CC: [email protected] CC: [email protected] CC: [email protected] TO: Like Xu <[email protected]> CC: Paolo Bonzini <[email protected]> CC: Wei Wang <[email protected]> CC: Andi Kleen <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 85a90500f9a1717c4e142ce92e6c1cb1a339ec78 commit: 1b5ac3226a1aa071135fe0ee5d1055d9e88b717c KVM: vmx/pmu: Pass-through LBR msrs when the guest LBR event is ACTIVE date: 6 months ago :::::: branch date: 5 hours ago :::::: commit date: 6 months ago config: x86_64-randconfig-c001-20210806 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 42b9c2a17a0b63cccf3ac197a82f91b28e53e643) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install x86_64 cross compiling tool for clang build # apt-get install binutils-x86-64-linux-gnu # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1b5ac3226a1aa071135fe0ee5d1055d9e88b717c git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 1b5ac3226a1aa071135fe0ee5d1055d9e88b717c # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^~~~ mm/memory.c:2401:2: note: Taking false branch BUG_ON(pmd_huge(*pmd)); ^ include/asm-generic/bug.h:63:32: note: expanded from macro 'BUG_ON' #define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0) ^ mm/memory.c:2401:2: note: Loop condition is false. Exiting loop BUG_ON(pmd_huge(*pmd)); ^ include/asm-generic/bug.h:63:27: note: expanded from macro 'BUG_ON' #define BUG_ON(condition) do { if (unlikely(condition)) BUG(); } while (0) ^ mm/memory.c:2403:2: note: Loop condition is false. Exiting loop arch_enter_lazy_mmu_mode(); ^ include/linux/pgtable.h:955:36: note: expanded from macro 'arch_enter_lazy_mmu_mode' #define arch_enter_lazy_mmu_mode() do {} while (0) ^ mm/memory.c:2405:6: note: Assuming 'fn' is null if (fn) { ^~ mm/memory.c:2405:2: note: Taking false branch if (fn) { ^ mm/memory.c:2416:2: note: Loop condition is false. Exiting loop arch_leave_lazy_mmu_mode(); ^ include/linux/pgtable.h:956:36: note: expanded from macro 'arch_leave_lazy_mmu_mode' #define arch_leave_lazy_mmu_mode() do {} while (0) ^ mm/memory.c:2418:6: note: Assuming the condition is true if (mm != &init_mm) ^~~~~~~~~~~~~~ mm/memory.c:2418:2: note: Taking true branch if (mm != &init_mm) ^ mm/memory.c:2419:3: note: 1st function call argument is an uninitialized value pte_unmap_unlock(pte-1, ptl); ^ include/linux/mm.h:2230:2: note: expanded from macro 'pte_unmap_unlock' spin_unlock(ptl); \ ^ ~~~ Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. Suppressed 4 warnings (2 in non-user code, 2 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 9 warnings generated. Suppressed 9 warnings (9 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. >> arch/x86/kvm/vmx/pmu_intel.c:330:6: warning: Access to field 'state' results >> in a dereference of a null pointer (loaded from field 'event') >> [clang-analyzer-core.NullDereference] if (lbr_desc->event->state == PERF_EVENT_STATE_ACTIVE) { ^ arch/x86/kvm/vmx/pmu_intel.c:394:2: note: Control jumps to the 'default' case at line 425 switch (msr) { ^ arch/x86/kvm/vmx/pmu_intel.c:426:8: note: Assuming 'pmc' is null if ((pmc = get_gp_pmc(pmu, msr, MSR_IA32_PERFCTR0)) || ^~~ arch/x86/kvm/vmx/pmu_intel.c:426:7: note: Left side of '||' is false if ((pmc = get_gp_pmc(pmu, msr, MSR_IA32_PERFCTR0)) || ^ arch/x86/kvm/vmx/pmu_intel.c:427:8: note: Assuming 'pmc' is null (pmc = get_gp_pmc(pmu, msr, MSR_IA32_PMC0))) { ^~~ arch/x86/kvm/vmx/pmu_intel.c:426:3: note: Taking false branch if ((pmc = get_gp_pmc(pmu, msr, MSR_IA32_PERFCTR0)) || ^ arch/x86/kvm/vmx/pmu_intel.c:439:15: note: Assuming 'pmc' is null } else if ((pmc = get_fixed_pmc(pmu, msr))) { ^~~ arch/x86/kvm/vmx/pmu_intel.c:439:10: note: Taking false branch } else if ((pmc = get_fixed_pmc(pmu, msr))) { ^ arch/x86/kvm/vmx/pmu_intel.c:445:15: note: Assuming 'pmc' is null } else if ((pmc = get_gp_pmc(pmu, msr, MSR_P6_EVNTSEL0))) { ^~~ arch/x86/kvm/vmx/pmu_intel.c:445:10: note: Taking false branch } else if ((pmc = get_gp_pmc(pmu, msr, MSR_P6_EVNTSEL0))) { ^ arch/x86/kvm/vmx/pmu_intel.c:452:14: note: Calling 'intel_pmu_handle_lbr_msrs_access' } else if (intel_pmu_handle_lbr_msrs_access(vcpu, msr_info, false)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:317:7: note: Calling 'intel_pmu_is_valid_lbr_msr' if (!intel_pmu_is_valid_lbr_msr(vcpu, index)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:198:7: note: Calling 'intel_pmu_lbr_is_enabled' if (!intel_pmu_lbr_is_enabled(vcpu)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:190:9: note: Assuming field 'nr' is not equal to 0 return lbr->nr && (vcpu_get_perf_capabilities(vcpu) & PMU_CAP_LBR_FMT); ^~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:190:9: note: Left side of '&&' is true arch/x86/kvm/vmx/pmu_intel.c:190:21: note: Calling 'vcpu_get_perf_capabilities' return lbr->nr && (vcpu_get_perf_capabilities(vcpu) & PMU_CAP_LBR_FMT); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:157:7: note: Value assigned to field 'event', which participates in a condition later if (!guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:157:7: note: Value assigned to field 'event' if (!guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:157:6: note: Assuming the condition is false if (!guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:157:2: note: Taking false branch if (!guest_cpuid_has(vcpu, X86_FEATURE_PDCM)) ^ arch/x86/kvm/vmx/pmu_intel.c:190:21: note: Returning from 'vcpu_get_perf_capabilities' return lbr->nr && (vcpu_get_perf_capabilities(vcpu) & PMU_CAP_LBR_FMT); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:190:2: note: Returning value, which participates in a condition later return lbr->nr && (vcpu_get_perf_capabilities(vcpu) & PMU_CAP_LBR_FMT); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:198:7: note: Returning from 'intel_pmu_lbr_is_enabled' if (!intel_pmu_lbr_is_enabled(vcpu)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:198:6: note: Assuming the condition is false if (!intel_pmu_lbr_is_enabled(vcpu)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:198:2: note: Taking false branch if (!intel_pmu_lbr_is_enabled(vcpu)) ^ arch/x86/kvm/vmx/pmu_intel.c:201:9: note: Assuming 'index' is equal to MSR_LBR_SELECT ret = (index == MSR_LBR_SELECT) || (index == MSR_LBR_TOS) || ^~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:201:34: note: Left side of '||' is true ret = (index == MSR_LBR_SELECT) || (index == MSR_LBR_TOS) || ^ arch/x86/kvm/vmx/pmu_intel.c:205:7: note: 'ret' is true if (!ret && records->info) ^~~ arch/x86/kvm/vmx/pmu_intel.c:205:11: note: Left side of '&&' is false if (!ret && records->info) ^ arch/x86/kvm/vmx/pmu_intel.c:208:2: note: Returning the value 1 (loaded from 'ret'), which participates in a condition later return ret; ^~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:317:7: note: Returning from 'intel_pmu_is_valid_lbr_msr' if (!intel_pmu_is_valid_lbr_msr(vcpu, index)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:317:2: note: Taking false branch if (!intel_pmu_is_valid_lbr_msr(vcpu, index)) ^ arch/x86/kvm/vmx/pmu_intel.c:320:6: note: Assuming field 'event' is null if (!lbr_desc->event && !intel_pmu_create_guest_lbr_event(vcpu)) ^~~~~~~~~~~~~~~~ arch/x86/kvm/vmx/pmu_intel.c:320:6: note: Left side of '&&' is true arch/x86/kvm/vmx/pmu_intel.c:320:27: note: Calling 'intel_pmu_create_guest_lbr_event' if (!lbr_desc->event && !intel_pmu_create_guest_lbr_event(vcpu)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ vim +330 arch/x86/kvm/vmx/pmu_intel.c 8e12911b243e48 Like Xu 2021-02-01 305 1b5ac3226a1aa0 Like Xu 2021-02-01 306 /* 1b5ac3226a1aa0 Like Xu 2021-02-01 307 * It's safe to access LBR msrs from guest when they have not 1b5ac3226a1aa0 Like Xu 2021-02-01 308 * been passthrough since the host would help restore or reset 1b5ac3226a1aa0 Like Xu 2021-02-01 309 * the LBR msrs records when the guest LBR event is scheduled in. 1b5ac3226a1aa0 Like Xu 2021-02-01 310 */ 1b5ac3226a1aa0 Like Xu 2021-02-01 311 static bool intel_pmu_handle_lbr_msrs_access(struct kvm_vcpu *vcpu, 1b5ac3226a1aa0 Like Xu 2021-02-01 312 struct msr_data *msr_info, bool read) 1b5ac3226a1aa0 Like Xu 2021-02-01 313 { 1b5ac3226a1aa0 Like Xu 2021-02-01 314 struct lbr_desc *lbr_desc = vcpu_to_lbr_desc(vcpu); 1b5ac3226a1aa0 Like Xu 2021-02-01 315 u32 index = msr_info->index; 1b5ac3226a1aa0 Like Xu 2021-02-01 316 1b5ac3226a1aa0 Like Xu 2021-02-01 317 if (!intel_pmu_is_valid_lbr_msr(vcpu, index)) 1b5ac3226a1aa0 Like Xu 2021-02-01 318 return false; 1b5ac3226a1aa0 Like Xu 2021-02-01 319 1b5ac3226a1aa0 Like Xu 2021-02-01 320 if (!lbr_desc->event && !intel_pmu_create_guest_lbr_event(vcpu)) 1b5ac3226a1aa0 Like Xu 2021-02-01 321 goto dummy; 1b5ac3226a1aa0 Like Xu 2021-02-01 322 1b5ac3226a1aa0 Like Xu 2021-02-01 323 /* 1b5ac3226a1aa0 Like Xu 2021-02-01 324 * Disable irq to ensure the LBR feature doesn't get reclaimed by the 1b5ac3226a1aa0 Like Xu 2021-02-01 325 * host at the time the value is read from the msr, and this avoids the 1b5ac3226a1aa0 Like Xu 2021-02-01 326 * host LBR value to be leaked to the guest. If LBR has been reclaimed, 1b5ac3226a1aa0 Like Xu 2021-02-01 327 * return 0 on guest reads. 1b5ac3226a1aa0 Like Xu 2021-02-01 328 */ 1b5ac3226a1aa0 Like Xu 2021-02-01 329 local_irq_disable(); 1b5ac3226a1aa0 Like Xu 2021-02-01 @330 if (lbr_desc->event->state == PERF_EVENT_STATE_ACTIVE) { 1b5ac3226a1aa0 Like Xu 2021-02-01 331 if (read) 1b5ac3226a1aa0 Like Xu 2021-02-01 332 rdmsrl(index, msr_info->data); 1b5ac3226a1aa0 Like Xu 2021-02-01 333 else 1b5ac3226a1aa0 Like Xu 2021-02-01 334 wrmsrl(index, msr_info->data); 1b5ac3226a1aa0 Like Xu 2021-02-01 335 local_irq_enable(); 1b5ac3226a1aa0 Like Xu 2021-02-01 336 return true; 1b5ac3226a1aa0 Like Xu 2021-02-01 337 } 1b5ac3226a1aa0 Like Xu 2021-02-01 338 local_irq_enable(); 1b5ac3226a1aa0 Like Xu 2021-02-01 339 1b5ac3226a1aa0 Like Xu 2021-02-01 340 dummy: 1b5ac3226a1aa0 Like Xu 2021-02-01 341 if (read) 1b5ac3226a1aa0 Like Xu 2021-02-01 342 msr_info->data = 0; 1b5ac3226a1aa0 Like Xu 2021-02-01 343 return true; 1b5ac3226a1aa0 Like Xu 2021-02-01 344 } 1b5ac3226a1aa0 Like Xu 2021-02-01 345 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
