On Thu, 04 May 2023 14:00:42 +0200, Roman Kagan wrote:
> Performance counters are defined to have width less than 64 bits. The
> vPMU code maintains the counters in u64 variables but assumes the value
> to fit within the defined width. However, for Intel non-full-width
> counters (MSR_IA32_PERFCTRx) the value receieved from the guest is
> truncated to 32 bits and then sign-extended to full 64 bits. If a
> negative value is set, it's sign-extended to 64 bits, but then in
> kvm_pmu_incr_counter() it's incremented, truncated, and compared to the
> previous value for overflow detection.
> That previous value is not truncated, so it always evaluates bigger than
> the truncated new one, and a PMI is injected. If the PMI handler writes
> a negative counter value itself, the vCPU never quits the PMI loop.
>
> [...]
Applied to kvm-x86 pmu, with a slightly massaged changelog. Thanks! And sorry
for the horrendous delay...
[1/1] KVM: x86/pmu: Truncate counter value to allowed width on write
https://github.com/kvm-x86/linux/commit/b29a2acd36dd
--
https://github.com/kvm-x86/linux/tree/next
