On Thu, 04 May 2023 14:00:42 +0200, Roman Kagan wrote: > Performance counters are defined to have width less than 64 bits. The > vPMU code maintains the counters in u64 variables but assumes the value > to fit within the defined width. However, for Intel non-full-width > counters (MSR_IA32_PERFCTRx) the value receieved from the guest is > truncated to 32 bits and then sign-extended to full 64 bits. If a > negative value is set, it's sign-extended to 64 bits, but then in > kvm_pmu_incr_counter() it's incremented, truncated, and compared to the > previous value for overflow detection. > That previous value is not truncated, so it always evaluates bigger than > the truncated new one, and a PMI is injected. If the PMI handler writes > a negative counter value itself, the vCPU never quits the PMI loop. > > [...] Applied to kvm-x86 pmu, with a slightly massaged changelog. Thanks! And sorry for the horrendous delay... [1/1] KVM: x86/pmu: Truncate counter value to allowed width on write https://github.com/kvm-x86/linux/commit/b29a2acd36dd -- https://github.com/kvm-x86/linux/tree/next