CC: [email protected] CC: [email protected] CC: [email protected] TO: Like Xu <[email protected]> CC: Paolo Bonzini <[email protected]> CC: Wei Wang <[email protected]> CC: Andi Kleen <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: c9194f32bfd932e976a158d1af97a63be68a2aab commit: 1b5ac3226a1aa071135fe0ee5d1055d9e88b717c KVM: vmx/pmu: Pass-through LBR msrs when the guest LBR event is ACTIVE date: 6 months ago :::::: branch date: 25 hours ago :::::: commit date: 6 months ago config: x86_64-randconfig-c001-20210806 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 42b9c2a17a0b63cccf3ac197a82f91b28e53e643) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install x86_64 cross compiling tool for clang build # apt-get install binutils-x86-64-linux-gnu # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1b5ac3226a1aa071135fe0ee5d1055d9e88b717c git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 1b5ac3226a1aa071135fe0ee5d1055d9e88b717c # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^ drivers/hid/hid-samsung.c:105:2: note: Loop condition is false. Exiting loop dbg_hid("samsung wireless keyboard/mouse input mapping event [0x%x]\n", ^ include/linux/hid.h:1176:32: note: expanded from macro 'dbg_hid' #define dbg_hid(fmt, ...) \ ^ drivers/hid/hid-samsung.c:108:2: note: Control jumps to 'case 561:' at line 120 switch (usage->hid & HID_USAGE) { ^ drivers/hid/hid-samsung.c:120:14: note: Calling 'hid_map_usage_clear' case 0x231: samsung_kbd_mouse_map_key_clear(KEY_STOP); break; ^ drivers/hid/hid-samsung.c:93:2: note: expanded from macro 'samsung_kbd_mouse_map_key_clear' hid_map_usage_clear(hi, usage, bit, max, EV_KEY, (c)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/hid.h:1020:2: note: Calling 'hid_map_usage' hid_map_usage(hidinput, usage, bit, max, type, c); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/hid.h:974:2: note: 'input' initialized here struct input_dev *input = hidinput->input; ^~~~~~~~~~~~~~~~~~~~~~~ include/linux/hid.h:978:2: note: Control jumps to 'case 1:' at line 987 switch (type) { ^ include/linux/hid.h:990:3: note: Execution continues on line 997 break; ^ include/linux/hid.h:997:15: note: 'c' is <= 'limit' if (unlikely(c > limit || !bmap)) { ^ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ include/linux/hid.h:997:15: note: Left side of '||' is false if (unlikely(c > limit || !bmap)) { ^ include/linux/hid.h:997:28: note: Assuming 'bmap' is null if (unlikely(c > limit || !bmap)) { ^ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ include/linux/hid.h:997:28: note: Assuming pointer value is null if (unlikely(c > limit || !bmap)) { ^ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ include/linux/hid.h:997:2: note: Taking true branch if (unlikely(c > limit || !bmap)) { ^ include/linux/hid.h:998:3: note: Assuming the condition is true pr_warn_ratelimited("%s: Invalid code %d type %d\n", ^ include/linux/printk.h:528:2: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/printk.h:511:6: note: expanded from macro 'printk_ratelimited' if (__ratelimit(&_rs)) \ ^~~~~~~~~~~~~~~~~ include/linux/ratelimit_types.h:41:28: note: expanded from macro '__ratelimit' #define __ratelimit(state) ___ratelimit(state, __func__) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/hid.h:998:3: note: Taking true branch pr_warn_ratelimited("%s: Invalid code %d type %d\n", ^ include/linux/printk.h:528:2: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^ include/linux/printk.h:511:2: note: expanded from macro 'printk_ratelimited' if (__ratelimit(&_rs)) \ ^ include/linux/hid.h:999:9: note: Access to field 'name' results in a dereference of a null pointer (loaded from variable 'input') input->name, c, type); ^ include/linux/printk.h:528:49: note: expanded from macro 'pr_warn_ratelimited' printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__) ^~~~~~~~~~~ include/linux/printk.h:512:17: note: expanded from macro 'printk_ratelimited' printk(fmt, ##__VA_ARGS__); \ ^~~~~~~~~~~ Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 9 warnings generated. Suppressed 9 warnings (9 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. >> arch/x86/kvm/vmx/pmu_intel.c:330:6: warning: Access to field 'state' results >> in a dereference of a null pointer (loaded from field 'event') >> [clang-analyzer-core.NullDereference] if (lbr_desc->event->state == PERF_EVENT_STATE_ACTIVE) { ^ arch/x86/kvm/vmx/pmu_intel.c:394:2: note: Control jumps to the 'default' case at line 425 switch (msr) { ^ arch/x86/kvm/vmx/pmu_intel.c:426:8: note: Assuming 'pmc' is null if ((pmc = get_gp_pmc(pmu, msr, MSR_IA32_PERFCTR0)) || ^~~ arch/x86/kvm/vmx/pmu_intel.c:426:7: note: Left side of '||' is false if ((pmc = get_gp_pmc(pmu, msr, MSR_IA32_PERFCTR0)) || ^ arch/x86/kvm/vmx/pmu_intel.c:427:8: note: Assuming 'pmc' is null (pmc = get_gp_pmc(pmu, msr, MSR_IA32_PMC0))) { ^~~ arch/x86/kvm/vmx/pmu_intel.c:426:3: note: Taking false branch if ((pmc = get_gp_pmc(pmu, msr, MSR_IA32_PERFCTR0)) || ^ arch/x86/kvm/vmx/pmu_intel.c:439:15: note: Assuming 'pmc' is null } else if ((pmc = get_fixed_pmc(pmu, msr))) { ^~~ arch/x86/kvm/vmx/pmu_intel.c:439:10: note: Taking false branch } else if ((pmc = get_fixed_pmc(pmu, msr))) { ^ arch/x86/kvm/vmx/pmu_intel.c:445:15: note: Assuming 'pmc' is null } else if ((pmc = get_gp_pmc(pmu, msr, MSR_P6_EVNTSEL0))) { ^~~ arch/x86/kvm/vmx/pmu_intel.c:445:10: note: Taking false branch } else if ((pmc = get_gp_pmc(pmu, msr, MSR_P6_EVNTSEL0))) { ^ arch/x86/kvm/vmx/pmu_intel.c:452:14: note: Calling 'intel_pmu_handle_lbr_msrs_access' } else if (intel_pmu_handle_lbr_msrs_access(vcpu, msr_info, false)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:317:7: note: Calling 'intel_pmu_is_valid_lbr_msr' if (!intel_pmu_is_valid_lbr_msr(vcpu, index)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:198:7: note: Calling 'intel_pmu_lbr_is_enabled' if (!intel_pmu_lbr_is_enabled(vcpu)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:190:9: note: Assuming field 'nr' is not equal to 0 return lbr->nr && (vcpu_get_perf_capabilities(vcpu) & PMU_CAP_LBR_FMT); ^~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:190:9: note: Left side of '&&' is true arch/x86/kvm/vmx/pmu_intel.c:190:21: note: Calling 'vcpu_get_perf_capabilities' return lbr->nr && (vcpu_get_perf_capabilities(vcpu) & PMU_CAP_LBR_FMT); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:157:7: note: Value assigned to field 'event', which participates in a condition later if (!guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:157:7: note: Value assigned to field 'event' if (!guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:157:6: note: Assuming the condition is false if (!guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:157:2: note: Taking false branch if (!guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) ^ arch/x86/kvm/vmx/pmu_intel.c:190:21: note: Returning from 'vcpu_get_perf_capabilities' return lbr->nr && (vcpu_get_perf_capabilities(vcpu) & PMU_CAP_LBR_FMT); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:190:2: note: Returning value, which participates in a condition later return lbr->nr && (vcpu_get_perf_capabilities(vcpu) & PMU_CAP_LBR_FMT); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:198:7: note: Returning from 'intel_pmu_lbr_is_enabled' if (!intel_pmu_lbr_is_enabled(vcpu)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:198:6: note: Assuming the condition is false if (!intel_pmu_lbr_is_enabled(vcpu)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:198:2: note: Taking false branch if (!intel_pmu_lbr_is_enabled(vcpu)) ^ arch/x86/kvm/vmx/pmu_intel.c:201:9: note: Assuming 'index' is equal to MSR_LBR_SELECT ret = (index == MSR_LBR_SELECT) || (index == MSR_LBR_TOS) || ^~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:201:34: note: Left side of '||' is true ret = (index == MSR_LBR_SELECT) || (index == MSR_LBR_TOS) || ^ arch/x86/kvm/vmx/pmu_intel.c:205:7: note: 'ret' is true if (!ret && records->info) ^~~ arch/x86/kvm/vmx/pmu_intel.c:205:11: note: Left side of '&&' is false if (!ret && records->info) ^ arch/x86/kvm/vmx/pmu_intel.c:208:2: note: Returning the value 1 (loaded from 'ret'), which participates in a condition later return ret; ^~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:317:7: note: Returning from 'intel_pmu_is_valid_lbr_msr' if (!intel_pmu_is_valid_lbr_msr(vcpu, index)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:317:2: note: Taking false branch if (!intel_pmu_is_valid_lbr_msr(vcpu, index)) ^ arch/x86/kvm/vmx/pmu_intel.c:320:6: note: Assuming field 'event' is null if (!lbr_desc->event && !intel_pmu_create_guest_lbr_event(vcpu)) ^~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:320:6: note: Left side of '&&' is true arch/x86/kvm/vmx/pmu_intel.c:320:27: note: Calling 'intel_pmu_create_guest_lbr_event' if (!lbr_desc->event && !intel_pmu_create_guest_lbr_event(vcpu)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ vim +330 arch/x86/kvm/vmx/pmu_intel.c 8e12911b243e48 Like Xu 2021-02-01 305 1b5ac3226a1aa0 Like Xu 2021-02-01 306 /* 1b5ac3226a1aa0 Like Xu 2021-02-01 307 * It's safe to access LBR msrs from guest when they have not 1b5ac3226a1aa0 Like Xu 2021-02-01 308 * been passthrough since the host would help restore or reset 1b5ac3226a1aa0 Like Xu 2021-02-01 309 * the LBR msrs records when the guest LBR event is scheduled in. 1b5ac3226a1aa0 Like Xu 2021-02-01 310 */ 1b5ac3226a1aa0 Like Xu 2021-02-01 311 static bool intel_pmu_handle_lbr_msrs_access(struct kvm_vcpu *vcpu, 1b5ac3226a1aa0 Like Xu 2021-02-01 312 struct msr_data *msr_info, bool read) 1b5ac3226a1aa0 Like Xu 2021-02-01 313 { 1b5ac3226a1aa0 Like Xu 2021-02-01 314 struct lbr_desc *lbr_desc = vcpu_to_lbr_desc(vcpu); 1b5ac3226a1aa0 Like Xu 2021-02-01 315 u32 index = msr_info->index; 1b5ac3226a1aa0 Like Xu 2021-02-01 316 1b5ac3226a1aa0 Like Xu 2021-02-01 317 if (!intel_pmu_is_valid_lbr_msr(vcpu, index)) 1b5ac3226a1aa0 Like Xu 2021-02-01 318 return false; 1b5ac3226a1aa0 Like Xu 2021-02-01 319 1b5ac3226a1aa0 Like Xu 2021-02-01 320 if (!lbr_desc->event && !intel_pmu_create_guest_lbr_event(vcpu)) 1b5ac3226a1aa0 Like Xu 2021-02-01 321 goto dummy; 1b5ac3226a1aa0 Like Xu 2021-02-01 322 1b5ac3226a1aa0 Like Xu 2021-02-01 323 /* 1b5ac3226a1aa0 Like Xu 2021-02-01 324 * Disable irq to ensure the LBR feature doesn't get reclaimed by the 1b5ac3226a1aa0 Like Xu 2021-02-01 325 * host at the time the value is read from the msr, and this avoids the 1b5ac3226a1aa0 Like Xu 2021-02-01 326 * host LBR value to be leaked to the guest. If LBR has been reclaimed, 1b5ac3226a1aa0 Like Xu 2021-02-01 327 * return 0 on guest reads. 1b5ac3226a1aa0 Like Xu 2021-02-01 328 */ 1b5ac3226a1aa0 Like Xu 2021-02-01 329 local_irq_disable(); 1b5ac3226a1aa0 Like Xu 2021-02-01 @330 if (lbr_desc->event->state == PERF_EVENT_STATE_ACTIVE) { 1b5ac3226a1aa0 Like Xu 2021-02-01 331 if (read) 1b5ac3226a1aa0 Like Xu 2021-02-01 332 rdmsrl(index, msr_info->data); 1b5ac3226a1aa0 Like Xu 2021-02-01 333 else 1b5ac3226a1aa0 Like Xu 2021-02-01 334 wrmsrl(index, msr_info->data); 1b5ac3226a1aa0 Like Xu 2021-02-01 335 local_irq_enable(); 1b5ac3226a1aa0 Like Xu 2021-02-01 336 return true; 1b5ac3226a1aa0 Like Xu 2021-02-01 337 } 1b5ac3226a1aa0 Like Xu 2021-02-01 338 local_irq_enable(); 1b5ac3226a1aa0 Like Xu 2021-02-01 339 1b5ac3226a1aa0 Like Xu 2021-02-01 340 dummy: 1b5ac3226a1aa0 Like Xu 2021-02-01 341 if (read) 1b5ac3226a1aa0 Like Xu 2021-02-01 342 msr_info->data = 0; 1b5ac3226a1aa0 Like Xu 2021-02-01 343 return true; 1b5ac3226a1aa0 Like Xu 2021-02-01 344 } 1b5ac3226a1aa0 Like Xu 2021-02-01 345 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
