When (conditionally) reprogramming fixed counters, use the hardware value of FIXED_CTR_CTRL to detect changes, not the guest's original value. For guests with a mediated PMU, overwriting fixed_ctr_ctrl_hw at the start of reprogramming without actually reacting to changes in fixed_ctr_ctrl_hw can lead to KVM ignoring PMU event filters. E.g. if the guest attempts to enable a fixed PMC that is disallowed, and then toggles a different PMC in a subsequent WRMSR, KVM will update pmu->fixed_ctr_ctrl_hw and reprogram the PMC that is changing, but not the others that are now effectively enabled in pmu->fixed_ctr_ctrl_hw. Note, the perf-based PMU is unaffected, as it doesn't use fixed_ctr_ctrl_hw (which is also why keying off fixed_ctr_ctrl_hw works for both PMUs. Note #2, fixed_ctr_ctrl_hw won't mess up pmc_in_use either, because the latter isn't used by the mediated PMU. Its purpose is solely to release perf events that are no longer being actively used, and the meadiated PMU obviously doesn't create perf events. Reported-by: Sashiko Closes: https://lore.kernel.org/all/20260528005419.0228F1F00A3A@smtp.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/pmu_intel.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/pmu_intel.c b/arch/x86/kvm/vmx/pmu_intel.c index 453cb3d3ec9b..a73a9515d96c 100644 --- a/arch/x86/kvm/vmx/pmu_intel.c +++ b/arch/x86/kvm/vmx/pmu_intel.c @@ -56,8 +56,16 @@ static struct x86_pmu_lbr *vcpu_to_lbr_records(struct kvm_vcpu *vcpu) static void reprogram_fixed_counters(struct kvm_pmu *pmu, u64 data) { + /* + * Compare against the value the mediated PMU shoves into hardware, not + * the guest's desired value. For the emulated PMU (proxied via perf), + * they are one and the same (fixed_ctr_ctrl_hw isn't used other than + * here). For the mediated PMU, KVM needs to reprogram the actual MSR, + * and so needs to react to potential changes in the value shoved into + * hardware, e.g. to ensure the event filter is enforced. + */ + u64 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl_hw; struct kvm_pmc *pmc; - u64 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl; int i; pmu->fixed_ctr_ctrl = data; -- 2.54.0.1032.g2f8565e1d1-goog