KVM: x86/pmu: do not mask the value that is written to fixed PMUs

[ Upstream commit 2924b52117b2812e9633d5ea337333299166d373 ]

According to the SDM, for MSR_IA32_PERFCTR0/1 "the lower-order 32 bits of
each MSR may be written with any value, and the high-order 8 bits are
sign-extended according to the value of bit 31", but the fixed counters
in real hardware are limited to the width of the fixed counters ("bits
beyond the width of the fixed-function counter are reserved and must be
written as zeros").  Fix KVM to do the same.

Reported-by: Nadav Amit <nadav.amit@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/arch/x86/kvm/pmu_intel.c b/arch/x86/kvm/pmu_intel.c
index 5ab4a364348e3c10987c33203be4ff6fa97e1e73..2729131fe9bfc6d68160100a65e587cd53127622 100644 (file)
--- a/arch/x86/kvm/pmu_intel.c
+++ b/arch/x86/kvm/pmu_intel.c
@@ -235,11 +235,14 @@ static int intel_pmu_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
                }
                break;
        default:
-               if ((pmc = get_gp_pmc(pmu, msr, MSR_IA32_PERFCTR0)) ||
-                   (pmc = get_fixed_pmc(pmu, msr))) {
-                       if (!msr_info->host_initiated)
-                               data = (s64)(s32)data;
-                       pmc->counter += data - pmc_read_counter(pmc);
+               if ((pmc = get_gp_pmc(pmu, msr, MSR_IA32_PERFCTR0))) {
+                       if (msr_info->host_initiated)
+                               pmc->counter = data;
+                       else
+                               pmc->counter = (s32)data;
+                       return 0;
+               } else if ((pmc = get_fixed_pmc(pmu, msr))) {
+                       pmc->counter = data;
                        return 0;
                } else if ((pmc = get_gp_pmc(pmu, msr, MSR_P6_EVNTSEL0))) {
                        if (data == pmc->eventsel)