[PATCH V2 1/3] perf ignore LBR and offcore_rsp.

[PATCH V2 1/3] perf ignore LBR and offcore_rsp.

[kan.liang]

From: Kan Liang <kan.liang@intel.com>

x86, perf: Protect LBR and offcore rsp against KVM lying

With -cpu host, KVM reports LBR and offcore support, if the host has support.
When the guest perf driver tries to access LBR or offcore_rsp MSR,
it #GPs all MSR accesses,since KVM doesn't handle LBR and offcore support.
So check the related MSRs access right once at initialization time to avoid the error access at runtime.

For reproducing the issue, please build the kernel with CONFIG_KVM_INTEL = y.
And CONFIG_PARAVIRT = n and CONFIG_KVM_GUEST = n.
Start the guest with -cpu host.
Run perf record with --branch-any or --branch-filter in guest to trigger LBR #GP.
Run perf stat offcore events (E.g. LLC-loads/LLC-load-misses ...) in guest to trigger offcore_rsp #GP

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Kan Liang <kan.liang@intel.com>

V2: Move the check code to initialization time.
---
 arch/x86/kernel/cpu/perf_event.h           | 19 +++++++++++++++++--
 arch/x86/kernel/cpu/perf_event_intel.c     |  7 +++++++
 arch/x86/kernel/cpu/perf_event_intel_lbr.c |  4 ++--
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kernel/cpu/perf_event.h b/arch/x86/kernel/cpu/perf_event.h
index 3b2f9bd..5d977b2 100644
--- a/arch/x86/kernel/cpu/perf_event.h
+++ b/arch/x86/kernel/cpu/perf_event.h
@@ -458,12 +458,13 @@ struct x86_pmu {
 	u64		lbr_sel_mask;		   /* LBR_SELECT valid bits */
 	const int	*lbr_sel_map;		   /* lbr_select mappings */
 	bool		lbr_double_abort;	   /* duplicated lbr aborts */
-
+	bool		lbr_msr_access;		   /* LBR MSR can be accessed */
 	/*
 	 * Extra registers for events
 	 */
 	struct extra_reg *extra_regs;
 	unsigned int er_flags;
+	bool		extra_msr_access;	   /* EXTRA REG MSR can be accessed */
 
 	/*
 	 * Intel host/guest support (KVM)
@@ -525,6 +526,20 @@ extern u64 __read_mostly hw_cache_extra_regs
 				[PERF_COUNT_HW_CACHE_OP_MAX]
 				[PERF_COUNT_HW_CACHE_RESULT_MAX];
 
+/* 
+ * Under certain circumstances, access certain MSR may cause #GP.
+ * The function tests if the input MSR can be safely accessed.
+ */
+static inline bool test_msr_access(unsigned long msr)
+{
+	u64 value;
+	if (rdmsrl_safe(msr, &value) < 0)
+		return false;
+	if (wrmsrl_safe(msr, value) < 0)
+		return false;
+	return true;
+}
+
 u64 x86_perf_event_update(struct perf_event *event);
 
 static inline unsigned int x86_pmu_config_addr(int index)
@@ -555,7 +570,7 @@ static inline void __x86_pmu_enable_event(struct hw_perf_event *hwc,
 {
 	u64 disable_mask = __this_cpu_read(cpu_hw_events.perf_ctr_virt_mask);
 
-	if (hwc->extra_reg.reg)
+	if (hwc->extra_reg.reg && x86_pmu.extra_msr_access)
 		wrmsrl(hwc->extra_reg.reg, hwc->extra_reg.config);
 	wrmsrl(hwc->config_base, (hwc->config | enable_mask) & ~disable_mask);
 }
diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
index adb02aa..8011d42 100644
--- a/arch/x86/kernel/cpu/perf_event_intel.c
+++ b/arch/x86/kernel/cpu/perf_event_intel.c
@@ -2565,6 +2565,13 @@ __init int intel_pmu_init(void)
 		}
 	}
 
+	/* Access LBR MSR may cause #GP under certain circumstances. E.g. KVM doesn't support LBR MSR */
+	if (x86_pmu.lbr_nr)
+		x86_pmu.lbr_msr_access = test_msr_access(x86_pmu.lbr_tos) & test_msr_access(x86_pmu.lbr_from);
+	/* Access extra MSR may cause #GP under certain circumstances. E.g. KVM doesn't support offcore event */
+	if (x86_pmu.extra_regs)
+		x86_pmu.extra_msr_access = test_msr_access(x86_pmu.extra_regs->msr);
+
 	/* Support full width counters using alternative MSR range */
 	if (x86_pmu.intel_cap.full_width_write) {
 		x86_pmu.max_period = x86_pmu.cntval_mask;
diff --git a/arch/x86/kernel/cpu/perf_event_intel_lbr.c b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
index 9dd2459..9508d1e 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
@@ -172,7 +172,7 @@ static void intel_pmu_lbr_reset_64(void)
 
 void intel_pmu_lbr_reset(void)
 {
-	if (!x86_pmu.lbr_nr)
+	if (!x86_pmu.lbr_nr  || !x86_pmu.lbr_msr_access)
 		return;
 
 	if (x86_pmu.intel_cap.lbr_format == LBR_FORMAT_32)
@@ -334,7 +334,7 @@ void intel_pmu_lbr_read(void)
 {
 	struct cpu_hw_events *cpuc = &__get_cpu_var(cpu_hw_events);
 
-	if (!cpuc->lbr_users)
+	if (!cpuc->lbr_users || !x86_pmu.lbr_msr_access)
 		return;
 
 	if (x86_pmu.intel_cap.lbr_format == LBR_FORMAT_32)
-- 
1.8.3.1

[PATCH V2 2/3] perf protect LBR when Intel PT is enabled.

[kan.liang]

From: Kan Liang <kan.liang@intel.com>

If RTIT_CTL.TraceEn=1, any attempt to read or write the LBR or LER MSRs, including LBR_TOS, will result in a #GP.
Since Intel PT can be enabled/disabled at runtime, LBR MSRs have to be protected by _safe() at runtime.

Signed-off-by: Kan Liang <kan.liang@intel.com>
---
 arch/x86/kernel/cpu/perf_event.h           |  1 -
 arch/x86/kernel/cpu/perf_event_intel.c     |  3 ---
 arch/x86/kernel/cpu/perf_event_intel_lbr.c | 38 +++++++++++++++++-------------
 3 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/arch/x86/kernel/cpu/perf_event.h b/arch/x86/kernel/cpu/perf_event.h
index 5d977b2..fafb809 100644
--- a/arch/x86/kernel/cpu/perf_event.h
+++ b/arch/x86/kernel/cpu/perf_event.h
@@ -458,7 +458,6 @@ struct x86_pmu {
 	u64		lbr_sel_mask;		   /* LBR_SELECT valid bits */
 	const int	*lbr_sel_map;		   /* lbr_select mappings */
 	bool		lbr_double_abort;	   /* duplicated lbr aborts */
-	bool		lbr_msr_access;		   /* LBR MSR can be accessed */
 	/*
 	 * Extra registers for events
 	 */
diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
index 8011d42..ddd3590 100644
--- a/arch/x86/kernel/cpu/perf_event_intel.c
+++ b/arch/x86/kernel/cpu/perf_event_intel.c
@@ -2565,9 +2565,6 @@ __init int intel_pmu_init(void)
 		}
 	}
 
-	/* Access LBR MSR may cause #GP under certain circumstances. E.g. KVM doesn't support LBR MSR */
-	if (x86_pmu.lbr_nr)
-		x86_pmu.lbr_msr_access = test_msr_access(x86_pmu.lbr_tos) & test_msr_access(x86_pmu.lbr_from);
 	/* Access extra MSR may cause #GP under certain circumstances. E.g. KVM doesn't support offcore event */
 	if (x86_pmu.extra_regs)
 		x86_pmu.extra_msr_access = test_msr_access(x86_pmu.extra_regs->msr);
diff --git a/arch/x86/kernel/cpu/perf_event_intel_lbr.c b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
index 9508d1e..980b8dc 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
@@ -157,7 +157,7 @@ static void intel_pmu_lbr_reset_32(void)
 	int i;
 
 	for (i = 0; i < x86_pmu.lbr_nr; i++)
-		wrmsrl(x86_pmu.lbr_from + i, 0);
+		wrmsrl_safe(x86_pmu.lbr_from + i, 0ULL);
 }
 
 static void intel_pmu_lbr_reset_64(void)
@@ -165,14 +165,14 @@ static void intel_pmu_lbr_reset_64(void)
 	int i;
 
 	for (i = 0; i < x86_pmu.lbr_nr; i++) {
-		wrmsrl(x86_pmu.lbr_from + i, 0);
-		wrmsrl(x86_pmu.lbr_to   + i, 0);
+		wrmsrl_safe(x86_pmu.lbr_from + i, 0ULL);
+		wrmsrl_safe(x86_pmu.lbr_to   + i, 0ULL);
 	}
 }
 
 void intel_pmu_lbr_reset(void)
 {
-	if (!x86_pmu.lbr_nr  || !x86_pmu.lbr_msr_access)
+	if (!x86_pmu.lbr_nr)
 		return;
 
 	if (x86_pmu.intel_cap.lbr_format == LBR_FORMAT_32)
@@ -237,19 +237,14 @@ void intel_pmu_lbr_disable_all(void)
 /*
  * TOS = most recently recorded branch
  */
-static inline u64 intel_pmu_lbr_tos(void)
+static inline int intel_pmu_lbr_tos(u64 *tos)
 {
-	u64 tos;
-
-	rdmsrl(x86_pmu.lbr_tos, tos);
-
-	return tos;
+	return rdmsrl_safe(x86_pmu.lbr_tos, tos);
 }
 
-static void intel_pmu_lbr_read_32(struct cpu_hw_events *cpuc)
+static void intel_pmu_lbr_read_32(struct cpu_hw_events *cpuc, u64 tos)
 {
 	unsigned long mask = x86_pmu.lbr_nr - 1;
-	u64 tos = intel_pmu_lbr_tos();
 	int i;
 
 	for (i = 0; i < x86_pmu.lbr_nr; i++) {
@@ -278,11 +273,10 @@ static void intel_pmu_lbr_read_32(struct cpu_hw_events *cpuc)
  * is the same as the linear address, allowing us to merge the LIP and EIP
  * LBR formats.
  */
-static void intel_pmu_lbr_read_64(struct cpu_hw_events *cpuc)
+static void intel_pmu_lbr_read_64(struct cpu_hw_events *cpuc, u64 tos)
 {
 	unsigned long mask = x86_pmu.lbr_nr - 1;
 	int lbr_format = x86_pmu.intel_cap.lbr_format;
-	u64 tos = intel_pmu_lbr_tos();
 	int i;
 	int out = 0;
 
@@ -333,14 +327,24 @@ static void intel_pmu_lbr_read_64(struct cpu_hw_events *cpuc)
 void intel_pmu_lbr_read(void)
 {
 	struct cpu_hw_events *cpuc = &__get_cpu_var(cpu_hw_events);
+	u64 tos;
 
-	if (!cpuc->lbr_users || !x86_pmu.lbr_msr_access)
+	if (!cpuc->lbr_users)
+		return;
+
+	/*
+	 * If KVM doesn't support LBR MSRs or Intel PT is enabled,
+	 * accessing LBR MSRs cause GP#.
+	 * Since Intel PT can be enabled/disabled at runtime,
+	 * checking the LBR MSRs access right here.
+	 */
+	if (intel_pmu_lbr_tos(&tos) < 0)
 		return;
 
 	if (x86_pmu.intel_cap.lbr_format == LBR_FORMAT_32)
-		intel_pmu_lbr_read_32(cpuc);
+		intel_pmu_lbr_read_32(cpuc, tos);
 	else
-		intel_pmu_lbr_read_64(cpuc);
+		intel_pmu_lbr_read_64(cpuc, tos);
 
 	intel_pmu_lbr_filter(cpuc);
 }
-- 
1.8.3.1

[PATCH V2 3/3] kvm: ignore LBR and offcore rsp

[kan.liang]

From: Kan Liang <kan.liang@intel.com>

With -cpu host KVM reports LBR and offcore support, so the perf driver may accesses the LBR and offcore MSRs.
However, there is no LBR and offcore virtualization support yet. This could causes guest to crash.
As a workaround, KVM just simply ignore the LBR and offcore_rsp MSRs to lie the guest.

For reproducing the issue, please build the kernel with CONFIG_KVM_INTEL = y.
And CONFIG_PARAVIRT = n and CONFIG_KVM_GUEST = n.
Start the guest with -cpu host.
Run perf record with --branch-any or --branch-filter in guest to trigger LBR #GP.
Run perf stat offcore events (E.g. LLC-loads/LLC-load-misses ...) in guest to trigger offcore_rsp #GP

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Kan Liang <kan.liang@intel.com>
---
 arch/x86/kvm/pmu.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/arch/x86/kvm/pmu.c b/arch/x86/kvm/pmu.c
index cbecaa9..ad9b4fa 100644
--- a/arch/x86/kvm/pmu.c
+++ b/arch/x86/kvm/pmu.c
@@ -331,6 +331,15 @@ bool kvm_pmu_msr(struct kvm_vcpu *vcpu, u32 msr)
 	case MSR_CORE_PERF_GLOBAL_OVF_CTRL:
 		ret = pmu->version > 1;
 		break;
+	case MSR_OFFCORE_RSP_0:
+	case MSR_OFFCORE_RSP_1:
+	/* At most 8-deep LBR for core and atom */
+	case MSR_LBR_CORE_FROM ... MSR_LBR_CORE_FROM + 7:
+	case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 7:
+	/* 16-deep LBR for core i3/i5/i7 series processors */
+	case MSR_LBR_NHM_FROM ... MSR_LBR_NHM_FROM + 15:
+	case MSR_LBR_NHM_TO ... MSR_LBR_NHM_TO + 15:
+		return 1; /* to avoid crashes */
 	default:
 		ret = get_gp_pmc(pmu, msr, MSR_IA32_PERFCTR0)
 			|| get_gp_pmc(pmu, msr, MSR_P6_EVNTSEL0)
@@ -358,6 +367,16 @@ int kvm_pmu_get_msr(struct kvm_vcpu *vcpu, u32 index, u64 *data)
 	case MSR_CORE_PERF_GLOBAL_OVF_CTRL:
 		*data = pmu->global_ovf_ctrl;
 		return 0;
+	case MSR_OFFCORE_RSP_0:
+	case MSR_OFFCORE_RSP_1:
+	/* At most 8-deep LBR for core and atom */
+	case MSR_LBR_CORE_FROM ... MSR_LBR_CORE_FROM + 7:
+	case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 7:
+	/* 16-deep LBR for core i3/i5/i7 series processors */
+	case MSR_LBR_NHM_FROM ... MSR_LBR_NHM_FROM + 15:
+	case MSR_LBR_NHM_TO ... MSR_LBR_NHM_TO + 15:
+		*data = 0;
+		return 0;
 	default:
 		if ((pmc = get_gp_pmc(pmu, index, MSR_IA32_PERFCTR0)) ||
 				(pmc = get_fixed_pmc(pmu, index))) {
@@ -409,6 +428,16 @@ int kvm_pmu_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
 			return 0;
 		}
 		break;
+	case MSR_OFFCORE_RSP_0:
+	case MSR_OFFCORE_RSP_1:
+	/* At most 8-deep LBR for core and atom */
+	case MSR_LBR_CORE_FROM ... MSR_LBR_CORE_FROM + 7:
+	case MSR_LBR_CORE_TO ... MSR_LBR_CORE_TO + 7:
+	/* 16-deep LBR for core i3/i5/i7 series processors */
+	case MSR_LBR_NHM_FROM ... MSR_LBR_NHM_FROM + 15:
+	case MSR_LBR_NHM_TO ... MSR_LBR_NHM_TO + 15:
+		/* dummy for now */
+		break;
 	default:
 		if ((pmc = get_gp_pmc(pmu, index, MSR_IA32_PERFCTR0)) ||
 				(pmc = get_fixed_pmc(pmu, index))) {
-- 
1.8.3.1

Re: [PATCH V2 1/3] perf ignore LBR and offcore_rsp.

[Andi Kleen]

> Signed-off-by: Andi Kleen <ak@linux.intel.com>

I did not contribute to this patch, so please remove that SOB.

> Signed-off-by: Kan Liang <kan.liang@intel.com>

>  	struct extra_reg *extra_regs;
>  	unsigned int er_flags;
> +	bool		extra_msr_access;	   /* EXTRA REG MSR can be accessed */
>  

This doesn't look right, needs a flag for each extra register.

They are completely unrelated to each other.

BTW this will also cause KVM messages at each boot now.

>  		wrmsrl(hwc->extra_reg.reg, hwc->extra_reg.config);
>  	wrmsrl(hwc->config_base, (hwc->config | enable_mask) & ~disable_mask);
>  }
> diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
> index adb02aa..8011d42 100644
> --- a/arch/x86/kernel/cpu/perf_event_intel.c
> +++ b/arch/x86/kernel/cpu/perf_event_intel.c
> @@ -2565,6 +2565,13 @@ __init int intel_pmu_init(void)
>  		}
>  	}
>  
> +	/* Access LBR MSR may cause #GP under certain circumstances. E.g. KVM doesn't support LBR MSR */
> +	if (x86_pmu.lbr_nr)
> +		x86_pmu.lbr_msr_access = test_msr_access(x86_pmu.lbr_tos) & test_msr_access(x86_pmu.lbr_from);

s/&/&&/

And also this doesn't cover the case when someone takes over the LBRs and they start #GPing later.
So for LBR the test has to be still at each access.

-Andi

Re: [PATCH V2 1/3] perf ignore LBR and offcore_rsp.

[Jidong Xiao]

On Wed, Jul 2, 2014 at 2:14 PM,  <kan.liang@intel.com> wrote:
> From: Kan Liang <kan.liang@intel.com>
>
> x86, perf: Protect LBR and offcore rsp against KVM lying
>
> With -cpu host, KVM reports LBR and offcore support, if the host has support.
> When the guest perf driver tries to access LBR or offcore_rsp MSR,
> it #GPs all MSR accesses,since KVM doesn't handle LBR and offcore support.
> So check the related MSRs access right once at initialization time to avoid the error access at runtime.
>
> For reproducing the issue, please build the kernel with CONFIG_KVM_INTEL = y.
This is for host kernel,
> And CONFIG_PARAVIRT = n and CONFIG_KVM_GUEST = n.
And this is for guest kernel, right?

-Jidong

Re: [PATCH V2 2/3] perf protect LBR when Intel PT is enabled.

[Andi Kleen]

On Wed, Jul 02, 2014 at 11:14:14AM -0700, kan.liang@intel.com wrote:
> From: Kan Liang <kan.liang@intel.com>
> 
> If RTIT_CTL.TraceEn=1, any attempt to read or write the LBR or LER MSRs, including LBR_TOS, will result in a #GP.
> Since Intel PT can be enabled/disabled at runtime, LBR MSRs have to be protected by _safe() at runtime.
> 
> Signed-off-by: Kan Liang <kan.liang@intel.com>

Patch looks good to me.

-Andi

RE: [PATCH V2 1/3] perf ignore LBR and offcore_rsp.

[Liang, Kan]

> > Signed-off-by: Andi Kleen <ak@linux.intel.com>
> 
> I did not contribute to this patch, so please remove that SOB.
> 

OK

> > Signed-off-by: Kan Liang <kan.liang@intel.com>
> 
> >  	struct extra_reg *extra_regs;
> >  	unsigned int er_flags;
> > +	bool		extra_msr_access;	   /* EXTRA REG MSR can be
> accessed */
> >
> 
> This doesn't look right, needs a flag for each extra register.
> 
> They are completely unrelated to each other.

The extra register is either MSR_OFFCORE_RSP_0 or MSR_OFFCORE_RSP_1.
I will add two variables to handle them.

> 
> BTW this will also cause KVM messages at each boot now.
>

Do you mean the "unhandled wrmsr" or " unhandled rdmsr " messages? 
You should not observer  such error message for offcore msrs and LBR from/to msrs.

But I forget to handle LBR TOS in KVM patch. You may observed unhandled rdmsr: 0x1c9 when doing LBR in guest.
I will fix it in next version.
 
> >  		wrmsrl(hwc->extra_reg.reg, hwc->extra_reg.config);
> >  	wrmsrl(hwc->config_base, (hwc->config | enable_mask) &
> > ~disable_mask);  } diff --git a/arch/x86/kernel/cpu/perf_event_intel.c
> > b/arch/x86/kernel/cpu/perf_event_intel.c
> > index adb02aa..8011d42 100644
> > --- a/arch/x86/kernel/cpu/perf_event_intel.c
> > +++ b/arch/x86/kernel/cpu/perf_event_intel.c
> > @@ -2565,6 +2565,13 @@ __init int intel_pmu_init(void)
> >  		}
> >  	}
> >
> > +	/* Access LBR MSR may cause #GP under certain circumstances. E.g.
> KVM doesn't support LBR MSR */
> > +	if (x86_pmu.lbr_nr)
> > +		x86_pmu.lbr_msr_access =
> test_msr_access(x86_pmu.lbr_tos) &
> > +test_msr_access(x86_pmu.lbr_from);
> 
> s/&/&&/
> 
> And also this doesn't cover the case when someone takes over the LBRs and
> they start #GPing later.
> So for LBR the test has to be still at each access.

In the second patch, the LBR test has been moved to runtime check.
This case has been handled.  


Kan

> 
> -Andi

RE: [PATCH V2 1/3] perf ignore LBR and offcore_rsp.

[Liang, Kan]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="utf-8", Size: 916 bytes --]



> 
> On Wed, Jul 2, 2014 at 2:14 PM,  <kan.liang@intel.com> wrote:
> > From: Kan Liang <kan.liang@intel.com>
> >
> > x86, perf: Protect LBR and offcore rsp against KVM lying
> >
> > With -cpu host, KVM reports LBR and offcore support, if the host has
> support.
> > When the guest perf driver tries to access LBR or offcore_rsp MSR, it
> > #GPs all MSR accesses,since KVM doesn't handle LBR and offcore support.
> > So check the related MSRs access right once at initialization time to avoid
> the error access at runtime.
> >
> > For reproducing the issue, please build the kernel with
> CONFIG_KVM_INTEL = y.
> This is for host kernel,
> > And CONFIG_PARAVIRT = n and CONFIG_KVM_GUEST = n.
> And this is for guest kernel, right?
> 

Right.


> -Jidong
ÿôèº{.nÇ+‰·Ÿ®‰­†+%ŠËÿ±éݶ\x17¥Šwÿº{.nÇ+‰·¥Š{±þG«éÿŠ{ayº\x1dʇڙë,j\a­¢f£¢·hšïêÿ‘êçz_è®\x03(­éšŽŠÝ¢j"ú\x1a¶^[m§ÿÿ¾\a«þG«éÿ¢¸?™¨è­Ú&£ø§~á¶iO•æ¬z·švØ^\x14\x04\x1a¶^[m§ÿÿÃ\fÿ¶ìÿ¢¸?–I¥

RE: [PATCH V2 1/3] perf ignore LBR and offcore_rsp.

[Liang, Kan]

> 
> On Wed, Jul 2, 2014 at 2:14 PM,  <kan.liang@intel.com> wrote:
> > From: Kan Liang <kan.liang@intel.com>
> >
> > x86, perf: Protect LBR and offcore rsp against KVM lying
> >
> > With -cpu host, KVM reports LBR and offcore support, if the host has
> support.
> > When the guest perf driver tries to access LBR or offcore_rsp MSR, it
> > #GPs all MSR accesses,since KVM doesn't handle LBR and offcore support.
> > So check the related MSRs access right once at initialization time to avoid
> the error access at runtime.
> >
> > For reproducing the issue, please build the kernel with
> CONFIG_KVM_INTEL = y.
> This is for host kernel,
> > And CONFIG_PARAVIRT = n and CONFIG_KVM_GUEST = n.
> And this is for guest kernel, right?
> 

Right.


> -Jidong

Re: [PATCH V2 2/3] perf protect LBR when Intel PT is enabled.

[Peter Zijlstra]

[-- Attachment #1: Type: text/plain, Size: 561 bytes --]

On Wed, Jul 02, 2014 at 11:14:14AM -0700, kan.liang@intel.com wrote:
> From: Kan Liang <kan.liang@intel.com>
> 
> If RTIT_CTL.TraceEn=1, any attempt to read or write the LBR or LER MSRs, including LBR_TOS, will result in a #GP.
> Since Intel PT can be enabled/disabled at runtime, LBR MSRs have to be protected by _safe() at runtime.

Lines are too long, and the reasoning is totally broken.

If there's active LBR users out there, we should refuse to enable PT and
vice versa. What we should not be doing is using _safe and fault and
generate crap.

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]

Re: [PATCH V2 2/3] perf protect LBR when Intel PT is enabled.

[Andi Kleen]

> If there's active LBR users out there, we should refuse to enable PT and
> vice versa. 

This doesn't work, e.g. hardware debuggers can take over at any time.

-Andi
-- 
ak@linux.intel.com -- Speaking for myself only.

Re: [PATCH V2 2/3] perf protect LBR when Intel PT is enabled.

[Peter Zijlstra]

[-- Attachment #1: Type: text/plain, Size: 315 bytes --]

On Thu, Jul 03, 2014 at 05:52:37PM +0200, Andi Kleen wrote:
> > If there's active LBR users out there, we should refuse to enable PT and
> > vice versa. 
> 
> This doesn't work, e.g. hardware debuggers can take over at any time.

Tough cookies. Hardware debuggers get to deal with whatever crap they
cause.

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]

RE: [PATCH V2 2/3] perf protect LBR when Intel PT is enabled.

[Liang, Kan]

> 
> On Thu, Jul 03, 2014 at 05:52:37PM +0200, Andi Kleen wrote:
> > > If there's active LBR users out there, we should refuse to enable PT
> > > and vice versa.
> >
> > This doesn't work, e.g. hardware debuggers can take over at any time.
> 
> Tough cookies. Hardware debuggers get to deal with whatever crap they
> cause.

If so, I think I may discard this patch (2/3). I will resubmit the other two patches as a patch set to only handle the KVM issue we found.
It checks the access of LBR and extra MSRs at the initialization time and set the flags. So we just need to check the flags at runtime and avoid the protection by _safe(). 

For Intel PT and LBR handling, since the PT codes haven't been integrated yet, I will try to implement another patch later.
The patch will add flags for LBR and PT.
When enabling PT, it checks LBR flag and update the PT flag. When enabling LBR, it checks PT flag and update the LBR flag. When disabling LBR/PT, we just update the related flags. we don't need to add _safe or extra rmsr in fast path. 

How do you think?

Thanks,
Kan

Re: [PATCH V2 2/3] perf protect LBR when Intel PT is enabled.

[Peter Zijlstra]

[-- Attachment #1: Type: text/plain, Size: 1107 bytes --]

On Mon, Jul 07, 2014 at 01:57:16PM +0000, Liang, Kan wrote:
> > > This doesn't work, e.g. hardware debuggers can take over at any time.
> > 
> > Tough cookies. Hardware debuggers get to deal with whatever crap they
> > cause.
> 
> If so, I think I may discard this patch (2/3). I will resubmit the
> other two patches as a patch set to only handle the KVM issue we
> found.  It checks the access of LBR and extra MSRs at the
> initialization time and set the flags. So we just need to check the
> flags at runtime and avoid the protection by _safe(). 

Right.

> For Intel PT and LBR handling, since the PT codes haven't been
> integrated yet, I will try to implement another patch later.  The
> patch will add flags for LBR and PT.  When enabling PT, it checks LBR
> flag and update the PT flag. When enabling LBR, it checks PT flag and
> update the LBR flag. When disabling LBR/PT, we just update the related
> flags. we don't need to add _safe or extra rmsr in fast path. 

Yeah, should be part of the PT patches.

> How do you think?

With my brain, much like all primates :-)

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]

Re: [PATCH V2 2/3] perf protect LBR when Intel PT is enabled.

[Peter Zijlstra]

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

On Mon, Jul 07, 2014 at 05:46:35PM +0200, Peter Zijlstra wrote:
> On Mon, Jul 07, 2014 at 01:57:16PM +0000, Liang, Kan wrote:
> > > > This doesn't work, e.g. hardware debuggers can take over at any time.
> > > 
> > > Tough cookies. Hardware debuggers get to deal with whatever crap they
> > > cause.
> > 
> > If so, I think I may discard this patch (2/3). I will resubmit the
> > other two patches as a patch set to only handle the KVM issue we
> > found.  It checks the access of LBR and extra MSRs at the
> > initialization time and set the flags. So we just need to check the
> > flags at runtime and avoid the protection by _safe(). 
> 
> Right.
> 
> > For Intel PT and LBR handling, since the PT codes haven't been
> > integrated yet, I will try to implement another patch later.  The
> > patch will add flags for LBR and PT.  When enabling PT, it checks LBR
> > flag and update the PT flag. When enabling LBR, it checks PT flag and
> > update the LBR flag. When disabling LBR/PT, we just update the related
> > flags. we don't need to add _safe or extra rmsr in fast path. 
> 
> Yeah, should be part of the PT patches.
> 
> > How do you think?
> 
> With my brain, much like all primates :-)

Also, teach your mailer to wrap text at 78 chars or so.

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]