Patch "Revert "KVM: VMX: Micro-optimize vmexit time when not exposing PMU"" has been added to the 5.7-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 29 Jun 2020 00:43:50 -0400

This is a note to let you know that I've just added the patch titled

    Revert "KVM: VMX: Micro-optimize vmexit time when not exposing PMU"

to the 5.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     revert-kvm-vmx-micro-optimize-vmexit-time-when-not-e.patch
and it can be found in the queue-5.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 1c69dc4ac378b355aa7df0d00d0919e3414294bc
Author: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
Date:   Fri Jun 19 11:40:46 2020 +0200

    Revert "KVM: VMX: Micro-optimize vmexit time when not exposing PMU"
    
    [ Upstream commit 49097762fa405cdc16f8f597f6d27c078d4a31e9 ]
    
    Guest crashes are observed on a Cascade Lake system when 'perf top' is
    launched on the host, e.g.
    
     BUG: unable to handle kernel paging request at fffffe0000073038
     PGD 7ffa7067 P4D 7ffa7067 PUD 7ffa6067 PMD 7ffa5067 PTE ffffffffff120
     Oops: 0000 [#1] SMP PTI
     CPU: 1 PID: 1 Comm: systemd Not tainted 4.18.0+ #380
    ...
     Call Trace:
      serial8250_console_write+0xfe/0x1f0
      call_console_drivers.constprop.0+0x9d/0x120
      console_unlock+0x1ea/0x460
    
    Call traces are different but the crash is imminent. The problem was
    blindly bisected to the commit 041bc42ce2d0 ("KVM: VMX: Micro-optimize
    vmexit time when not exposing PMU"). It was also confirmed that the
    issue goes away if PMU is exposed to the guest.
    
    With some instrumentation of the guest we can see what is being switched
    (when we do atomic_switch_perf_msrs()):
    
     vmx_vcpu_run: switching 2 msrs
     vmx_vcpu_run: switching MSR38f guest: 70000000d host: 70000000f
     vmx_vcpu_run: switching MSR3f1 guest: 0 host: 2
    
    The current guess is that PEBS (MSR_IA32_PEBS_ENABLE, 0x3f1) is to blame.
    Regardless of whether PMU is exposed to the guest or not, PEBS needs to
    be disabled upon switch.
    
    This reverts commit 041bc42ce2d0efac3b85bbb81dea8c74b81f4ef9.
    
    Reported-by: Maxime Coquelin <maxime.coquelin@xxxxxxxxxx>
    Signed-off-by: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
    Message-Id: <20200619094046.654019-1-vkuznets@xxxxxxxxxx>
    Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index d7aa0dfab8bbd..8f59f8c8fd05d 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -6575,8 +6575,7 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu)
 
 	pt_guest_enter(vmx);
 
-	if (vcpu_to_pmu(vcpu)->version)
-		atomic_switch_perf_msrs(vmx);
+	atomic_switch_perf_msrs(vmx);
 	atomic_switch_umwait_control_msr(vmx);
 
 	if (enable_preemption_timer)






