From: Like Xu <like.xu.linux@gmail.com>
To: Sean Christopherson <seanjc@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Will Deacon <will@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
Stefano Stabellini <sstabellini@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org,
kvmarm@lists.cs.columbia.edu, linux-csky@vger.kernel.org,
linux-riscv@lists.infradead.org, kvm@vger.kernel.org,
xen-devel@lists.xenproject.org,
Artem Kashkanov <artem.kashkanov@intel.com>,
Zhu Lingshan <lingshan.zhu@intel.com>,
Juergen Gross <jgross@suse.com>, Ingo Molnar <mingo@redhat.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Palmer Dabbelt <palmer@dabbelt.com>,
Vincent Chen <deanbo422@gmail.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Greentime Hu <green.hu@gmail.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Marc Zyngier <maz@kernel.org>, Nick Hu <nickhu@andestech.com>,
Guo Ren <guoren@kernel.org>, Mark Rutland <mark.rutland@arm.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>
Subject: Re: [PATCH v3 01/16] perf: Ensure perf_guest_cbs aren't reloaded between !NULL check and deref
Date: Thu, 4 Nov 2021 17:32:21 +0800 [thread overview]
Message-ID: <77e3a76a-016b-8945-a1d5-aae4075e2147@gmail.com> (raw)
In-Reply-To: <20210922000533.713300-2-seanjc@google.com>
On 22/9/2021 8:05 am, Sean Christopherson wrote:
> Protect perf_guest_cbs with READ_ONCE/WRITE_ONCE to ensure it's not
> reloaded between a !NULL check and a dereference, and wait for all
> readers via syncrhonize_rcu() to prevent use-after-free, e.g. if the
> callbacks are being unregistered during module unload. Because the
> callbacks are global, it's possible for readers to run in parallel with
> an unregister operation.
>
> The bug has escaped notice because all dereferences of perf_guest_cbs
> follow the same "perf_guest_cbs && perf_guest_cbs->is_in_guest()" pattern,
> and it's extremely unlikely a compiler will reload perf_guest_cbs in this
> sequence. Compilers do reload perf_guest_cbs for future derefs, e.g. for
> ->is_user_mode(), but the ->is_in_guest() guard all but guarantees the
> PMI handler will win the race, e.g. to nullify perf_guest_cbs, KVM has to
> completely exit the guest and teardown down all VMs before KVM start its
> module unload / unregister sequence.
>
> But with help, unloading kvm_intel can trigger a NULL pointer derference,
> e.g. wrapping perf_guest_cbs with READ_ONCE in perf_misc_flags() while
> spamming kvm_intel module load/unload leads to:
>
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> #PF: supervisor read access in kernel mode
> #PF: error_code(0x0000) - not-present page
> PGD 0 P4D 0
> Oops: 0000 [#1] PREEMPT SMP
> CPU: 6 PID: 1825 Comm: stress Not tainted 5.14.0-rc2+ #459
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
> RIP: 0010:perf_misc_flags+0x1c/0x70
> Call Trace:
> perf_prepare_sample+0x53/0x6b0
> perf_event_output_forward+0x67/0x160
> __perf_event_overflow+0x52/0xf0
> handle_pmi_common+0x207/0x300
> intel_pmu_handle_irq+0xcf/0x410
> perf_event_nmi_handler+0x28/0x50
> nmi_handle+0xc7/0x260
> default_do_nmi+0x6b/0x170
> exc_nmi+0x103/0x130
> asm_exc_nmi+0x76/0xbf
>
> Fixes: 39447b386c84 ("perf: Enhance perf to allow for guest statistic collection from host")
> Cc: stable@vger.kernel.org
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
> arch/arm/kernel/perf_callchain.c | 17 +++++++++++------
> arch/arm64/kernel/perf_callchain.c | 18 ++++++++++++------
> arch/csky/kernel/perf_callchain.c | 6 ++++--
> arch/nds32/kernel/perf_event_cpu.c | 17 +++++++++++------
> arch/riscv/kernel/perf_callchain.c | 7 +++++--
> arch/x86/events/core.c | 17 +++++++++++------
> arch/x86/events/intel/core.c | 9 ++++++---
> include/linux/perf_event.h | 8 ++++++++
> kernel/events/core.c | 11 +++++++++--
> 9 files changed, 77 insertions(+), 33 deletions(-)
>
> diff --git a/arch/arm/kernel/perf_callchain.c b/arch/arm/kernel/perf_callchain.c
> index 3b69a76d341e..1626dfc6f6ce 100644
> --- a/arch/arm/kernel/perf_callchain.c
> +++ b/arch/arm/kernel/perf_callchain.c
> @@ -62,9 +62,10 @@ user_backtrace(struct frame_tail __user *tail,
> void
> perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct frame_tail __user *tail;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -98,9 +99,10 @@ callchain_trace(struct stackframe *fr,
> void
> perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe fr;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -111,18 +113,21 @@ perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *re
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return instruction_pointer(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/arm64/kernel/perf_callchain.c b/arch/arm64/kernel/perf_callchain.c
> index 4a72c2727309..86d9f2013172 100644
> --- a/arch/arm64/kernel/perf_callchain.c
> +++ b/arch/arm64/kernel/perf_callchain.c
> @@ -102,7 +102,9 @@ compat_user_backtrace(struct compat_frame_tail __user *tail,
> void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -147,9 +149,10 @@ static bool callchain_trace(void *data, unsigned long pc)
> void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe frame;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -160,18 +163,21 @@ void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return instruction_pointer(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/csky/kernel/perf_callchain.c b/arch/csky/kernel/perf_callchain.c
> index ab55e98ee8f6..35318a635a5f 100644
> --- a/arch/csky/kernel/perf_callchain.c
> +++ b/arch/csky/kernel/perf_callchain.c
> @@ -86,10 +86,11 @@ static unsigned long user_backtrace(struct perf_callchain_entry_ctx *entry,
> void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> unsigned long fp = 0;
>
> /* C-SKY does not support virtualization. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> + if (guest_cbs && guest_cbs->is_in_guest())
> return;
>
> fp = regs->regs[4];
> @@ -110,10 +111,11 @@ void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe fr;
>
> /* C-SKY does not support virtualization. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> pr_warn("C-SKY does not support perf in guest mode!");
> return;
> }
> diff --git a/arch/nds32/kernel/perf_event_cpu.c b/arch/nds32/kernel/perf_event_cpu.c
> index 0ce6f9f307e6..f38791960781 100644
> --- a/arch/nds32/kernel/perf_event_cpu.c
> +++ b/arch/nds32/kernel/perf_event_cpu.c
> @@ -1363,6 +1363,7 @@ void
> perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> unsigned long fp = 0;
> unsigned long gp = 0;
> unsigned long lp = 0;
> @@ -1371,7 +1372,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry,
>
> leaf_fp = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -1479,9 +1480,10 @@ void
> perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe fr;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -1493,20 +1495,23 @@ perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> /* However, NDS32 does not support virtualization */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return instruction_pointer(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> /* However, NDS32 does not support virtualization */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/riscv/kernel/perf_callchain.c b/arch/riscv/kernel/perf_callchain.c
> index 0bb1854dce83..8ecfc4c128bc 100644
> --- a/arch/riscv/kernel/perf_callchain.c
> +++ b/arch/riscv/kernel/perf_callchain.c
> @@ -56,10 +56,11 @@ static unsigned long user_backtrace(struct perf_callchain_entry_ctx *entry,
> void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> unsigned long fp = 0;
>
> /* RISC-V does not support perf in guest mode. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> + if (guest_cbs && guest_cbs->is_in_guest())
> return;
>
> fp = regs->s0;
> @@ -78,8 +79,10 @@ static bool fill_callchain(void *entry, unsigned long pc)
> void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> /* RISC-V does not support perf in guest mode. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> pr_warn("RISC-V does not support perf in guest mode!");
> return;
> }
> diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
> index 1eb45139fcc6..ffb3e6c0d367 100644
> --- a/arch/x86/events/core.c
> +++ b/arch/x86/events/core.c
> @@ -2761,10 +2761,11 @@ static bool perf_hw_regs(struct pt_regs *regs)
> void
> perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct unwind_state state;
> unsigned long addr;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* TODO: We don't support guest os callchain now */
> return;
> }
> @@ -2864,10 +2865,11 @@ perf_callchain_user32(struct pt_regs *regs, struct perf_callchain_entry_ctx *ent
> void
> perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stack_frame frame;
> const struct stack_frame __user *fp;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* TODO: We don't support guest os callchain now */
> return;
> }
> @@ -2944,18 +2946,21 @@ static unsigned long code_segment_base(struct pt_regs *regs)
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return regs->ip + code_segment_base(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
> index fca7a6e2242f..9baa46185d94 100644
> --- a/arch/x86/events/intel/core.c
> +++ b/arch/x86/events/intel/core.c
> @@ -2786,6 +2786,7 @@ static int handle_pmi_common(struct pt_regs *regs, u64 status)
> {
> struct perf_sample_data data;
> struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
> + struct perf_guest_info_callbacks *guest_cbs;
> int bit;
> int handled = 0;
> u64 intel_ctrl = hybrid(cpuc->pmu, intel_ctrl);
> @@ -2852,9 +2853,11 @@ static int handle_pmi_common(struct pt_regs *regs, u64 status)
> */
> if (__test_and_clear_bit(GLOBAL_STATUS_TRACE_TOPAPMI_BIT, (unsigned long *)&status)) {
> handled++;
> - if (unlikely(perf_guest_cbs && perf_guest_cbs->is_in_guest() &&
> - perf_guest_cbs->handle_intel_pt_intr))
> - perf_guest_cbs->handle_intel_pt_intr();
> +
> + guest_cbs = perf_get_guest_cbs();
> + if (unlikely(guest_cbs && guest_cbs->is_in_guest() &&
> + guest_cbs->handle_intel_pt_intr))
> + guest_cbs->handle_intel_pt_intr();
> else
> intel_pt_interrupt();
> }
> diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
> index 2d510ad750ed..6b0405e578c1 100644
> --- a/include/linux/perf_event.h
> +++ b/include/linux/perf_event.h
> @@ -1237,6 +1237,14 @@ extern void perf_event_bpf_event(struct bpf_prog *prog,
> u16 flags);
>
> extern struct perf_guest_info_callbacks *perf_guest_cbs;
> +static inline struct perf_guest_info_callbacks *perf_get_guest_cbs(void)
> +{
> + /* Reg/unreg perf_guest_cbs waits for readers via synchronize_rcu(). */
> + lockdep_assert_preemption_disabled();
> +
> + /* Prevent reloading between a !NULL check and dereferences. */
> + return READ_ONCE(perf_guest_cbs);
> +}
> extern int perf_register_guest_info_callbacks(struct perf_guest_info_callbacks *callbacks);
> extern int perf_unregister_guest_info_callbacks(struct perf_guest_info_callbacks *callbacks);
>
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index 464917096e73..80ff050a7b55 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -6491,14 +6491,21 @@ struct perf_guest_info_callbacks *perf_guest_cbs;
>
> int perf_register_guest_info_callbacks(struct perf_guest_info_callbacks *cbs)
> {
> - perf_guest_cbs = cbs;
> + if (WARN_ON_ONCE(perf_guest_cbs))
> + return -EBUSY;
> +
> + WRITE_ONCE(perf_guest_cbs, cbs);
So per Paolo's comment [1], does it help to use
smp_store_release(perf_guest_cbs, cbs)
or
rcu_assign_pointer(perf_guest_cbs, cbs)
here?
[1] https://lore.kernel.org/kvm/37afc465-c12f-01b9-f3b6-c2573e112d76@redhat.com/
> return 0;
> }
> EXPORT_SYMBOL_GPL(perf_register_guest_info_callbacks);
>
> int perf_unregister_guest_info_callbacks(struct perf_guest_info_callbacks *cbs)
> {
> - perf_guest_cbs = NULL;
> + if (WARN_ON_ONCE(perf_guest_cbs != cbs))
> + return -EINVAL;
> +
> + WRITE_ONCE(perf_guest_cbs, NULL);
> + synchronize_rcu();
> return 0;
> }
> EXPORT_SYMBOL_GPL(perf_unregister_guest_info_callbacks);
>
WARNING: multiple messages have this Message-ID (diff)
From: Like Xu <like.xu.linux@gmail.com>
To: Sean Christopherson <seanjc@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Will Deacon <will@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
Stefano Stabellini <sstabellini@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org,
kvmarm@lists.cs.columbia.edu, linux-csky@vger.kernel.org,
linux-riscv@lists.infradead.org, kvm@vger.kernel.org,
xen-devel@lists.xenproject.org,
Artem Kashkanov <artem.kashkanov@intel.com>,
Zhu Lingshan <lingshan.zhu@intel.com>,
Juergen Gross <jgross@suse.com>, Ingo Molnar <mingo@redhat.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Palmer Dabbelt <palmer@dabbelt.com>,
Vincent Chen <deanbo422@gmail.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Greentime Hu <green.hu@gmail.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Marc Zyngier <maz@kernel.org>, Nick Hu <nickhu@andestech.com>,
Guo Ren <guoren@kernel.org>, Mark Rutland <mark.rutland@arm.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>
Subject: Re: [PATCH v3 01/16] perf: Ensure perf_guest_cbs aren't reloaded between !NULL check and deref
Date: Thu, 4 Nov 2021 17:32:21 +0800 [thread overview]
Message-ID: <77e3a76a-016b-8945-a1d5-aae4075e2147@gmail.com> (raw)
In-Reply-To: <20210922000533.713300-2-seanjc@google.com>
On 22/9/2021 8:05 am, Sean Christopherson wrote:
> Protect perf_guest_cbs with READ_ONCE/WRITE_ONCE to ensure it's not
> reloaded between a !NULL check and a dereference, and wait for all
> readers via syncrhonize_rcu() to prevent use-after-free, e.g. if the
> callbacks are being unregistered during module unload. Because the
> callbacks are global, it's possible for readers to run in parallel with
> an unregister operation.
>
> The bug has escaped notice because all dereferences of perf_guest_cbs
> follow the same "perf_guest_cbs && perf_guest_cbs->is_in_guest()" pattern,
> and it's extremely unlikely a compiler will reload perf_guest_cbs in this
> sequence. Compilers do reload perf_guest_cbs for future derefs, e.g. for
> ->is_user_mode(), but the ->is_in_guest() guard all but guarantees the
> PMI handler will win the race, e.g. to nullify perf_guest_cbs, KVM has to
> completely exit the guest and teardown down all VMs before KVM start its
> module unload / unregister sequence.
>
> But with help, unloading kvm_intel can trigger a NULL pointer derference,
> e.g. wrapping perf_guest_cbs with READ_ONCE in perf_misc_flags() while
> spamming kvm_intel module load/unload leads to:
>
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> #PF: supervisor read access in kernel mode
> #PF: error_code(0x0000) - not-present page
> PGD 0 P4D 0
> Oops: 0000 [#1] PREEMPT SMP
> CPU: 6 PID: 1825 Comm: stress Not tainted 5.14.0-rc2+ #459
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
> RIP: 0010:perf_misc_flags+0x1c/0x70
> Call Trace:
> perf_prepare_sample+0x53/0x6b0
> perf_event_output_forward+0x67/0x160
> __perf_event_overflow+0x52/0xf0
> handle_pmi_common+0x207/0x300
> intel_pmu_handle_irq+0xcf/0x410
> perf_event_nmi_handler+0x28/0x50
> nmi_handle+0xc7/0x260
> default_do_nmi+0x6b/0x170
> exc_nmi+0x103/0x130
> asm_exc_nmi+0x76/0xbf
>
> Fixes: 39447b386c84 ("perf: Enhance perf to allow for guest statistic collection from host")
> Cc: stable@vger.kernel.org
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
> arch/arm/kernel/perf_callchain.c | 17 +++++++++++------
> arch/arm64/kernel/perf_callchain.c | 18 ++++++++++++------
> arch/csky/kernel/perf_callchain.c | 6 ++++--
> arch/nds32/kernel/perf_event_cpu.c | 17 +++++++++++------
> arch/riscv/kernel/perf_callchain.c | 7 +++++--
> arch/x86/events/core.c | 17 +++++++++++------
> arch/x86/events/intel/core.c | 9 ++++++---
> include/linux/perf_event.h | 8 ++++++++
> kernel/events/core.c | 11 +++++++++--
> 9 files changed, 77 insertions(+), 33 deletions(-)
>
> diff --git a/arch/arm/kernel/perf_callchain.c b/arch/arm/kernel/perf_callchain.c
> index 3b69a76d341e..1626dfc6f6ce 100644
> --- a/arch/arm/kernel/perf_callchain.c
> +++ b/arch/arm/kernel/perf_callchain.c
> @@ -62,9 +62,10 @@ user_backtrace(struct frame_tail __user *tail,
> void
> perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct frame_tail __user *tail;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -98,9 +99,10 @@ callchain_trace(struct stackframe *fr,
> void
> perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe fr;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -111,18 +113,21 @@ perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *re
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return instruction_pointer(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/arm64/kernel/perf_callchain.c b/arch/arm64/kernel/perf_callchain.c
> index 4a72c2727309..86d9f2013172 100644
> --- a/arch/arm64/kernel/perf_callchain.c
> +++ b/arch/arm64/kernel/perf_callchain.c
> @@ -102,7 +102,9 @@ compat_user_backtrace(struct compat_frame_tail __user *tail,
> void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -147,9 +149,10 @@ static bool callchain_trace(void *data, unsigned long pc)
> void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe frame;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -160,18 +163,21 @@ void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return instruction_pointer(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/csky/kernel/perf_callchain.c b/arch/csky/kernel/perf_callchain.c
> index ab55e98ee8f6..35318a635a5f 100644
> --- a/arch/csky/kernel/perf_callchain.c
> +++ b/arch/csky/kernel/perf_callchain.c
> @@ -86,10 +86,11 @@ static unsigned long user_backtrace(struct perf_callchain_entry_ctx *entry,
> void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> unsigned long fp = 0;
>
> /* C-SKY does not support virtualization. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> + if (guest_cbs && guest_cbs->is_in_guest())
> return;
>
> fp = regs->regs[4];
> @@ -110,10 +111,11 @@ void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe fr;
>
> /* C-SKY does not support virtualization. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> pr_warn("C-SKY does not support perf in guest mode!");
> return;
> }
> diff --git a/arch/nds32/kernel/perf_event_cpu.c b/arch/nds32/kernel/perf_event_cpu.c
> index 0ce6f9f307e6..f38791960781 100644
> --- a/arch/nds32/kernel/perf_event_cpu.c
> +++ b/arch/nds32/kernel/perf_event_cpu.c
> @@ -1363,6 +1363,7 @@ void
> perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> unsigned long fp = 0;
> unsigned long gp = 0;
> unsigned long lp = 0;
> @@ -1371,7 +1372,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry,
>
> leaf_fp = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -1479,9 +1480,10 @@ void
> perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe fr;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -1493,20 +1495,23 @@ perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> /* However, NDS32 does not support virtualization */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return instruction_pointer(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> /* However, NDS32 does not support virtualization */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/riscv/kernel/perf_callchain.c b/arch/riscv/kernel/perf_callchain.c
> index 0bb1854dce83..8ecfc4c128bc 100644
> --- a/arch/riscv/kernel/perf_callchain.c
> +++ b/arch/riscv/kernel/perf_callchain.c
> @@ -56,10 +56,11 @@ static unsigned long user_backtrace(struct perf_callchain_entry_ctx *entry,
> void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> unsigned long fp = 0;
>
> /* RISC-V does not support perf in guest mode. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> + if (guest_cbs && guest_cbs->is_in_guest())
> return;
>
> fp = regs->s0;
> @@ -78,8 +79,10 @@ static bool fill_callchain(void *entry, unsigned long pc)
> void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> /* RISC-V does not support perf in guest mode. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> pr_warn("RISC-V does not support perf in guest mode!");
> return;
> }
> diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
> index 1eb45139fcc6..ffb3e6c0d367 100644
> --- a/arch/x86/events/core.c
> +++ b/arch/x86/events/core.c
> @@ -2761,10 +2761,11 @@ static bool perf_hw_regs(struct pt_regs *regs)
> void
> perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct unwind_state state;
> unsigned long addr;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* TODO: We don't support guest os callchain now */
> return;
> }
> @@ -2864,10 +2865,11 @@ perf_callchain_user32(struct pt_regs *regs, struct perf_callchain_entry_ctx *ent
> void
> perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stack_frame frame;
> const struct stack_frame __user *fp;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* TODO: We don't support guest os callchain now */
> return;
> }
> @@ -2944,18 +2946,21 @@ static unsigned long code_segment_base(struct pt_regs *regs)
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return regs->ip + code_segment_base(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
> index fca7a6e2242f..9baa46185d94 100644
> --- a/arch/x86/events/intel/core.c
> +++ b/arch/x86/events/intel/core.c
> @@ -2786,6 +2786,7 @@ static int handle_pmi_common(struct pt_regs *regs, u64 status)
> {
> struct perf_sample_data data;
> struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
> + struct perf_guest_info_callbacks *guest_cbs;
> int bit;
> int handled = 0;
> u64 intel_ctrl = hybrid(cpuc->pmu, intel_ctrl);
> @@ -2852,9 +2853,11 @@ static int handle_pmi_common(struct pt_regs *regs, u64 status)
> */
> if (__test_and_clear_bit(GLOBAL_STATUS_TRACE_TOPAPMI_BIT, (unsigned long *)&status)) {
> handled++;
> - if (unlikely(perf_guest_cbs && perf_guest_cbs->is_in_guest() &&
> - perf_guest_cbs->handle_intel_pt_intr))
> - perf_guest_cbs->handle_intel_pt_intr();
> +
> + guest_cbs = perf_get_guest_cbs();
> + if (unlikely(guest_cbs && guest_cbs->is_in_guest() &&
> + guest_cbs->handle_intel_pt_intr))
> + guest_cbs->handle_intel_pt_intr();
> else
> intel_pt_interrupt();
> }
> diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
> index 2d510ad750ed..6b0405e578c1 100644
> --- a/include/linux/perf_event.h
> +++ b/include/linux/perf_event.h
> @@ -1237,6 +1237,14 @@ extern void perf_event_bpf_event(struct bpf_prog *prog,
> u16 flags);
>
> extern struct perf_guest_info_callbacks *perf_guest_cbs;
> +static inline struct perf_guest_info_callbacks *perf_get_guest_cbs(void)
> +{
> + /* Reg/unreg perf_guest_cbs waits for readers via synchronize_rcu(). */
> + lockdep_assert_preemption_disabled();
> +
> + /* Prevent reloading between a !NULL check and dereferences. */
> + return READ_ONCE(perf_guest_cbs);
> +}
> extern int perf_register_guest_info_callbacks(struct perf_guest_info_callbacks *callbacks);
> extern int perf_unregister_guest_info_callbacks(struct perf_guest_info_callbacks *callbacks);
>
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index 464917096e73..80ff050a7b55 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -6491,14 +6491,21 @@ struct perf_guest_info_callbacks *perf_guest_cbs;
>
> int perf_register_guest_info_callbacks(struct perf_guest_info_callbacks *cbs)
> {
> - perf_guest_cbs = cbs;
> + if (WARN_ON_ONCE(perf_guest_cbs))
> + return -EBUSY;
> +
> + WRITE_ONCE(perf_guest_cbs, cbs);
So per Paolo's comment [1], does it help to use
smp_store_release(perf_guest_cbs, cbs)
or
rcu_assign_pointer(perf_guest_cbs, cbs)
here?
[1] https://lore.kernel.org/kvm/37afc465-c12f-01b9-f3b6-c2573e112d76@redhat.com/
> return 0;
> }
> EXPORT_SYMBOL_GPL(perf_register_guest_info_callbacks);
>
> int perf_unregister_guest_info_callbacks(struct perf_guest_info_callbacks *cbs)
> {
> - perf_guest_cbs = NULL;
> + if (WARN_ON_ONCE(perf_guest_cbs != cbs))
> + return -EINVAL;
> +
> + WRITE_ONCE(perf_guest_cbs, NULL);
> + synchronize_rcu();
> return 0;
> }
> EXPORT_SYMBOL_GPL(perf_unregister_guest_info_callbacks);
>
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
WARNING: multiple messages have this Message-ID (diff)
From: Like Xu <like.xu.linux@gmail.com>
To: Sean Christopherson <seanjc@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Will Deacon <will@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@redhat.com>, Namhyung Kim <namhyung@kernel.org>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
Stefano Stabellini <sstabellini@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org,
kvmarm@lists.cs.columbia.edu, linux-csky@vger.kernel.org,
linux-riscv@lists.infradead.org, kvm@vger.kernel.org,
xen-devel@lists.xenproject.org,
Artem Kashkanov <artem.kashkanov@intel.com>,
Zhu Lingshan <lingshan.zhu@intel.com>,
Juergen Gross <jgross@suse.com>, Ingo Molnar <mingo@redhat.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Palmer Dabbelt <palmer@dabbelt.com>,
Vincent Chen <deanbo422@gmail.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Greentime Hu <green.hu@gmail.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Marc Zyngier <maz@kernel.org>, Nick Hu <nickhu@andestech.com>,
Guo Ren <guoren@kernel.org>, Mark Rutland <mark.rutland@arm.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>
Subject: Re: [PATCH v3 01/16] perf: Ensure perf_guest_cbs aren't reloaded between !NULL check and deref
Date: Thu, 4 Nov 2021 17:32:21 +0800 [thread overview]
Message-ID: <77e3a76a-016b-8945-a1d5-aae4075e2147@gmail.com> (raw)
In-Reply-To: <20210922000533.713300-2-seanjc@google.com>
On 22/9/2021 8:05 am, Sean Christopherson wrote:
> Protect perf_guest_cbs with READ_ONCE/WRITE_ONCE to ensure it's not
> reloaded between a !NULL check and a dereference, and wait for all
> readers via syncrhonize_rcu() to prevent use-after-free, e.g. if the
> callbacks are being unregistered during module unload. Because the
> callbacks are global, it's possible for readers to run in parallel with
> an unregister operation.
>
> The bug has escaped notice because all dereferences of perf_guest_cbs
> follow the same "perf_guest_cbs && perf_guest_cbs->is_in_guest()" pattern,
> and it's extremely unlikely a compiler will reload perf_guest_cbs in this
> sequence. Compilers do reload perf_guest_cbs for future derefs, e.g. for
> ->is_user_mode(), but the ->is_in_guest() guard all but guarantees the
> PMI handler will win the race, e.g. to nullify perf_guest_cbs, KVM has to
> completely exit the guest and teardown down all VMs before KVM start its
> module unload / unregister sequence.
>
> But with help, unloading kvm_intel can trigger a NULL pointer derference,
> e.g. wrapping perf_guest_cbs with READ_ONCE in perf_misc_flags() while
> spamming kvm_intel module load/unload leads to:
>
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> #PF: supervisor read access in kernel mode
> #PF: error_code(0x0000) - not-present page
> PGD 0 P4D 0
> Oops: 0000 [#1] PREEMPT SMP
> CPU: 6 PID: 1825 Comm: stress Not tainted 5.14.0-rc2+ #459
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
> RIP: 0010:perf_misc_flags+0x1c/0x70
> Call Trace:
> perf_prepare_sample+0x53/0x6b0
> perf_event_output_forward+0x67/0x160
> __perf_event_overflow+0x52/0xf0
> handle_pmi_common+0x207/0x300
> intel_pmu_handle_irq+0xcf/0x410
> perf_event_nmi_handler+0x28/0x50
> nmi_handle+0xc7/0x260
> default_do_nmi+0x6b/0x170
> exc_nmi+0x103/0x130
> asm_exc_nmi+0x76/0xbf
>
> Fixes: 39447b386c84 ("perf: Enhance perf to allow for guest statistic collection from host")
> Cc: stable@vger.kernel.org
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
> arch/arm/kernel/perf_callchain.c | 17 +++++++++++------
> arch/arm64/kernel/perf_callchain.c | 18 ++++++++++++------
> arch/csky/kernel/perf_callchain.c | 6 ++++--
> arch/nds32/kernel/perf_event_cpu.c | 17 +++++++++++------
> arch/riscv/kernel/perf_callchain.c | 7 +++++--
> arch/x86/events/core.c | 17 +++++++++++------
> arch/x86/events/intel/core.c | 9 ++++++---
> include/linux/perf_event.h | 8 ++++++++
> kernel/events/core.c | 11 +++++++++--
> 9 files changed, 77 insertions(+), 33 deletions(-)
>
> diff --git a/arch/arm/kernel/perf_callchain.c b/arch/arm/kernel/perf_callchain.c
> index 3b69a76d341e..1626dfc6f6ce 100644
> --- a/arch/arm/kernel/perf_callchain.c
> +++ b/arch/arm/kernel/perf_callchain.c
> @@ -62,9 +62,10 @@ user_backtrace(struct frame_tail __user *tail,
> void
> perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct frame_tail __user *tail;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -98,9 +99,10 @@ callchain_trace(struct stackframe *fr,
> void
> perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe fr;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -111,18 +113,21 @@ perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *re
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return instruction_pointer(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/arm64/kernel/perf_callchain.c b/arch/arm64/kernel/perf_callchain.c
> index 4a72c2727309..86d9f2013172 100644
> --- a/arch/arm64/kernel/perf_callchain.c
> +++ b/arch/arm64/kernel/perf_callchain.c
> @@ -102,7 +102,9 @@ compat_user_backtrace(struct compat_frame_tail __user *tail,
> void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -147,9 +149,10 @@ static bool callchain_trace(void *data, unsigned long pc)
> void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe frame;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -160,18 +163,21 @@ void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return instruction_pointer(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/csky/kernel/perf_callchain.c b/arch/csky/kernel/perf_callchain.c
> index ab55e98ee8f6..35318a635a5f 100644
> --- a/arch/csky/kernel/perf_callchain.c
> +++ b/arch/csky/kernel/perf_callchain.c
> @@ -86,10 +86,11 @@ static unsigned long user_backtrace(struct perf_callchain_entry_ctx *entry,
> void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> unsigned long fp = 0;
>
> /* C-SKY does not support virtualization. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> + if (guest_cbs && guest_cbs->is_in_guest())
> return;
>
> fp = regs->regs[4];
> @@ -110,10 +111,11 @@ void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe fr;
>
> /* C-SKY does not support virtualization. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> pr_warn("C-SKY does not support perf in guest mode!");
> return;
> }
> diff --git a/arch/nds32/kernel/perf_event_cpu.c b/arch/nds32/kernel/perf_event_cpu.c
> index 0ce6f9f307e6..f38791960781 100644
> --- a/arch/nds32/kernel/perf_event_cpu.c
> +++ b/arch/nds32/kernel/perf_event_cpu.c
> @@ -1363,6 +1363,7 @@ void
> perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> unsigned long fp = 0;
> unsigned long gp = 0;
> unsigned long lp = 0;
> @@ -1371,7 +1372,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry,
>
> leaf_fp = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -1479,9 +1480,10 @@ void
> perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe fr;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -1493,20 +1495,23 @@ perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> /* However, NDS32 does not support virtualization */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return instruction_pointer(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> /* However, NDS32 does not support virtualization */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/riscv/kernel/perf_callchain.c b/arch/riscv/kernel/perf_callchain.c
> index 0bb1854dce83..8ecfc4c128bc 100644
> --- a/arch/riscv/kernel/perf_callchain.c
> +++ b/arch/riscv/kernel/perf_callchain.c
> @@ -56,10 +56,11 @@ static unsigned long user_backtrace(struct perf_callchain_entry_ctx *entry,
> void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> unsigned long fp = 0;
>
> /* RISC-V does not support perf in guest mode. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> + if (guest_cbs && guest_cbs->is_in_guest())
> return;
>
> fp = regs->s0;
> @@ -78,8 +79,10 @@ static bool fill_callchain(void *entry, unsigned long pc)
> void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> /* RISC-V does not support perf in guest mode. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> pr_warn("RISC-V does not support perf in guest mode!");
> return;
> }
> diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
> index 1eb45139fcc6..ffb3e6c0d367 100644
> --- a/arch/x86/events/core.c
> +++ b/arch/x86/events/core.c
> @@ -2761,10 +2761,11 @@ static bool perf_hw_regs(struct pt_regs *regs)
> void
> perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct unwind_state state;
> unsigned long addr;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* TODO: We don't support guest os callchain now */
> return;
> }
> @@ -2864,10 +2865,11 @@ perf_callchain_user32(struct pt_regs *regs, struct perf_callchain_entry_ctx *ent
> void
> perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stack_frame frame;
> const struct stack_frame __user *fp;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* TODO: We don't support guest os callchain now */
> return;
> }
> @@ -2944,18 +2946,21 @@ static unsigned long code_segment_base(struct pt_regs *regs)
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return regs->ip + code_segment_base(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
> index fca7a6e2242f..9baa46185d94 100644
> --- a/arch/x86/events/intel/core.c
> +++ b/arch/x86/events/intel/core.c
> @@ -2786,6 +2786,7 @@ static int handle_pmi_common(struct pt_regs *regs, u64 status)
> {
> struct perf_sample_data data;
> struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
> + struct perf_guest_info_callbacks *guest_cbs;
> int bit;
> int handled = 0;
> u64 intel_ctrl = hybrid(cpuc->pmu, intel_ctrl);
> @@ -2852,9 +2853,11 @@ static int handle_pmi_common(struct pt_regs *regs, u64 status)
> */
> if (__test_and_clear_bit(GLOBAL_STATUS_TRACE_TOPAPMI_BIT, (unsigned long *)&status)) {
> handled++;
> - if (unlikely(perf_guest_cbs && perf_guest_cbs->is_in_guest() &&
> - perf_guest_cbs->handle_intel_pt_intr))
> - perf_guest_cbs->handle_intel_pt_intr();
> +
> + guest_cbs = perf_get_guest_cbs();
> + if (unlikely(guest_cbs && guest_cbs->is_in_guest() &&
> + guest_cbs->handle_intel_pt_intr))
> + guest_cbs->handle_intel_pt_intr();
> else
> intel_pt_interrupt();
> }
> diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
> index 2d510ad750ed..6b0405e578c1 100644
> --- a/include/linux/perf_event.h
> +++ b/include/linux/perf_event.h
> @@ -1237,6 +1237,14 @@ extern void perf_event_bpf_event(struct bpf_prog *prog,
> u16 flags);
>
> extern struct perf_guest_info_callbacks *perf_guest_cbs;
> +static inline struct perf_guest_info_callbacks *perf_get_guest_cbs(void)
> +{
> + /* Reg/unreg perf_guest_cbs waits for readers via synchronize_rcu(). */
> + lockdep_assert_preemption_disabled();
> +
> + /* Prevent reloading between a !NULL check and dereferences. */
> + return READ_ONCE(perf_guest_cbs);
> +}
> extern int perf_register_guest_info_callbacks(struct perf_guest_info_callbacks *callbacks);
> extern int perf_unregister_guest_info_callbacks(struct perf_guest_info_callbacks *callbacks);
>
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index 464917096e73..80ff050a7b55 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -6491,14 +6491,21 @@ struct perf_guest_info_callbacks *perf_guest_cbs;
>
> int perf_register_guest_info_callbacks(struct perf_guest_info_callbacks *cbs)
> {
> - perf_guest_cbs = cbs;
> + if (WARN_ON_ONCE(perf_guest_cbs))
> + return -EBUSY;
> +
> + WRITE_ONCE(perf_guest_cbs, cbs);
So per Paolo's comment [1], does it help to use
smp_store_release(perf_guest_cbs, cbs)
or
rcu_assign_pointer(perf_guest_cbs, cbs)
here?
[1] https://lore.kernel.org/kvm/37afc465-c12f-01b9-f3b6-c2573e112d76@redhat.com/
> return 0;
> }
> EXPORT_SYMBOL_GPL(perf_register_guest_info_callbacks);
>
> int perf_unregister_guest_info_callbacks(struct perf_guest_info_callbacks *cbs)
> {
> - perf_guest_cbs = NULL;
> + if (WARN_ON_ONCE(perf_guest_cbs != cbs))
> + return -EINVAL;
> +
> + WRITE_ONCE(perf_guest_cbs, NULL);
> + synchronize_rcu();
> return 0;
> }
> EXPORT_SYMBOL_GPL(perf_unregister_guest_info_callbacks);
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Like Xu <like.xu.linux@gmail.com>
To: Sean Christopherson <seanjc@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Will Deacon <will@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: Wanpeng Li <wanpengli@tencent.com>,
kvm@vger.kernel.org,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Guo Ren <guoren@kernel.org>,
linux-riscv@lists.infradead.org,
Vincent Chen <deanbo422@gmail.com>, Jiri Olsa <jolsa@redhat.com>,
kvmarm@lists.cs.columbia.edu,
Stefano Stabellini <sstabellini@kernel.org>,
Marc Zyngier <maz@kernel.org>, Joerg Roedel <joro@8bytes.org>,
linux-csky@vger.kernel.org, Ingo Molnar <mingo@redhat.com>,
xen-devel@lists.xenproject.org, Albert Ou <aou@eecs.berkeley.edu>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Greentime Hu <green.hu@gmail.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Namhyung Kim <namhyung@kernel.org>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Artem Kashkanov <artem.kashkanov@intel.com>,
linux-arm-kernel@lists.infradead.org,
Jim Mattson <jmattson@google.com>,
Juergen Gross <jgross@suse.com>, Nick Hu <nickhu@andestech.com>,
linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
Palmer Dabbelt <palmer@dabbelt.com>,
Zhu Lingshan <lingshan.zhu@intel.com>
Subject: Re: [PATCH v3 01/16] perf: Ensure perf_guest_cbs aren't reloaded between !NULL check and deref
Date: Thu, 4 Nov 2021 17:32:21 +0800 [thread overview]
Message-ID: <77e3a76a-016b-8945-a1d5-aae4075e2147@gmail.com> (raw)
In-Reply-To: <20210922000533.713300-2-seanjc@google.com>
On 22/9/2021 8:05 am, Sean Christopherson wrote:
> Protect perf_guest_cbs with READ_ONCE/WRITE_ONCE to ensure it's not
> reloaded between a !NULL check and a dereference, and wait for all
> readers via syncrhonize_rcu() to prevent use-after-free, e.g. if the
> callbacks are being unregistered during module unload. Because the
> callbacks are global, it's possible for readers to run in parallel with
> an unregister operation.
>
> The bug has escaped notice because all dereferences of perf_guest_cbs
> follow the same "perf_guest_cbs && perf_guest_cbs->is_in_guest()" pattern,
> and it's extremely unlikely a compiler will reload perf_guest_cbs in this
> sequence. Compilers do reload perf_guest_cbs for future derefs, e.g. for
> ->is_user_mode(), but the ->is_in_guest() guard all but guarantees the
> PMI handler will win the race, e.g. to nullify perf_guest_cbs, KVM has to
> completely exit the guest and teardown down all VMs before KVM start its
> module unload / unregister sequence.
>
> But with help, unloading kvm_intel can trigger a NULL pointer derference,
> e.g. wrapping perf_guest_cbs with READ_ONCE in perf_misc_flags() while
> spamming kvm_intel module load/unload leads to:
>
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> #PF: supervisor read access in kernel mode
> #PF: error_code(0x0000) - not-present page
> PGD 0 P4D 0
> Oops: 0000 [#1] PREEMPT SMP
> CPU: 6 PID: 1825 Comm: stress Not tainted 5.14.0-rc2+ #459
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
> RIP: 0010:perf_misc_flags+0x1c/0x70
> Call Trace:
> perf_prepare_sample+0x53/0x6b0
> perf_event_output_forward+0x67/0x160
> __perf_event_overflow+0x52/0xf0
> handle_pmi_common+0x207/0x300
> intel_pmu_handle_irq+0xcf/0x410
> perf_event_nmi_handler+0x28/0x50
> nmi_handle+0xc7/0x260
> default_do_nmi+0x6b/0x170
> exc_nmi+0x103/0x130
> asm_exc_nmi+0x76/0xbf
>
> Fixes: 39447b386c84 ("perf: Enhance perf to allow for guest statistic collection from host")
> Cc: stable@vger.kernel.org
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
> arch/arm/kernel/perf_callchain.c | 17 +++++++++++------
> arch/arm64/kernel/perf_callchain.c | 18 ++++++++++++------
> arch/csky/kernel/perf_callchain.c | 6 ++++--
> arch/nds32/kernel/perf_event_cpu.c | 17 +++++++++++------
> arch/riscv/kernel/perf_callchain.c | 7 +++++--
> arch/x86/events/core.c | 17 +++++++++++------
> arch/x86/events/intel/core.c | 9 ++++++---
> include/linux/perf_event.h | 8 ++++++++
> kernel/events/core.c | 11 +++++++++--
> 9 files changed, 77 insertions(+), 33 deletions(-)
>
> diff --git a/arch/arm/kernel/perf_callchain.c b/arch/arm/kernel/perf_callchain.c
> index 3b69a76d341e..1626dfc6f6ce 100644
> --- a/arch/arm/kernel/perf_callchain.c
> +++ b/arch/arm/kernel/perf_callchain.c
> @@ -62,9 +62,10 @@ user_backtrace(struct frame_tail __user *tail,
> void
> perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct frame_tail __user *tail;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -98,9 +99,10 @@ callchain_trace(struct stackframe *fr,
> void
> perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe fr;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -111,18 +113,21 @@ perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *re
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return instruction_pointer(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/arm64/kernel/perf_callchain.c b/arch/arm64/kernel/perf_callchain.c
> index 4a72c2727309..86d9f2013172 100644
> --- a/arch/arm64/kernel/perf_callchain.c
> +++ b/arch/arm64/kernel/perf_callchain.c
> @@ -102,7 +102,9 @@ compat_user_backtrace(struct compat_frame_tail __user *tail,
> void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -147,9 +149,10 @@ static bool callchain_trace(void *data, unsigned long pc)
> void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe frame;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -160,18 +163,21 @@ void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return instruction_pointer(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/csky/kernel/perf_callchain.c b/arch/csky/kernel/perf_callchain.c
> index ab55e98ee8f6..35318a635a5f 100644
> --- a/arch/csky/kernel/perf_callchain.c
> +++ b/arch/csky/kernel/perf_callchain.c
> @@ -86,10 +86,11 @@ static unsigned long user_backtrace(struct perf_callchain_entry_ctx *entry,
> void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> unsigned long fp = 0;
>
> /* C-SKY does not support virtualization. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> + if (guest_cbs && guest_cbs->is_in_guest())
> return;
>
> fp = regs->regs[4];
> @@ -110,10 +111,11 @@ void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe fr;
>
> /* C-SKY does not support virtualization. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> pr_warn("C-SKY does not support perf in guest mode!");
> return;
> }
> diff --git a/arch/nds32/kernel/perf_event_cpu.c b/arch/nds32/kernel/perf_event_cpu.c
> index 0ce6f9f307e6..f38791960781 100644
> --- a/arch/nds32/kernel/perf_event_cpu.c
> +++ b/arch/nds32/kernel/perf_event_cpu.c
> @@ -1363,6 +1363,7 @@ void
> perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> unsigned long fp = 0;
> unsigned long gp = 0;
> unsigned long lp = 0;
> @@ -1371,7 +1372,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry,
>
> leaf_fp = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -1479,9 +1480,10 @@ void
> perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stackframe fr;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* We don't support guest os callchain now */
> return;
> }
> @@ -1493,20 +1495,23 @@ perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> /* However, NDS32 does not support virtualization */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return instruction_pointer(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> /* However, NDS32 does not support virtualization */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/riscv/kernel/perf_callchain.c b/arch/riscv/kernel/perf_callchain.c
> index 0bb1854dce83..8ecfc4c128bc 100644
> --- a/arch/riscv/kernel/perf_callchain.c
> +++ b/arch/riscv/kernel/perf_callchain.c
> @@ -56,10 +56,11 @@ static unsigned long user_backtrace(struct perf_callchain_entry_ctx *entry,
> void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> unsigned long fp = 0;
>
> /* RISC-V does not support perf in guest mode. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> + if (guest_cbs && guest_cbs->is_in_guest())
> return;
>
> fp = regs->s0;
> @@ -78,8 +79,10 @@ static bool fill_callchain(void *entry, unsigned long pc)
> void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
> struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> /* RISC-V does not support perf in guest mode. */
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> pr_warn("RISC-V does not support perf in guest mode!");
> return;
> }
> diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
> index 1eb45139fcc6..ffb3e6c0d367 100644
> --- a/arch/x86/events/core.c
> +++ b/arch/x86/events/core.c
> @@ -2761,10 +2761,11 @@ static bool perf_hw_regs(struct pt_regs *regs)
> void
> perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct unwind_state state;
> unsigned long addr;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* TODO: We don't support guest os callchain now */
> return;
> }
> @@ -2864,10 +2865,11 @@ perf_callchain_user32(struct pt_regs *regs, struct perf_callchain_entry_ctx *ent
> void
> perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> struct stack_frame frame;
> const struct stack_frame __user *fp;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> /* TODO: We don't support guest os callchain now */
> return;
> }
> @@ -2944,18 +2946,21 @@ static unsigned long code_segment_base(struct pt_regs *regs)
>
> unsigned long perf_instruction_pointer(struct pt_regs *regs)
> {
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
> - return perf_guest_cbs->get_guest_ip();
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> +
> + if (guest_cbs && guest_cbs->is_in_guest())
> + return guest_cbs->get_guest_ip();
>
> return regs->ip + code_segment_base(regs);
> }
>
> unsigned long perf_misc_flags(struct pt_regs *regs)
> {
> + struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
> int misc = 0;
>
> - if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
> - if (perf_guest_cbs->is_user_mode())
> + if (guest_cbs && guest_cbs->is_in_guest()) {
> + if (guest_cbs->is_user_mode())
> misc |= PERF_RECORD_MISC_GUEST_USER;
> else
> misc |= PERF_RECORD_MISC_GUEST_KERNEL;
> diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
> index fca7a6e2242f..9baa46185d94 100644
> --- a/arch/x86/events/intel/core.c
> +++ b/arch/x86/events/intel/core.c
> @@ -2786,6 +2786,7 @@ static int handle_pmi_common(struct pt_regs *regs, u64 status)
> {
> struct perf_sample_data data;
> struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
> + struct perf_guest_info_callbacks *guest_cbs;
> int bit;
> int handled = 0;
> u64 intel_ctrl = hybrid(cpuc->pmu, intel_ctrl);
> @@ -2852,9 +2853,11 @@ static int handle_pmi_common(struct pt_regs *regs, u64 status)
> */
> if (__test_and_clear_bit(GLOBAL_STATUS_TRACE_TOPAPMI_BIT, (unsigned long *)&status)) {
> handled++;
> - if (unlikely(perf_guest_cbs && perf_guest_cbs->is_in_guest() &&
> - perf_guest_cbs->handle_intel_pt_intr))
> - perf_guest_cbs->handle_intel_pt_intr();
> +
> + guest_cbs = perf_get_guest_cbs();
> + if (unlikely(guest_cbs && guest_cbs->is_in_guest() &&
> + guest_cbs->handle_intel_pt_intr))
> + guest_cbs->handle_intel_pt_intr();
> else
> intel_pt_interrupt();
> }
> diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
> index 2d510ad750ed..6b0405e578c1 100644
> --- a/include/linux/perf_event.h
> +++ b/include/linux/perf_event.h
> @@ -1237,6 +1237,14 @@ extern void perf_event_bpf_event(struct bpf_prog *prog,
> u16 flags);
>
> extern struct perf_guest_info_callbacks *perf_guest_cbs;
> +static inline struct perf_guest_info_callbacks *perf_get_guest_cbs(void)
> +{
> + /* Reg/unreg perf_guest_cbs waits for readers via synchronize_rcu(). */
> + lockdep_assert_preemption_disabled();
> +
> + /* Prevent reloading between a !NULL check and dereferences. */
> + return READ_ONCE(perf_guest_cbs);
> +}
> extern int perf_register_guest_info_callbacks(struct perf_guest_info_callbacks *callbacks);
> extern int perf_unregister_guest_info_callbacks(struct perf_guest_info_callbacks *callbacks);
>
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index 464917096e73..80ff050a7b55 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -6491,14 +6491,21 @@ struct perf_guest_info_callbacks *perf_guest_cbs;
>
> int perf_register_guest_info_callbacks(struct perf_guest_info_callbacks *cbs)
> {
> - perf_guest_cbs = cbs;
> + if (WARN_ON_ONCE(perf_guest_cbs))
> + return -EBUSY;
> +
> + WRITE_ONCE(perf_guest_cbs, cbs);
So per Paolo's comment [1], does it help to use
smp_store_release(perf_guest_cbs, cbs)
or
rcu_assign_pointer(perf_guest_cbs, cbs)
here?
[1] https://lore.kernel.org/kvm/37afc465-c12f-01b9-f3b6-c2573e112d76@redhat.com/
> return 0;
> }
> EXPORT_SYMBOL_GPL(perf_register_guest_info_callbacks);
>
> int perf_unregister_guest_info_callbacks(struct perf_guest_info_callbacks *cbs)
> {
> - perf_guest_cbs = NULL;
> + if (WARN_ON_ONCE(perf_guest_cbs != cbs))
> + return -EINVAL;
> +
> + WRITE_ONCE(perf_guest_cbs, NULL);
> + synchronize_rcu();
> return 0;
> }
> EXPORT_SYMBOL_GPL(perf_unregister_guest_info_callbacks);
>
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
next prev parent reply other threads:[~2021-11-04 9:32 UTC|newest]
Thread overview: 189+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-22 0:05 [PATCH v3 00/16] perf: KVM: Fix, optimize, and clean up callbacks Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` [PATCH v3 01/16] perf: Ensure perf_guest_cbs aren't reloaded between !NULL check and deref Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-11-04 9:32 ` Like Xu [this message]
2021-11-04 9:32 ` Like Xu
2021-11-04 9:32 ` Like Xu
2021-11-04 9:32 ` Like Xu
2021-11-04 14:18 ` Sean Christopherson
2021-11-04 14:18 ` Sean Christopherson
2021-11-04 14:18 ` Sean Christopherson
2021-11-04 14:18 ` Sean Christopherson
2021-11-10 11:07 ` Paolo Bonzini
2021-11-10 11:07 ` Paolo Bonzini
2021-11-10 11:07 ` Paolo Bonzini
2021-11-10 11:07 ` Paolo Bonzini
2021-11-11 0:39 ` Sean Christopherson
2021-11-11 0:39 ` Sean Christopherson
2021-11-11 0:39 ` Sean Christopherson
2021-11-11 0:39 ` Sean Christopherson
2021-09-22 0:05 ` [PATCH v3 02/16] KVM: x86: Register perf callbacks after calling vendor's hardware_setup() Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 6:23 ` Paolo Bonzini
2021-09-22 6:23 ` Paolo Bonzini
2021-09-22 6:23 ` Paolo Bonzini
2021-09-22 6:23 ` Paolo Bonzini
2021-09-22 0:05 ` [PATCH v3 03/16] KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 6:24 ` Paolo Bonzini
2021-09-22 6:24 ` Paolo Bonzini
2021-09-22 6:24 ` Paolo Bonzini
2021-09-22 6:24 ` Paolo Bonzini
2021-09-22 0:05 ` [PATCH v3 04/16] perf: Stop pretending that perf can handle multiple guest callbacks Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 6:25 ` Paolo Bonzini
2021-09-22 6:25 ` Paolo Bonzini
2021-09-22 6:25 ` Paolo Bonzini
2021-09-22 6:25 ` Paolo Bonzini
2021-09-22 0:05 ` [PATCH v3 05/16] perf: Drop dead and useless guest "support" from arm, csky, nds32 and riscv Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 6:26 ` Paolo Bonzini
2021-09-22 6:26 ` Paolo Bonzini
2021-09-22 6:26 ` Paolo Bonzini
2021-09-22 6:26 ` Paolo Bonzini
2021-09-22 0:05 ` [PATCH v3 06/16] perf/core: Rework guest callbacks to prepare for static_call support Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 6:28 ` Paolo Bonzini
2021-09-22 6:28 ` Paolo Bonzini
2021-09-22 6:28 ` Paolo Bonzini
2021-09-22 6:28 ` Paolo Bonzini
2021-09-22 18:31 ` Boris Ostrovsky
2021-09-22 18:31 ` Boris Ostrovsky
2021-09-22 18:31 ` Boris Ostrovsky
2021-09-22 18:31 ` Boris Ostrovsky
2021-09-22 0:05 ` [PATCH v3 07/16] perf: Add wrappers for invoking guest callbacks Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 6:29 ` Paolo Bonzini
2021-09-22 6:29 ` Paolo Bonzini
2021-09-22 6:29 ` Paolo Bonzini
2021-09-22 6:29 ` Paolo Bonzini
2021-09-22 0:05 ` [PATCH v3 08/16] perf: Force architectures to opt-in to " Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 6:32 ` Paolo Bonzini
2021-09-22 6:32 ` Paolo Bonzini
2021-09-22 6:32 ` Paolo Bonzini
2021-09-22 6:32 ` Paolo Bonzini
2021-09-22 14:48 ` Sean Christopherson
2021-09-22 14:48 ` Sean Christopherson
2021-09-22 14:48 ` Sean Christopherson
2021-09-22 14:48 ` Sean Christopherson
2021-11-09 23:46 ` Sean Christopherson
2021-11-09 23:46 ` Sean Christopherson
2021-11-09 23:46 ` Sean Christopherson
2021-11-09 23:46 ` Sean Christopherson
2021-09-22 0:05 ` [PATCH v3 09/16] perf/core: Use static_call to optimize perf_guest_info_callbacks Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 6:33 ` Paolo Bonzini
2021-09-22 6:33 ` Paolo Bonzini
2021-09-22 6:33 ` Paolo Bonzini
2021-09-22 6:33 ` Paolo Bonzini
2021-09-22 0:05 ` [PATCH v3 10/16] KVM: x86: Drop current_vcpu for kvm_running_vcpu + kvm_arch_vcpu variable Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 6:40 ` Paolo Bonzini
2021-09-22 6:40 ` Paolo Bonzini
2021-09-22 6:40 ` Paolo Bonzini
2021-09-22 6:40 ` Paolo Bonzini
2021-09-22 0:05 ` [PATCH v3 11/16] KVM: x86: More precisely identify NMI from guest when handling PMI Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 6:38 ` Paolo Bonzini
2021-09-22 6:38 ` Paolo Bonzini
2021-09-22 6:38 ` Paolo Bonzini
2021-09-22 6:38 ` Paolo Bonzini
2021-09-22 0:05 ` [PATCH v3 12/16] KVM: Move x86's perf guest info callbacks to generic KVM Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 6:41 ` Paolo Bonzini
2021-09-22 6:41 ` Paolo Bonzini
2021-09-22 6:41 ` Paolo Bonzini
2021-09-22 6:41 ` Paolo Bonzini
2021-10-11 9:35 ` Marc Zyngier
2021-10-11 9:35 ` Marc Zyngier
2021-10-11 9:35 ` Marc Zyngier
2021-10-11 9:35 ` Marc Zyngier
2021-10-11 14:46 ` Sean Christopherson
2021-10-11 14:46 ` Sean Christopherson
2021-10-11 14:46 ` Sean Christopherson
2021-10-11 14:46 ` Sean Christopherson
2021-10-11 15:33 ` Marc Zyngier
2021-10-11 15:33 ` Marc Zyngier
2021-10-11 15:33 ` Marc Zyngier
2021-10-11 15:33 ` Marc Zyngier
2021-09-22 0:05 ` [PATCH v3 13/16] KVM: x86: Move Intel Processor Trace interrupt handler to vmx.c Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` [PATCH v3 14/16] KVM: arm64: Convert to the generic perf callbacks Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-10-11 9:38 ` Marc Zyngier
2021-10-11 9:38 ` Marc Zyngier
2021-10-11 9:38 ` Marc Zyngier
2021-10-11 9:38 ` Marc Zyngier
2021-09-22 0:05 ` [PATCH v3 15/16] KVM: arm64: Drop perf.c and fold its tiny bits of code into arm.c / pmu.c Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-10-11 9:44 ` Marc Zyngier
2021-10-11 9:44 ` Marc Zyngier
2021-10-11 9:44 ` Marc Zyngier
2021-10-11 9:44 ` Marc Zyngier
2021-11-09 23:16 ` Sean Christopherson
2021-11-09 23:16 ` Sean Christopherson
2021-11-09 23:16 ` Sean Christopherson
2021-11-09 23:16 ` Sean Christopherson
2021-09-22 0:05 ` [PATCH v3 16/16] perf: Drop guest callback (un)register stubs Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 0:05 ` Sean Christopherson
2021-09-22 6:29 ` Paolo Bonzini
2021-09-22 6:29 ` Paolo Bonzini
2021-09-22 6:29 ` Paolo Bonzini
2021-09-22 6:29 ` Paolo Bonzini
2021-09-22 6:42 ` [PATCH v3 00/16] perf: KVM: Fix, optimize, and clean up callbacks Paolo Bonzini
2021-09-22 6:42 ` Paolo Bonzini
2021-09-22 6:42 ` Paolo Bonzini
2021-09-22 6:42 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=77e3a76a-016b-8945-a1d5-aae4075e2147@gmail.com \
--to=like.xu.linux@gmail.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=alexandru.elisei@arm.com \
--cc=aou@eecs.berkeley.edu \
--cc=artem.kashkanov@intel.com \
--cc=boris.ostrovsky@oracle.com \
--cc=deanbo422@gmail.com \
--cc=green.hu@gmail.com \
--cc=guoren@kernel.org \
--cc=james.morse@arm.com \
--cc=jgross@suse.com \
--cc=jmattson@google.com \
--cc=jolsa@redhat.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=lingshan.zhu@intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-csky@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=nickhu@andestech.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=sstabellini@kernel.org \
--cc=suzuki.poulose@arm.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=will@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.