From: "tip-bot2 for Dapeng Mi" <tip-bot2@linutronix.de>
To: linux-tip-commits@vger.kernel.org
Cc: Dapeng Mi <dapeng1.mi@linux.intel.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Kan Liang <kan.liang@linux.intel.com>,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: [tip: perf/core] perf/x86/intel: Fix IA32_PMC_x_CFG_B MSRs access error
Date: Mon, 25 Aug 2025 10:24:28 -0000 [thread overview]
Message-ID: <175611746850.1420.5279678492721434998.tip-bot2@tip-bot2> (raw)
In-Reply-To: <20250820023032.17128-3-dapeng1.mi@linux.intel.com>
The following commit has been merged into the perf/core branch of tip:
Commit-ID: 43796f30507802d93ead2dc44fc9637f34671a89
Gitweb: https://git.kernel.org/tip/43796f30507802d93ead2dc44fc9637f34671a89
Author: Dapeng Mi <dapeng1.mi@linux.intel.com>
AuthorDate: Wed, 20 Aug 2025 10:30:27 +08:00
Committer: Peter Zijlstra <peterz@infradead.org>
CommitterDate: Thu, 21 Aug 2025 20:09:27 +02:00
perf/x86/intel: Fix IA32_PMC_x_CFG_B MSRs access error
When running perf_fuzzer on PTL, sometimes the below "unchecked MSR
access error" is seen when accessing IA32_PMC_x_CFG_B MSRs.
[ 55.611268] unchecked MSR access error: WRMSR to 0x1986 (tried to write 0x0000000200000001) at rIP: 0xffffffffac564b28 (native_write_msr+0x8/0x30)
[ 55.611280] Call Trace:
[ 55.611282] <TASK>
[ 55.611284] ? intel_pmu_config_acr+0x87/0x160
[ 55.611289] intel_pmu_enable_acr+0x6d/0x80
[ 55.611291] intel_pmu_enable_event+0xce/0x460
[ 55.611293] x86_pmu_start+0x78/0xb0
[ 55.611297] x86_pmu_enable+0x218/0x3a0
[ 55.611300] ? x86_pmu_enable+0x121/0x3a0
[ 55.611302] perf_pmu_enable+0x40/0x50
[ 55.611307] ctx_resched+0x19d/0x220
[ 55.611309] __perf_install_in_context+0x284/0x2f0
[ 55.611311] ? __pfx_remote_function+0x10/0x10
[ 55.611314] remote_function+0x52/0x70
[ 55.611317] ? __pfx_remote_function+0x10/0x10
[ 55.611319] generic_exec_single+0x84/0x150
[ 55.611323] smp_call_function_single+0xc5/0x1a0
[ 55.611326] ? __pfx_remote_function+0x10/0x10
[ 55.611329] perf_install_in_context+0xd1/0x1e0
[ 55.611331] ? __pfx___perf_install_in_context+0x10/0x10
[ 55.611333] __do_sys_perf_event_open+0xa76/0x1040
[ 55.611336] __x64_sys_perf_event_open+0x26/0x30
[ 55.611337] x64_sys_call+0x1d8e/0x20c0
[ 55.611339] do_syscall_64+0x4f/0x120
[ 55.611343] entry_SYSCALL_64_after_hwframe+0x76/0x7e
On PTL, GP counter 0 and 1 doesn't support auto counter reload feature,
thus it would trigger a #GP when trying to write 1 on bit 0 of CFG_B MSR
which requires to enable auto counter reload on GP counter 0.
The root cause of causing this issue is the check for auto counter
reload (ACR) counter mask from user space is incorrect in
intel_pmu_acr_late_setup() helper. It leads to an invalid ACR counter
mask from user space could be set into hw.config1 and then written into
CFG_B MSRs and trigger the MSR access warning.
e.g., User may create a perf event with ACR counter mask (config2=0xcb),
and there is only 1 event created, so "cpuc->n_events" is 1.
The correct check condition should be "i + idx >= cpuc->n_events"
instead of "i + idx > cpuc->n_events" (it looks a typo). Otherwise,
the counter mask would traverse twice and an invalid "cpuc->assign[1]"
bit (bit 0) is set into hw.config1 and cause MSR accessing error.
Besides, also check if the ACR counter mask corresponding events are
ACR events. If not, filter out these counter mask. If a event is not a
ACR event, it could be scheduled to an HW counter which doesn't support
ACR. It's invalid to add their counter index in ACR counter mask.
Furthermore, remove the WARN_ON_ONCE() since it's easily triggered as
user could set any invalid ACR counter mask and the warning message
could mislead users.
Fixes: ec980e4facef ("perf/x86/intel: Support auto counter reload")
Signed-off-by: Dapeng Mi <dapeng1.mi@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Kan Liang <kan.liang@linux.intel.com>
Link: https://lore.kernel.org/r/20250820023032.17128-3-dapeng1.mi@linux.intel.com
---
arch/x86/events/intel/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
index c2fb729..15da60c 100644
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -2997,7 +2997,8 @@ static void intel_pmu_acr_late_setup(struct cpu_hw_events *cpuc)
if (event->group_leader != leader->group_leader)
break;
for_each_set_bit(idx, (unsigned long *)&event->attr.config2, X86_PMC_IDX_MAX) {
- if (WARN_ON_ONCE(i + idx > cpuc->n_events))
+ if (i + idx >= cpuc->n_events ||
+ !is_acr_event_group(cpuc->event_list[i + idx]))
return;
__set_bit(cpuc->assign[i + idx], (unsigned long *)&event->hw.config1);
}
next prev parent reply other threads:[~2025-08-25 10:24 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-20 2:30 [Patch v3 0/7] x86 perf bug fixes and optimization Dapeng Mi
2025-08-20 2:30 ` [Patch v3 1/7] perf/x86/intel: Use early_initcall() to hook bts_init() Dapeng Mi
2025-08-25 10:24 ` [tip: perf/core] " tip-bot2 for Dapeng Mi
2025-08-20 2:30 ` [Patch v3 2/7] perf/x86/intel: Fix IA32_PMC_x_CFG_B MSRs access error Dapeng Mi
2025-08-25 10:24 ` tip-bot2 for Dapeng Mi [this message]
2025-08-20 2:30 ` [Patch v3 3/7] perf/x86: Check if cpuc->events[*] pointer exists before accessing it Dapeng Mi
2025-08-20 3:41 ` Andi Kleen
2025-08-20 5:33 ` Mi, Dapeng
2025-08-20 5:44 ` Andi Kleen
2025-08-20 5:54 ` Mi, Dapeng
2025-08-21 1:51 ` Andi Kleen
2025-08-21 13:35 ` Peter Zijlstra
2025-08-22 5:26 ` Mi, Dapeng
2025-08-26 3:47 ` Mi, Dapeng
2025-08-20 2:30 ` [Patch v3 4/7] perf/x86: Add PERF_CAP_PEBS_TIMING_INFO flag Dapeng Mi
2025-08-25 10:24 ` [tip: perf/core] " tip-bot2 for Dapeng Mi
2025-08-20 2:30 ` [Patch v3 5/7] perf/x86/intel: Change macro GLOBAL_CTRL_EN_PERF_METRICS to BIT_ULL(48) Dapeng Mi
2025-08-25 10:24 ` [tip: perf/core] " tip-bot2 for Dapeng Mi
2025-08-20 2:30 ` [Patch v3 6/7] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK Dapeng Mi
2025-08-25 10:24 ` [tip: perf/core] " tip-bot2 for Dapeng Mi
2025-08-20 2:30 ` [Patch v3 7/7] perf/x86: Print PMU counters bitmap in x86_pmu_show_pmu_cap() Dapeng Mi
2025-08-25 10:24 ` [tip: perf/core] " tip-bot2 for Dapeng Mi
2025-08-20 15:55 ` [Patch v3 0/7] x86 perf bug fixes and optimization Liang, Kan
2025-08-21 13:39 ` Peter Zijlstra
2025-08-22 5:29 ` Mi, Dapeng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=175611746850.1420.5279678492721434998.tip-bot2@tip-bot2 \
--to=tip-bot2@linutronix.de \
--cc=dapeng1.mi@linux.intel.com \
--cc=kan.liang@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).