Patch "KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl" has been added to the 6.7-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 19 Feb 2024 19:34:46 +0100

This is a note to let you know that I've just added the patch titled

    KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl

to the 6.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kvm-x86-pmu-fix-type-length-error-when-reading-pmu-fixed_ctr_ctrl.patch
and it can be found in the queue-6.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 05519c86d6997cfb9bb6c82ce1595d1015b718dc Mon Sep 17 00:00:00 2001
From: Mingwei Zhang <mizhang@xxxxxxxxxx>
Date: Tue, 23 Jan 2024 22:12:20 +0000
Subject: KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl

From: Mingwei Zhang <mizhang@xxxxxxxxxx>

commit 05519c86d6997cfb9bb6c82ce1595d1015b718dc upstream.

Use a u64 instead of a u8 when taking a snapshot of pmu->fixed_ctr_ctrl
when reprogramming fixed counters, as truncating the value results in KVM
thinking fixed counter 2 is already disabled (the bug also affects fixed
counters 3+, but KVM doesn't yet support those).  As a result, if the
guest disables fixed counter 2, KVM will get a false negative and fail to
reprogram/disable emulation of the counter, which can leads to incorrect
counts and spurious PMIs in the guest.

Fixes: 76d287b2342e ("KVM: x86/pmu: Drop "u8 ctrl, int idx" for reprogram_fixed_counter()")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Mingwei Zhang <mizhang@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20240123221220.3911317-1-mizhang@xxxxxxxxxx
[sean: rewrite changelog to call out the effects of the bug]
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 arch/x86/kvm/vmx/pmu_intel.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/x86/kvm/vmx/pmu_intel.c
+++ b/arch/x86/kvm/vmx/pmu_intel.c
@@ -71,7 +71,7 @@ static int fixed_pmc_events[] = {
 static void reprogram_fixed_counters(struct kvm_pmu *pmu, u64 data)
 {
 	struct kvm_pmc *pmc;
-	u8 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl;
+	u64 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl;
 	int i;
 
 	pmu->fixed_ctr_ctrl = data;


Patches currently in stable-queue which might be from mizhang@xxxxxxxxxx are

queue-6.7/kvm-x86-pmu-fix-type-length-error-when-reading-pmu-fixed_ctr_ctrl.patch







