lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260207041011.913471-6-seanjc@google.com>
Date: Fri,  6 Feb 2026 20:10:07 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86: Mediated PMU for 6.20

Mediated PMU support.  Note, this is based on perf-core-kvm-mediated-pmu from
the tip tree.  If the KVM pull request is merged before the perf request, this
will pull in another ~25 commits.

The following changes since commit 01122b89361e565b3c88b9fbebe92dc5c7420cb7:

  perf: Use EXPORT_SYMBOL_FOR_KVM() for the mediated APIs (2025-12-19 08:54:59 +0100)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-pmu-6.20

for you to fetch changes up to d374b89edbb9a8d552e03348f59287ff779b4c9d:

  KVM: VMX: Add mediated PMU support for CPUs without "save perf global ctrl" (2026-01-08 11:52:23 -0800)

----------------------------------------------------------------
KVM mediated PMU support for 6.20

Add support for mediated PMUs, where KVM gives the guest full ownership of PMU
hardware (contexted switched around the fastpath run loop) and allows direct
access to data MSRs and PMCs (restricted by the vPMU model), but intercepts
access to control registers, e.g. to enforce event filtering and to prevent the
guest from profiling sensitive host state.

To keep overall complexity reasonable, mediated PMU usage is all or nothing
for a given instance of KVM (controlled via module param).  The Mediated PMU
is disabled default, partly to maintain backwards compatilibity for existing
setup, partly because there are tradeoffs when running with a mediated PMU that
may be non-starters for some use cases, e.g. the host loses the ability to
profile guests with mediated PMUs, the fastpath run loop is also a blind spot,
entry/exit transitions are more expensive, etc.

Versus the emulated PMU, where KVM is "just another perf user", the mediated
PMU delivers more accurate profiling and monitoring (no risk of contention and
thus dropped events), with significantly less overhead (fewer exits and faster
emulation/programming of event selectors) E.g. when running Specint-2017 on
a single-socket Sapphire Rapids with 56 cores and no-SMT, and using perf from
within the guest:

  Perf command:
  a. basic-sampling: perf record -F 1000 -e 6-instructions  -a --overwrite
  b. multiplex-sampling: perf record -F 1000 -e 10-instructions -a --overwrite

  Guest performance overhead:
  ---------------------------------------------------------------------------
  | Test case          | emulated vPMU | all passthrough | passthrough with |
  |                    |               |                 | event filters    |
  ---------------------------------------------------------------------------
  | basic-sampling     |   33.62%      |    4.24%        |   6.21%          |
  ---------------------------------------------------------------------------
  | multiplex-sampling |   79.32%      |    7.34%        |   10.45%         |
  ---------------------------------------------------------------------------

----------------------------------------------------------------
Dapeng Mi (11):
      KVM: x86/pmu: Start stubbing in mediated PMU support
      KVM: x86/pmu: Implement Intel mediated PMU requirements and constraints
      KVM: x86/pmu: Disable RDPMC interception for compatible mediated vPMU
      KVM: x86/pmu: Load/save GLOBAL_CTRL via entry/exit fields for mediated PMU
      KVM: x86/pmu: Disable interception of select PMU MSRs for mediated vPMUs
      KVM: x86/pmu: Bypass perf checks when emulating mediated PMU counter accesses
      KVM: x86/pmu: Reprogram mediated PMU event selectors on event filter updates
      KVM: x86/pmu: Load/put mediated PMU context when entering/exiting guest
      KVM: x86/pmu: Handle emulated instruction for mediated vPMU
      KVM: nVMX: Add macros to simplify nested MSR interception setting
      KVM: x86/pmu: Expose enable_mediated_pmu parameter to user space

Mingwei Zhang (2):
      KVM: x86/pmu: Introduce eventsel_hw to prepare for pmu event filtering
      KVM: nVMX: Disable PMU MSR interception as appropriate while running L2

Sandipan Das (1):
      KVM: x86/pmu: Always stuff GuestOnly=1,HostOnly=0 for mediated PMCs on AMD

Sean Christopherson (15):
      KVM: Add a simplified wrapper for registering perf callbacks
      KVM: x86/pmu: Implement AMD mediated PMU requirements
      KVM: x86/pmu: Disallow emulation in the fastpath if mediated PMCs are active
      KVM: nSVM: Disable PMU MSR interception as appropriate while running L2
      KVM: x86/pmu: Elide WRMSRs when loading guest PMCs if values already match
      KVM: VMX: Drop intermediate "guest" field from msr_autostore
      KVM: nVMX: Don't update msr_autostore count when saving TSC for vmcs12
      KVM: VMX: Dedup code for removing MSR from VMCS's auto-load list
      KVM: VMX: Drop unused @entry_only param from add_atomic_switch_msr()
      KVM: VMX: Bug the VM if either MSR auto-load list is full
      KVM: VMX: Set MSR index auto-load entry if and only if entry is "new"
      KVM: VMX: Compartmentalize adding MSRs to host vs. guest auto-load list
      KVM: VMX: Dedup code for adding MSR to VMCS's auto list
      KVM: VMX: Initialize vmcs01.VM_EXIT_MSR_STORE_ADDR with list address
      KVM: VMX: Add mediated PMU support for CPUs without "save perf global ctrl"

Xiong Zhang (1):
      KVM: x86/pmu: Register PMI handler for mediated vPMU

 Documentation/admin-guide/kernel-parameters.txt |  49 ++++++++++++++++++++++
 arch/arm64/kvm/arm.c                            |   2 +-
 arch/loongarch/kvm/main.c                       |   2 +-
 arch/riscv/kvm/main.c                           |   2 +-
 arch/x86/include/asm/kvm-x86-pmu-ops.h          |   4 ++
 arch/x86/include/asm/kvm_host.h                 |   3 ++
 arch/x86/include/asm/msr-index.h                |   1 +
 arch/x86/include/asm/vmx.h                      |   1 +
 arch/x86/kvm/pmu.c                              | 269 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 arch/x86/kvm/pmu.h                              |  37 +++++++++++++++-
 arch/x86/kvm/svm/nested.c                       |  18 +++++++-
 arch/x86/kvm/svm/pmu.c                          |  44 +++++++++++++++++++
 arch/x86/kvm/svm/svm.c                          |  46 ++++++++++++++++++++
 arch/x86/kvm/vmx/capabilities.h                 |   9 +++-
 arch/x86/kvm/vmx/nested.c                       | 144 ++++++++++++++++++++++++++++++++++-----------------------------
 arch/x86/kvm/vmx/pmu_intel.c                    |  92 ++++++++++++++++++++++++++++++++++------
 arch/x86/kvm/vmx/pmu_intel.h                    |  15 +++++++
 arch/x86/kvm/vmx/vmx.c                          | 212 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------
 arch/x86/kvm/vmx/vmx.h                          |   9 ++--
 arch/x86/kvm/x86.c                              |  54 ++++++++++++++++++++++--
 arch/x86/kvm/x86.h                              |   1 +
 include/linux/kvm_host.h                        |  11 ++++-
 virt/kvm/kvm_main.c                             |   5 ++-
 23 files changed, 876 insertions(+), 154 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ