests/kvm/arm64/vpmu_counter_access.c
> +++ b/tools/testing/selftests/kvm/arm64/vpmu_counter_access.c
[ ... ]
> struct vpmu_vm {
> struct kvm_vm *vm;
> struct kvm_vcpu *vcpu;
> + bool pmu_partitioned;
> };
This isn't a bug, but is the pmu_partitioned field used anywhere else in
this test? It looks like it is assigned during setup but never read later
in the code.
[ ... ]
> @@ -409,6 +420,13 @@ static void create_vpmu_vm(void *guest_code)
> .attr = KVM_ARM_VCPU_PMU_V3_IRQ,
> .addr = (uint64_t)&irq,
> };
> + bool partition = (impl == PARTITIONED);
> + struct kvm_device_attr part_attr = {
> + .group = KVM_ARM_VCPU_PMU_V3_CTRL,
> + .attr = KVM_ARM_VCPU_PMU_V3_ENABLE_PARTITION,
> + .addr = (uint64_t)&partition
> + };
> + int ret;
Does this pass a 1-byte boolean to an attribute that expects a 4-byte
unsigned int?
When the kernel calls get_user() to read the
KVM_ARM_VCPU_PMU_V3_ENABLE_PARTITION attribute, could it read 3 bytes of
uninitialized stack data alongside the bool?
If the uninitialized stack data contains non-zero bytes, could the kernel
evaluate the 32-bit value as true and erroneously enable PMU partitioning
even when partition is false?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260504211813.1804997-1-coltonlewis@google.com?part=19
next prev parent reply other threads:[~2026-05-04 22:19 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-04 21:17 [PATCH v7 00/20] ARM64 PMU Partitioning Colton Lewis
2026-05-04 21:17 ` [PATCH v7 01/20] arm64: cpufeature: Add cpucap for HPMN0 Colton Lewis
2026-05-04 21:17 ` [PATCH v7 02/20] KVM: arm64: Reorganize PMU includes Colton Lewis
2026-05-04 21:44 ` sashiko-bot
2026-05-04 21:17 ` [PATCH v7 03/20] KVM: arm64: Reorganize PMU functions Colton Lewis
2026-05-04 22:02 ` sashiko-bot
2026-05-04 21:17 ` [PATCH v7 04/20] perf: arm_pmuv3: Generalize counter bitmasks Colton Lewis
2026-05-04 21:41 ` sashiko-bot
2026-05-04 21:17 ` [PATCH v7 05/20] perf: arm_pmuv3: Check cntr_mask before using pmccntr Colton Lewis
2026-05-04 21:49 ` sashiko-bot
2026-05-04 21:17 ` [PATCH v7 06/20] perf: arm_pmuv3: Add method to partition the PMU Colton Lewis
2026-05-04 21:53 ` sashiko-bot
2026-05-11 14:51 ` James Clark
2026-05-04 21:18 ` [PATCH v7 07/20] KVM: arm64: Set up FGT for Partitioned PMU Colton Lewis
2026-05-04 22:09 ` sashiko-bot
2026-05-13 7:34 ` Oliver Upton
2026-05-04 21:18 ` [PATCH v7 08/20] KVM: arm64: Add Partitioned PMU register trap handlers Colton Lewis
2026-05-04 22:06 ` sashiko-bot
2026-05-13 7:45 ` Oliver Upton
2026-05-04 21:18 ` [PATCH v7 09/20] KVM: arm64: Set up MDCR_EL2 to handle a Partitioned PMU Colton Lewis
2026-05-04 22:02 ` sashiko-bot
2026-05-13 7:57 ` Oliver Upton
2026-05-04 21:18 ` [PATCH v7 10/20] KVM: arm64: Context swap Partitioned PMU guest registers Colton Lewis
2026-05-04 22:01 ` sashiko-bot
2026-05-11 14:49 ` James Clark
2026-05-13 9:18 ` Oliver Upton
2026-05-04 21:18 ` [PATCH v7 11/20] KVM: arm64: Enforce PMU event filter at vcpu_load() Colton Lewis
2026-05-04 22:31 ` sashiko-bot
2026-05-04 21:18 ` [PATCH v7 12/20] perf: Add perf_pmu_resched_update() Colton Lewis
2026-05-04 21:55 ` sashiko-bot
2026-05-04 21:18 ` [PATCH v7 13/20] KVM: arm64: Apply dynamic guest counter reservations Colton Lewis
2026-05-04 22:11 ` sashiko-bot
2026-05-11 14:47 ` James Clark
2026-05-04 21:18 ` [PATCH v7 14/20] KVM: arm64: Implement lazy PMU context swaps Colton Lewis
2026-05-04 22:13 ` sashiko-bot
2026-05-04 21:18 ` [PATCH v7 15/20] perf: arm_pmuv3: Handle IRQs for Partitioned PMU guest counters Colton Lewis
2026-05-04 22:18 ` sashiko-bot
2026-05-04 21:18 ` [PATCH v7 16/20] KVM: arm64: Detect overflows for the Partitioned PMU Colton Lewis
2026-05-04 23:47 ` sashiko-bot
2026-05-04 21:18 ` [PATCH v7 17/20] KVM: arm64: Add vCPU device attr to partition the PMU Colton Lewis
2026-05-04 22:23 ` sashiko-bot
2026-05-04 21:18 ` [PATCH v7 18/20] KVM: selftests: Add find_bit to KVM library Colton Lewis
2026-05-04 21:18 ` [PATCH v7 19/20] KVM: arm64: selftests: Add test case for Partitioned PMU Colton Lewis
2026-05-04 22:19 ` sashiko-bot [this message]
2026-05-04 21:18 ` [PATCH v7 20/20] KVM: arm64: selftests: Relax testing for exceptions when partitioned Colton Lewis
2026-05-11 14:57 ` [PATCH v7 00/20] ARM64 PMU Partitioning James Clark
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260504221921.ABE9DC2BCB8@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=coltonlewis@google.com \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox