mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,253,135 Commits 103 Branches 4,999 Tags 5.4 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Go to file
Sean Christopherson 7a7650b3ac KVM: x86/pmu: Disable support for adaptive PEBS 
commit 9e985cbf29 upstream.

Drop support for virtualizing adaptive PEBS, as KVM's implementation is
architecturally broken without an obvious/easy path forward, and because
exposing adaptive PEBS can leak host LBRs to the guest, i.e. can leak
host kernel addresses to the guest.

Bug #1 is that KVM doesn't account for the upper 32 bits of
IA32_FIXED_CTR_CTRL when (re)programming fixed counters, e.g
fixed_ctrl_field() drops the upper bits, reprogram_fixed_counters()
stores local variables as u8s and truncates the upper bits too, etc.

Bug #2 is that, because KVM _always_ sets precise_ip to a non-zero value
for PEBS events, perf will _always_ generate an adaptive record, even if
the guest requested a basic record.  Note, KVM will also enable adaptive
PEBS in individual *counter*, even if adaptive PEBS isn't exposed to the
guest, but this is benign as MSR_PEBS_DATA_CFG is guaranteed to be zero,
i.e. the guest will only ever see Basic records.

Bug #3 is in perf.  intel_pmu_disable_fixed() doesn't clear the upper
bits either, i.e. leaves ICL_FIXED_0_ADAPTIVE set, and
intel_pmu_enable_fixed() effectively doesn't clear ICL_FIXED_0_ADAPTIVE
either.  I.e. perf _always_ enables ADAPTIVE counters, regardless of what
KVM requests.

Bug #4 is that adaptive PEBS *might* effectively bypass event filters set
by the host, as "Updated Memory Access Info Group" records information
that might be disallowed by userspace via KVM_SET_PMU_EVENT_FILTER.

Bug #5 is that KVM doesn't ensure LBR MSRs hold guest values (or at least
zeros) when entering a vCPU with adaptive PEBS, which allows the guest
to read host LBRs, i.e. host RIPs/addresses, by enabling "LBR Entries"
records.

Disable adaptive PEBS support as an immediate fix due to the severity of
the LBR leak in particular, and because fixing all of the bugs will be
non-trivial, e.g. not suitable for backporting to stable kernels.

Note!  This will break live migration, but trying to make KVM play nice
with live migration would be quite complicated, wouldn't be guaranteed to
work (i.e. KVM might still kill/confuse the guest), and it's not clear
that there are any publicly available VMMs that support adaptive PEBS,
let alone live migrate VMs that support adaptive PEBS, e.g. QEMU doesn't
support PEBS in any capacity.

Link: https://lore.kernel.org/all/20240306230153.786365-1-seanjc@google.com
Link: https://lore.kernel.org/all/ZeepGjHCeSfadANM@google.com
Fixes: c59a1f106f ("KVM: x86/pmu: Add IA32_PEBS_ENABLE MSR emulation for extended PEBS")
Cc: stable@vger.kernel.org
Cc: Like Xu <like.xu.linux@gmail.com>
Cc: Mingwei Zhang <mizhang@google.com>
Cc: Zhenyu Wang <zhenyuw@linux.intel.com>
Cc: Zhang Xiong <xiong.y.zhang@intel.com>
Cc: Lv Zhiyuan <zhiyuan.lv@intel.com>
Cc: Dapeng Mi <dapeng1.mi@intel.com>
Cc: Jim Mattson <jmattson@google.com>
Acked-by: Like Xu <likexu@tencent.com>
Link: https://lore.kernel.org/r/20240307005833.827147-1-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-04-27 17:13:01 +02:00
Documentation x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto 2024-04-17 11:23:41 +02:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
arch KVM: x86/pmu: Disable support for adaptive PEBS 2024-04-27 17:13:01 +02:00
block block: propagate partition scanning errors to the BLKRRPART ioctl 2024-04-27 17:12:57 +02:00
certs This update includes the following changes: 2023-11-02 16:15:30 -10:00
crypto Revert "crypto: pkcs7 - remove sha1 support" 2024-04-03 15:32:31 +02:00
drivers speakup: Avoid crash on very long word 2024-04-27 17:13:01 +02:00
fs fs: sysfs: Fix reference leak in sysfs_break_active_protection() 2024-04-27 17:13:01 +02:00
include sched: Add missing memory barrier in switch_mm_cid 2024-04-27 17:13:01 +02:00
init fs/proc: Skip bootloader comment if no embedded kernel parameters 2024-04-17 11:23:36 +02:00
io_uring io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure 2024-04-27 17:12:47 +02:00
ipc shm: Slim down dependencies 2023-12-20 19:26:31 -05:00
kernel sched: Add missing memory barrier in switch_mm_cid 2024-04-27 17:13:01 +02:00
lib lib: checksum: hide unused expected_csum_ipv6_magic[] 2024-04-17 11:23:28 +02:00
mm userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE 2024-04-27 17:12:54 +02:00
net net/sched: Fix mirred deadlock on device recursion 2024-04-27 17:12:53 +02:00
rust Rust changes for v6.8 2024-01-11 13:05:41 -08:00
samples work around gcc bugs with 'asm goto' with outputs 2024-02-09 15:57:48 -08:00
scripts gcc-plugins/stackleak: Avoid .head.text section 2024-04-13 13:10:11 +02:00
security selinux: avoid dereference of garbage after mount failure 2024-04-10 16:38:01 +02:00
sound ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC 2024-04-27 17:12:57 +02:00
tools selftests/powerpc/papr-vpd: Fix missing variable initialization 2024-04-27 17:12:56 +02:00
usr Kbuild updates for v6.8 2024-01-18 17:57:07 -08:00
virt KVM: Always flush async #PF workqueue when vCPU is being destroyed 2024-04-03 15:32:03 +02:00
.clang-format clang-format: Update with v6.7-rc4's `for_each` macro list 2023-12-08 23:54:38 +01:00
.cocciconfig
.editorconfig Add .editorconfig file for basic formatting 2023-12-28 16:22:47 +09:00
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore Add .editorconfig file for basic formatting 2023-12-28 16:22:47 +09:00
.mailmap drm fixes for 6.8 final 2024-03-08 12:44:56 -08:00
.rustfmt.toml rust: add `.rustfmt.toml` 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: supplement of zswap maintainers update 2024-01-25 23:52:21 -08:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS drm fixes for 6.8 final 2024-03-08 12:44:56 -08:00
Makefile Linux 6.8.7 2024-04-17 11:23:43 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.