From: Sean Christopherson <seanjc@google.com>
To: Mingwei Zhang <mizhang@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Namhyung Kim <namhyung@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Mark Rutland <mark.rutland@arm.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@kernel.org>, Ian Rogers <irogers@google.com>,
Adrian Hunter <adrian.hunter@intel.com>,
Liang@google.com, Kan <kan.liang@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org, linux-kselftest@vger.kernel.org,
Yongwei Ma <yongwei.ma@intel.com>,
Xiong Zhang <xiong.y.zhang@linux.intel.com>,
Dapeng Mi <dapeng1.mi@linux.intel.com>,
Jim Mattson <jmattson@google.com>,
Sandipan Das <sandipan.das@amd.com>,
Zide Chen <zide.chen@intel.com>,
Eranian Stephane <eranian@google.com>,
Shukla Manali <Manali.Shukla@amd.com>,
Nikunj Dadhania <nikunj.dadhania@amd.com>
Subject: Re: [PATCH v4 15/38] KVM: x86/pmu: Check PMU cpuid configuration from user space
Date: Wed, 14 May 2025 17:12:08 -0700 [thread overview]
Message-ID: <aCUxWDaNKezTzJTV@google.com> (raw)
In-Reply-To: <20250324173121.1275209-16-mizhang@google.com>
On Mon, Mar 24, 2025, Mingwei Zhang wrote:
> From: Dapeng Mi <dapeng1.mi@linux.intel.com>
>
> Check user space's PMU cpuid configuration and filter the invalid
> configuration.
>
> Either legacy perf-based vPMU or mediated vPMU needs kernel to support
> local APIC, otherwise PMI has no way to be injected into guest. If
> kernel doesn't support local APIC, reject user space to enable PMU
> cpuid.
>
> User space configured PMU version must be no larger than KVM supported
> maximum pmu version for mediated vPMU, otherwise guest may manipulate
> some unsupported or unallowed PMU MSRs, this is dangerous and harmful.
>
> If the pmu version is larger than 1 but smaller than 5, CPUID.AH.ECX
> must be 0 as well which is required by SDM.
>
> Suggested-by: Zide Chen <zide.chen@intel.com>
> Signed-off-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
> Signed-off-by: Mingwei Zhang <mizhang@google.com>
> ---
> arch/x86/kvm/cpuid.c | 15 +++++++++++++++
> arch/x86/kvm/pmu.c | 7 +++++--
> arch/x86/kvm/pmu.h | 1 +
> 3 files changed, 21 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index 8eb3a88707f2..f849ced9deba 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -179,6 +179,21 @@ static int kvm_check_cpuid(struct kvm_vcpu *vcpu)
> return -EINVAL;
> }
>
> + best = kvm_find_cpuid_entry(vcpu, 0xa);
> + if (vcpu->kvm->arch.enable_pmu && best) {
> + union cpuid10_eax eax;
> +
> + eax.full = best->eax;
> + if (enable_mediated_pmu &&
> + eax.split.version_id > kvm_pmu_cap.version)
> + return -EINVAL;
> + if (eax.split.version_id > 0 && !vcpu_pmu_can_enable(vcpu))
> + return -EINVAL;
> + if (eax.split.version_id > 1 && eax.split.version_id < 5 &&
> + best->ecx != 0)
> + return -EINVAL;
NAK, unless there is a really, *really* strong need for this. I do not want to
get in the business of vetting the vCPU model presented to the guest. If KVM
needs to constrain things for its own safety, then by all means, but AFAICT these
are nothing more than sanity checks on userspace.
> + }
> +
> /*
> * Exposing dynamic xfeatures to the guest requires additional
> * enabling in the FPU, e.g. to expand the guest XSAVE state size.
> diff --git a/arch/x86/kvm/pmu.c b/arch/x86/kvm/pmu.c
> index 4f455afe4009..92c742ead663 100644
> --- a/arch/x86/kvm/pmu.c
> +++ b/arch/x86/kvm/pmu.c
> @@ -743,6 +743,10 @@ static void kvm_pmu_reset(struct kvm_vcpu *vcpu)
> kvm_pmu_call(reset)(vcpu);
> }
>
> +inline bool vcpu_pmu_can_enable(struct kvm_vcpu *vcpu)
> +{
> + return vcpu->kvm->arch.enable_pmu && lapic_in_kernel(vcpu);
Again, the APIC check belongs in the VM enablement path, not here. Hmm, that
may require more thought with respect to enabling the PMU by default.
next prev parent reply other threads:[~2025-05-15 0:12 UTC|newest]
Thread overview: 127+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-24 17:30 [PATCH v4 00/38] Mediated vPMU 4.0 for x86 Mingwei Zhang
2025-03-24 17:30 ` [PATCH v4 01/38] perf: Support get/put mediated PMU interfaces Mingwei Zhang
2025-05-14 22:48 ` Sean Christopherson
2025-05-15 1:31 ` Mi, Dapeng
2025-03-24 17:30 ` [PATCH v4 02/38] perf: Skip pmu_ctx based on event_type Mingwei Zhang
2025-03-24 17:30 ` [PATCH v4 03/38] perf: Clean up perf ctx time Mingwei Zhang
2025-03-24 17:30 ` [PATCH v4 04/38] perf: Add a EVENT_GUEST flag Mingwei Zhang
2025-05-14 22:51 ` Sean Christopherson
2025-05-15 1:35 ` Mi, Dapeng
2025-05-19 6:58 ` Namhyung Kim
2025-05-20 16:09 ` Liang, Kan
2025-05-20 17:51 ` Namhyung Kim
2025-05-20 18:50 ` Liang, Kan
2025-05-21 19:46 ` Namhyung Kim
2025-03-24 17:30 ` [PATCH v4 05/38] perf: Add generic exclude_guest support Mingwei Zhang
2025-04-25 11:13 ` Peter Zijlstra
2025-05-14 23:19 ` Sean Christopherson
2025-05-15 1:37 ` Mi, Dapeng
2025-05-15 18:39 ` Liang, Kan
2025-05-15 19:25 ` Sean Christopherson
2025-05-15 20:18 ` Liang, Kan
2025-05-21 19:55 ` Namhyung Kim
2025-05-21 20:12 ` Liang, Kan
2025-03-24 17:30 ` [PATCH v4 06/38] x86/irq: Factor out common code for installing kvm irq handler Mingwei Zhang
2025-05-14 23:21 ` Sean Christopherson
2025-05-15 2:10 ` Mi, Dapeng
2025-03-24 17:30 ` [PATCH v4 07/38] perf: core/x86: Register a new vector for KVM GUEST PMI Mingwei Zhang
2025-05-14 23:24 ` Sean Christopherson
2025-05-15 1:40 ` Mi, Dapeng
2025-03-24 17:30 ` [PATCH v4 08/38] KVM: x86/pmu: Register KVM_GUEST_PMI_VECTOR handler Mingwei Zhang
2025-03-24 17:30 ` [PATCH v4 09/38] perf: Add switch_guest_ctx() interface Mingwei Zhang
2025-04-25 11:12 ` Peter Zijlstra
2025-05-14 23:30 ` Sean Christopherson
2025-05-15 1:45 ` Mi, Dapeng
2025-05-21 20:01 ` Namhyung Kim
2025-03-24 17:30 ` [PATCH v4 10/38] perf/x86: Support switch_guest_ctx interface Mingwei Zhang
2025-04-25 11:15 ` Peter Zijlstra
2025-04-25 13:06 ` Liang, Kan
2025-04-25 13:43 ` Peter Zijlstra
2025-04-25 13:56 ` Liang, Kan
2025-07-30 0:31 ` Sean Christopherson
2025-03-24 17:30 ` [PATCH v4 11/38] perf/x86: Forbid PMI handler when guest own PMU Mingwei Zhang
2025-05-15 0:00 ` Sean Christopherson
2025-05-15 1:52 ` Mi, Dapeng
2025-03-24 17:30 ` [PATCH v4 12/38] perf/x86/core: Do not set bit width for unavailable counters Mingwei Zhang
2025-03-24 17:30 ` [PATCH v4 13/38] perf/x86/core: Plumb mediated PMU capability from x86_pmu to x86_pmu_cap Mingwei Zhang
2025-03-24 17:30 ` [PATCH v4 14/38] KVM: x86/pmu: Introduce enable_mediated_pmu global parameter Mingwei Zhang
2025-05-15 0:09 ` Sean Christopherson
2025-05-15 2:53 ` Mi, Dapeng
2025-05-21 18:43 ` Sean Christopherson
2025-05-22 1:36 ` Mi, Dapeng
2025-03-24 17:30 ` [PATCH v4 15/38] KVM: x86/pmu: Check PMU cpuid configuration from user space Mingwei Zhang
2025-05-15 0:12 ` Sean Christopherson [this message]
2025-05-15 3:00 ` Mi, Dapeng
2025-03-24 17:30 ` [PATCH v4 16/38] KVM: x86: Rename vmx_vmentry/vmexit_ctrl() helpers Mingwei Zhang
2025-03-24 17:30 ` [PATCH v4 17/38] KVM: x86/pmu: Add perf_capabilities field in struct kvm_host_values{} Mingwei Zhang
2025-05-15 0:12 ` Sean Christopherson
2025-05-15 3:04 ` Mi, Dapeng
2025-03-24 17:30 ` [PATCH v4 18/38] KVM: x86/pmu: Move PMU_CAP_{FW_WRITES,LBR_FMT} into msr-index.h header Mingwei Zhang
2025-03-24 17:30 ` [PATCH v4 19/38] KVM: VMX: Add macros to wrap around {secondary,tertiary}_exec_controls_changebit() Mingwei Zhang
2025-03-24 17:31 ` [PATCH v4 20/38] KVM: x86/pmu: Check if mediated vPMU can intercept rdpmc Mingwei Zhang
2025-05-15 0:19 ` Sean Christopherson
2025-05-15 3:23 ` Mi, Dapeng
2025-05-26 6:15 ` Sandipan Das
2025-07-09 15:53 ` Sean Christopherson
2025-07-29 3:29 ` Mi, Dapeng
2025-07-30 0:38 ` Sean Christopherson
2025-07-30 2:25 ` Mi, Dapeng
2025-08-01 23:32 ` Sean Christopherson
2025-08-05 0:54 ` Sean Christopherson
2025-03-24 17:31 ` [PATCH v4 21/38] KVM: x86/pmu/vmx: Save/load guest IA32_PERF_GLOBAL_CTRL with vm_exit/entry_ctrl Mingwei Zhang
2025-03-26 16:51 ` Chen, Zide
2025-03-26 20:09 ` Mingwei Zhang
2025-05-15 0:33 ` Sean Christopherson
2025-05-15 3:45 ` Mi, Dapeng
2025-03-24 17:31 ` [PATCH v4 22/38] KVM: x86/pmu: Optimize intel/amd_pmu_refresh() helpers Mingwei Zhang
2025-05-15 0:37 ` Sean Christopherson
2025-05-15 5:09 ` Mi, Dapeng
2025-05-15 19:22 ` Sean Christopherson
2025-05-16 1:03 ` Mi, Dapeng
2025-03-24 17:31 ` [PATCH v4 23/38] KVM: x86/pmu: Configure the interception of PMU MSRs Mingwei Zhang
2025-05-15 0:41 ` Sean Christopherson
2025-05-15 5:37 ` Mi, Dapeng
2025-05-15 19:06 ` Sean Christopherson
2025-05-16 13:34 ` Sean Christopherson
2025-05-19 5:18 ` Mi, Dapeng
2025-03-24 17:31 ` [PATCH v4 24/38] KVM: x86/pmu: Exclude PMU MSRs in vmx_get_passthrough_msr_slot() Mingwei Zhang
2025-05-16 13:35 ` Sean Christopherson
2025-05-16 14:45 ` Sean Christopherson
2025-05-19 5:21 ` Mi, Dapeng
2025-03-24 17:31 ` [PATCH v4 25/38] KVM: x86/pmu: Add AMD PMU registers to direct access list Mingwei Zhang
2025-05-16 13:36 ` Sean Christopherson
2025-03-24 17:31 ` [PATCH v4 26/38] KVM: x86/pmu: Introduce eventsel_hw to prepare for pmu event filtering Mingwei Zhang
2025-05-15 0:42 ` Sean Christopherson
2025-05-15 5:34 ` Mi, Dapeng
2025-03-24 17:31 ` [PATCH v4 27/38] KVM: x86/pmu: Handle PMU MSRs interception and " Mingwei Zhang
2025-05-15 0:43 ` Sean Christopherson
2025-05-15 5:38 ` Mi, Dapeng
2025-05-16 1:26 ` Mi, Dapeng
2025-05-16 20:54 ` Sean Christopherson
2025-05-19 4:16 ` Mi, Dapeng
2025-03-24 17:31 ` [PATCH v4 28/38] KVM: x86/pmu/svm: Set GuestOnly bit and clear HostOnly bit when guest writes to event selectors Mingwei Zhang
2025-03-24 17:31 ` [PATCH v4 29/38] KVM: x86/pmu: Switch host/guest PMU context at vm-exit/vm-entry Mingwei Zhang
2025-05-15 16:29 ` Sean Christopherson
2025-05-16 2:37 ` Mi, Dapeng
2025-05-16 13:26 ` Sean Christopherson
2025-05-19 5:07 ` Mi, Dapeng
2025-03-24 17:31 ` [PATCH v4 30/38] KVM: x86/pmu: Handle emulated instruction for mediated vPMU Mingwei Zhang
2025-05-16 1:10 ` Sean Christopherson
2025-03-24 17:31 ` [PATCH v4 31/38] KVM: nVMX: Add macros to simplify nested MSR interception setting Mingwei Zhang
2025-03-24 17:31 ` [PATCH v4 32/38] KVM: nVMX: Add nested virtualization support for mediated PMU Mingwei Zhang
2025-05-16 13:33 ` Sean Christopherson
2025-05-19 5:24 ` Mi, Dapeng
2025-03-24 17:31 ` [PATCH v4 33/38] perf/x86/intel: Support PERF_PMU_CAP_MEDIATED_VPMU Mingwei Zhang
2025-03-24 17:31 ` [PATCH v4 34/38] perf/x86/amd: Support PERF_PMU_CAP_MEDIATED_VPMU for AMD host Mingwei Zhang
2025-05-21 20:00 ` Namhyung Kim
2025-03-24 17:31 ` [PATCH v4 35/38] KVM: x86/pmu: Expose enable_mediated_pmu parameter to user space Mingwei Zhang
2025-03-24 17:31 ` [PATCH v4 36/38] KVM: selftests: Add mediated vPMU supported for pmu tests Mingwei Zhang
2025-03-24 17:31 ` [PATCH v4 37/38] KVM: Selftests: Support mediated vPMU for vmx_pmu_caps_test Mingwei Zhang
2025-03-24 17:31 ` [PATCH v4 38/38] KVM: Selftests: Fix pmu_counters_test error for mediated vPMU Mingwei Zhang
2025-04-16 7:22 ` [PATCH v4 00/38] Mediated vPMU 4.0 for x86 Mi, Dapeng
2025-04-25 12:27 ` Peter Zijlstra
2025-05-06 9:57 ` Mi, Dapeng
2025-05-06 19:45 ` Sean Christopherson
2025-05-07 0:46 ` Mi, Dapeng
2025-05-15 0:49 ` Sean Christopherson
2025-05-15 5:45 ` Mi, Dapeng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aCUxWDaNKezTzJTV@google.com \
--to=seanjc@google.com \
--cc=Liang@google.com \
--cc=Manali.Shukla@amd.com \
--cc=acme@kernel.org \
--cc=adrian.hunter@intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=dapeng1.mi@linux.intel.com \
--cc=eranian@google.com \
--cc=hpa@zytor.com \
--cc=irogers@google.com \
--cc=jmattson@google.com \
--cc=jolsa@kernel.org \
--cc=kan.liang@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=mizhang@google.com \
--cc=namhyung@kernel.org \
--cc=nikunj.dadhania@amd.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=sandipan.das@amd.com \
--cc=xiong.y.zhang@linux.intel.com \
--cc=yongwei.ma@intel.com \
--cc=zide.chen@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).