lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20180210144507.GA4191@flask>
Date:   Sat, 10 Feb 2018 15:45:08 +0100
From:   Radim Krčmář <rkrcmar@...hat.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Paolo Bonzini <pbonzini@...hat.com>, linux-kernel@...r.kernel.org,
        kvm@...r.kernel.org
Subject: [GIT PULL] KVM updates for Linux 4.16-rc1

Linus,

I apologize for complications with this pull request that was delayed
due to a sickness.

While I was bedridden, we've had a conflict with x86/pti that was not
resolved properly in next and it was a tricky one, so I have manually
merged msr-bitmaps topic branch into this pull request to hopefully
simplify the merge.

That merge and the last batch of PPC changes are not in next.   I've
included the PPC changes as they are all fixing bugs that we wouldn't
want in 4.16 anyway.

Features planned for the latter part of this merge window eventually
slipped to 4.17, so merge of x86/hyperv for the stable KVM clock on
Hyper-V is only really bringing conflict resolution with final 4.15.

Other conflict are to be resolved as in next and the expected resolution
can be found below a scissors line,

thanks.


The following changes since commit 904e14fb7cb96401a7dc803ca2863fd5ba32ffe6:

  KVM: VMX: make MSR bitmaps per-VCPU (2018-01-31 12:40:45 -0500)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/virt/kvm/kvm tags/kvm-4.16-1

for you to fetch changes up to 1ab03c072feb579c9fd116de25be2b211e6bff6a:

  Merge tag 'kvm-ppc-next-4.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc (2018-02-09 22:03:06 +0100)

----------------------------------------------------------------
KVM changes for 4.16

ARM:
- Include icache invalidation optimizations, improving VM startup time

- Support for forwarded level-triggered interrupts, improving
  performance for timers and passthrough platform devices

- A small fix for power-management notifiers, and some cosmetic changes

PPC:
- Add MMIO emulation for vector loads and stores

- Allow HPT guests to run on a radix host on POWER9 v2.2 CPUs without
  requiring the complex thread synchronization of older CPU versions

- Improve the handling of escalation interrupts with the XIVE interrupt
  controller

- Support decrement register migration

- Various cleanups and bugfixes.

s390:
- Cornelia Huck passed maintainership to Janosch Frank

- Exitless interrupts for emulated devices

- Cleanup of cpuflag handling

- kvm_stat counter improvements

- VSIE improvements

- mm cleanup

x86:
- Hypervisor part of SEV

- UMIP, RDPID, and MSR_SMI_COUNT emulation

- Paravirtualized TLB shootdown using the new KVM_VCPU_PREEMPTED bit

- Allow guests to see TOPOEXT, GFNI, VAES, VPCLMULQDQ, and more AVX512
  features

- Show vcpu id in its anonymous inode name

- Many fixes and cleanups

- Per-VCPU MSR bitmaps (already merged through x86/pti branch)

- Stable KVM clock when nesting on Hyper-V (merged through x86/hyperv)

----------------------------------------------------------------
Alexander Graf (3):
      KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage
      KVM: PPC: Book3S PR: Fix svcpu copying with preemption enabled
      KVM: PPC: Book3S HV: Branch inside feature section

Andrew Jones (1):
      arm64: KVM: Hide PMU from guests when disabled

Benjamin Herrenschmidt (6):
      KVM: PPC: Book3S HV: Add more info about XIVE queues in debugfs
      KVM: PPC: Book3S HV: Enable use of the new XIVE "single escalation" feature
      KVM: PPC: Book3S HV: Don't use existing "prodded" flag for XIVE escalations
      KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs
      KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word
      KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded

Borislav Petkov (2):
      crypto: ccp: Build the AMD secure processor driver only with AMD CPU support
      kvm/vmx: Use local vmx variable in vmx_get_msr()

Brijesh Singh (34):
      Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV)
      KVM: SVM: Prepare to reserve asid for SEV guest
      KVM: X86: Extend CPUID range to include new leaf
      KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl
      KVM: Introduce KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl
      crypto: ccp: Define SEV userspace ioctl and command id
      crypto: ccp: Define SEV key management command id
      crypto: ccp: Add Platform Security Processor (PSP) device support
      crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
      crypto: ccp: Implement SEV_FACTORY_RESET ioctl command
      crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command
      crypto: ccp: Implement SEV_PEK_GEN ioctl command
      crypto: ccp: Implement SEV_PDH_GEN ioctl command
      crypto: ccp: Implement SEV_PEK_CSR ioctl command
      crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command
      crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command
      KVM: X86: Add CONFIG_KVM_AMD_SEV
      KVM: SVM: Reserve ASID range for SEV guest
      KVM: SVM: Add sev module_param
      KVM: Define SEV key management command id
      KVM: SVM: Add KVM_SEV_INIT command
      KVM: SVM: VMRUN should use associated ASID when SEV is enabled
      KVM: SVM: Add support for KVM_SEV_LAUNCH_START command
      KVM: SVM: Add support for KVM_SEV_LAUNCH_UPDATE_DATA command
      KVM: SVM: Add support for KVM_SEV_LAUNCH_MEASURE command
      KVM: SVM: Add support for SEV LAUNCH_FINISH command
      KVM: SVM: Add support for SEV GUEST_STATUS command
      KVM: SVM: Add support for SEV DEBUG_DECRYPT command
      KVM: SVM: Add support for SEV DEBUG_ENCRYPT command
      KVM: SVM: Add support for SEV LAUNCH_SECRET command
      KVM: SVM: Pin guest memory when SEV is active
      KVM: SVM: Clear C-bit from the page fault address
      KVM: SVM: Do not install #UD intercept when SEV is enabled
      KVM: X86: Restart the guest when insn_len is zero and SEV is enabled

Christian Borntraeger (5):
      KVM: s390: use created_vcpus in more places
      KVM: s390: add debug tracing for cpu features of CPU model
      kvm_config: add CONFIG_S390_GUEST
      KVM: s390: diagnoses are instructions as well
      KVM: s390: add vcpu stat counters for many instruction

Christoffer Dall (29):
      KVM: Take vcpu->mutex outside vcpu_load
      KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code
      KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run
      KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs
      KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs
      KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_sregs
      KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs
      KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate
      KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate
      KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate
      KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug
      KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu
      KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu
      KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl
      KVM: arm/arm64: Remove redundant preemptible checks
      KVM: arm/arm64: Factor out functionality to get vgic mmio requester_vcpu
      KVM: arm/arm64: Don't cache the timer IRQ level
      KVM: arm/arm64: vgic: Support level-triggered mapped interrupts
      KVM: arm/arm64: Support a vgic interrupt line level sample function
      KVM: arm/arm64: Support VGIC dist pend/active changes for mapped IRQs
      KVM: arm/arm64: Provide a get_input_level for the arch timer
      KVM: arm/arm64: Avoid work when userspace iqchips are not used
      KVM: arm/arm64: Delete outdated forwarded irq documentation
      Revert "arm64: KVM: Hide PMU from guests when disabled"
      arm64: mm: Add additional parameter to uaccess_ttbr0_enable
      arm64: mm: Add additional parameter to uaccess_ttbr0_disable
      KVM: arm/arm64: Fix incorrect timer_is_pending logic
      KVM: arm/arm64: Fix userspace_irqchip_in_use counting
      KVM: arm/arm64: Fixup userspace irqchip static key optimization

Colin Ian King (1):
      KVM: x86: MMU: make array audit_point_name static

Cornelia Huck (3):
      MAINTAINERS: add David as a reviewer for KVM/s390
      MAINTAINERS: add Halil as additional vfio-ccw maintainer
      MAINTAINERS: update KVM/s390 maintainers

David Gibson (1):
      KVM: PPC: Book3S HV: Make HPT resizing work on POWER9

David Hildenbrand (9):
      s390x/mm: cleanup gmap_pte_op_walk()
      KVM: s390: cleanup struct kvm_s390_float_interrupt
      KVM: s390: vsie: use READ_ONCE to access some SCB fields
      KVM: s390: vsie: store guest addresses of satellite blocks in vsie_page
      s390x/mm: simplify gmap_protect_rmap()
      KVM: s390: rename __set_cpuflag() to kvm_s390_set_cpuflags()
      KVM: s390: reuse kvm_s390_set_cpuflags()
      KVM: s390: introduce and use kvm_s390_clear_cpuflags()
      KVM: s390: introduce and use kvm_s390_test_cpuflags()

Eric Biggers (1):
      KVM: x86: don't forget vcpu_put() in kvm_arch_vcpu_ioctl_set_sregs()

Gimcuan Hui (1):
      x86: kvm: mmu: make kvm_mmu_clear_all_pte_masks static

Haozhong Zhang (2):
      x86/mm: add a function to check if a pfn is UC/UC-/WC
      KVM: MMU: consider host cache mode in MMIO page check

James Morse (1):
      KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED

Janosch Frank (1):
      s390/mm: Remove superfluous parameter

Jens Freimann (1):
      s390/bitops: add test_and_clear_bit_inv()

Jim Mattson (4):
      KVM: nVMX: Eliminate vmcs02 pool
      kvm: vmx: Introduce VMCS12_MAX_FIELD_INDEX
      kvm: vmx: Change vmcs_field_type to vmcs_field_width
      kvm: vmx: Reduce size of vmcs_field_to_offset_table

Jose Ricardo Ziviani (1):
      KVM: PPC: Book3S: Add MMIO emulation for VMX instructions

KarimAllah Ahmed (1):
      kvm: Map PFN-type memory regions as writable (if possible)

Liran Alon (7):
      KVM: x86: Add emulation of MSR_SMI_COUNT
      KVM: nVMX: Fix bug of injecting L2 exception into L1
      KVM: x86: Optimization: Create SVM stubs for sync_pir_to_irr()
      KVM: x86: Change __kvm_apic_update_irr() to also return if max IRR updated
      KVM: nVMX: Re-evaluate L1 pending events when running L2 and L1 got posted-interrupt
      KVM: nVMX: Fix injection to L2 when L1 don't intercept external-interrupts
      KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2

Longpeng(Mike) (1):
      kvm: x86: remove efer_reload entry in kvm_vcpu_stat

Luis de Bethencourt (1):
      KVM: arm/arm64: Fix trailing semicolon

Marc Zyngier (9):
      KVM: arm/arm64: Detangle kvm_mmu.h from kvm_hyp.h
      KVM: arm/arm64: Split dcache/icache flushing
      arm64: KVM: Add invalidate_icache_range helper
      arm: KVM: Add optimized PIPT icache flushing
      arm64: KVM: PTE/PMD S2 XN bit definition
      KVM: arm/arm64: Limit icache invalidation to prefetch aborts
      KVM: arm/arm64: Only clean the dcache on translation fault
      KVM: arm/arm64: Preserve Exec permission across R/W permission faults
      KVM: arm/arm64: Drop vcpu parameter from guest cache maintenance operartions

Mark Kanda (1):
      KVM: nVMX: Add a WARN for freeing a loaded VMCS02

Markus Elfring (2):
      kvm_main: Use common error handling code in kvm_dev_ioctl_create_vm()
      KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show()

Masatake YAMATO (1):
      kvm: embed vcpu id to dentry of vcpu anon inode

Michael Mueller (12):
      KVM: s390: drop use of spin lock in __floating_irq_kick
      KVM: s390: reverse bit ordering of irqs in pending mask
      KVM: s390: define GISA format-0 data structure
      KVM: s390: implement GISA IPM related primitives
      s390/css: indicate the availability of the AIV facility
      KVM: s390: exploit GISA and AIV for emulated interrupts
      KVM: s390: abstract adapter interruption word generation from ISC
      KVM: s390: add GISA interrupts to FLIC ioctl interface
      KVM: s390: make kvm_s390_get_io_int() aware of GISA
      KVM: s390: activate GISA for emulated interrupts
      s390/sclp: expose the GISA format facility
      KVM: s390: introduce the format-1 GISA

Paolo Bonzini (20):
      KVM: x86: add support for UMIP
      KVM: x86: emulate sldt and str
      KVM: x86: add support for emulating UMIP
      KVM: vmx: add support for emulating UMIP
      KVM: x86: emulate RDPID
      KVM: introduce kvm_arch_vcpu_async_ioctl
      KVM: x86: avoid unnecessary XSETBV on guest entry
      Merge branch 'sev-v9-p2' of https://github.com/codomania/kvm
      KVM: x86: prefer "depends on" to "select" for SEV
      Merge branch 'kvm-insert-lfence'
      KVM: vmx: shadow more fields that are read/written on every vmexits
      KVM: VMX: optimize shadow VMCS copying
      KVM: VMX: split list of shadowed VMCS field to a separate file
      KVM: nVMX: track dirty state of non-shadowed VMCS fields
      KVM: nVMX: initialize descriptor cache fields in prepare_vmcs02_full
      KVM: nVMX: initialize more non-shadowed fields in prepare_vmcs02_full
      KVM: nVMX: remove unnecessary vmwrite from L2->L1 vmexit
      KVM: vmx: simplify MSR bitmap setup
      KVM: vmx: speed up MSR bitmap merge
      KVM: VMX: introduce X2APIC_MSR macro

Paul Mackerras (12):
      KVM: PPC: Book3S HV: Avoid shifts by negative amounts
      KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix()
      KVM: PPC: Book3S HV: Remove useless statement
      KVM: PPC: Book3S HV: Fix conditions for starting vcpu
      KVM: PPC: Book3S: Eliminate some unnecessary checks
      KVM: PPC: Book3S HV: Enable migration of decrementer register
      KVM: PPC: Book3S HV: Make sure we don't re-enter guest without XIVE loaded
      KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded
      KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2
      Merge remote-tracking branch 'remotes/powerpc/topic/ppc-kvm' into kvm-ppc-next
      KVM: PPC: Book3S HV: Drop locks before reading guest memory
      KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code

Quan Xu (1):
      KVM: VMX: drop I/O permission bitmaps

Radim Krčmář (11):
      KVM: x86: prevent MWAIT in guest with buggy MONITOR
      KVM: x86: drop bogus MWAIT check
      KVM: x86: simplify kvm_mwait_in_guest()
      Merge tag 'kvm-s390-next-4.16-1' of git://git.kernel.org/.../kvms390/linux
      Merge tag 'kvm-s390-next-4.16-2' of git://git.kernel.org/.../kvms390/linux
      Merge tag 'kvm-s390-next-4.16-3' of git://git.kernel.org/.../kvms390/linux
      Merge tag 'kvm-arm-for-v4.16' of git://git.kernel.org/.../kvmarm/kvmarm
      Merge branch 'x86/hyperv' of git://git.kernel.org/.../tip/tip
      Merge tag 'kvm-ppc-next-4.16-1' of git://git.kernel.org/.../paulus/powerpc
      Merge branch 'msr-bitmaps' of git://git.kernel.org/pub/scm/virt/kvm/kvm
      Merge tag 'kvm-ppc-next-4.16-2' of git://git.kernel.org/.../paulus/powerpc

Stanislav Lanci (1):
      KVM: x86: AMD Processor Topology Information

Thomas Gleixner (1):
      x86/kvm: Make it compile on 32bit and with HYPYERVISOR_GUEST=n

Tom Lendacky (3):
      x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature
      kvm: svm: prepare for new bit definition in nested_ctl
      kvm: svm: Add SEV feature definitions to KVM

Ulf Magnusson (1):
      KVM: PPC: Book3S PR: Fix broken select due to misspelling

Vasyl Gomonovych (1):
      KVM: arm: Use PTR_ERR_OR_ZERO()

Vitaly Kuznetsov (8):
      x86/hyperv: Check for required priviliges in hyperv_init()
      x86/hyperv: Add a function to read both TSC and TSC page value simulateneously
      x86/hyperv: Reenlightenment notifications support
      x86/hyperv: Redirect reenlightment notifications on CPU offlining
      x86/irq: Count Hyper-V reenlightenment interrupts
      x86/kvm: Pass stable clocksource to guests when running nested on Hyper-V
      x86/kvm: Support Hyper-V reenlightenment
      x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested

Wanpeng Li (7):
      KVM: VMX: Cache IA32_DEBUGCTL in memory
      KVM: X86: Reduce the overhead when lapic_timer_advance is disabled
      KVM: X86: Add KVM_VCPU_PREEMPTED
      KVM: X86: use paravirtualized TLB Shootdown
      KVM: X86: introduce invalidate_gpa argument to tlb flush
      KVM: X86: support paravirtualized help for TLB shootdowns
      KVM: x86: fix escape of guest dr6 to the host

Yang Zhong (1):
      KVM: Expose new cpu features to guest

 Documentation/virtual/kvm/00-INDEX                 |    3 +
 .../virtual/kvm/amd-memory-encryption.rst          |  247 ++++
 Documentation/virtual/kvm/api.txt                  |   54 +-
 Documentation/virtual/kvm/arm/vgic-mapped-irqs.txt |  187 ---
 Documentation/virtual/kvm/cpuid.txt                |    4 +
 MAINTAINERS                                        |    5 +-
 arch/arm/include/asm/kvm_emulate.h                 |    2 +-
 arch/arm/include/asm/kvm_host.h                    |    2 +
 arch/arm/include/asm/kvm_hyp.h                     |    3 +-
 arch/arm/include/asm/kvm_mmu.h                     |   99 +-
 arch/arm/include/asm/pgtable.h                     |    4 +-
 arch/arm/kvm/hyp/switch.c                          |    1 +
 arch/arm/kvm/hyp/tlb.c                             |    1 +
 arch/arm64/include/asm/assembler.h                 |   21 +
 arch/arm64/include/asm/cacheflush.h                |    7 +
 arch/arm64/include/asm/kvm_host.h                  |    2 +
 arch/arm64/include/asm/kvm_hyp.h                   |    1 -
 arch/arm64/include/asm/kvm_mmu.h                   |   36 +-
 arch/arm64/include/asm/pgtable-hwdef.h             |    2 +
 arch/arm64/include/asm/pgtable-prot.h              |    4 +-
 arch/arm64/kvm/guest.c                             |   15 +-
 arch/arm64/kvm/hyp/debug-sr.c                      |    1 +
 arch/arm64/kvm/hyp/switch.c                        |    1 +
 arch/arm64/kvm/hyp/tlb.c                           |    1 +
 arch/arm64/mm/cache.S                              |   32 +-
 arch/mips/kvm/Kconfig                              |    1 +
 arch/mips/kvm/mips.c                               |   67 +-
 arch/powerpc/include/asm/kvm_book3s.h              |    6 +-
 arch/powerpc/include/asm/kvm_book3s_64.h           |   14 +-
 arch/powerpc/include/asm/kvm_host.h                |    8 +-
 arch/powerpc/include/asm/kvm_ppc.h                 |    4 +
 arch/powerpc/include/asm/opal-api.h                |    1 +
 arch/powerpc/include/asm/ppc-opcode.h              |    6 +
 arch/powerpc/include/asm/xive.h                    |    3 +-
 arch/powerpc/include/uapi/asm/kvm.h                |    2 +
 arch/powerpc/kernel/asm-offsets.c                  |    4 +
 arch/powerpc/kvm/Kconfig                           |    3 +-
 arch/powerpc/kvm/book3s.c                          |   24 +-
 arch/powerpc/kvm/book3s_64_mmu_hv.c                |   38 +-
 arch/powerpc/kvm/book3s_64_mmu_radix.c             |    2 +-
 arch/powerpc/kvm/book3s_hv.c                       |   70 +-
 arch/powerpc/kvm/book3s_hv_rmhandlers.S            |  231 ++--
 arch/powerpc/kvm/book3s_interrupts.S               |    4 +-
 arch/powerpc/kvm/book3s_pr.c                       |   20 +-
 arch/powerpc/kvm/book3s_xive.c                     |  109 +-
 arch/powerpc/kvm/book3s_xive.h                     |   15 +-
 arch/powerpc/kvm/booke.c                           |   51 +-
 arch/powerpc/kvm/emulate_loadstore.c               |   36 +
 arch/powerpc/kvm/powerpc.c                         |  200 +++-
 arch/powerpc/kvm/timing.c                          |    3 +-
 arch/powerpc/sysdev/xive/native.c                  |   18 +-
 arch/s390/include/asm/bitops.h                     |    5 +
 arch/s390/include/asm/css_chars.h                  |    4 +-
 arch/s390/include/asm/kvm_host.h                   |  126 +-
 arch/s390/include/asm/sclp.h                       |    1 +
 arch/s390/kvm/Kconfig                              |    1 +
 arch/s390/kvm/diag.c                               |    1 +
 arch/s390/kvm/interrupt.c                          |  288 ++++-
 arch/s390/kvm/kvm-s390.c                           |  209 +++-
 arch/s390/kvm/kvm-s390.h                           |   22 +-
 arch/s390/kvm/priv.c                               |   38 +-
 arch/s390/kvm/sigp.c                               |   18 +-
 arch/s390/kvm/vsie.c                               |   91 +-
 arch/s390/mm/gmap.c                                |   44 +-
 arch/x86/entry/entry_32.S                          |    3 +
 arch/x86/entry/entry_64.S                          |    3 +
 arch/x86/hyperv/hv_init.c                          |  123 +-
 arch/x86/include/asm/cpufeatures.h                 |    1 +
 arch/x86/include/asm/hardirq.h                     |    3 +
 arch/x86/include/asm/irq_vectors.h                 |    7 +-
 arch/x86/include/asm/kvm_host.h                    |   22 +-
 arch/x86/include/asm/mshyperv.h                    |   32 +-
 arch/x86/include/asm/msr-index.h                   |    2 +
 arch/x86/include/asm/pat.h                         |    2 +
 arch/x86/include/asm/svm.h                         |    3 +
 arch/x86/include/uapi/asm/hyperv.h                 |   27 +
 arch/x86/include/uapi/asm/kvm_para.h               |    4 +
 arch/x86/kernel/cpu/amd.c                          |   66 +-
 arch/x86/kernel/cpu/mshyperv.c                     |    6 +
 arch/x86/kernel/cpu/scattered.c                    |    1 +
 arch/x86/kernel/irq.c                              |    9 +
 arch/x86/kernel/kvm.c                              |   49 +-
 arch/x86/kvm/Kconfig                               |    8 +
 arch/x86/kvm/cpuid.c                               |   22 +-
 arch/x86/kvm/emulate.c                             |   62 +-
 arch/x86/kvm/irq.c                                 |    2 +-
 arch/x86/kvm/lapic.c                               |   25 +-
 arch/x86/kvm/lapic.h                               |    4 +-
 arch/x86/kvm/mmu.c                                 |   26 +-
 arch/x86/kvm/mmu_audit.c                           |    2 +-
 arch/x86/kvm/svm.c                                 | 1199 +++++++++++++++++++-
 arch/x86/kvm/vmx.c                                 |  758 +++++++------
 arch/x86/kvm/vmx_shadow_fields.h                   |   77 ++
 arch/x86/kvm/x86.c                                 |  338 ++++--
 arch/x86/kvm/x86.h                                 |   33 +-
 arch/x86/mm/pat.c                                  |   19 +
 drivers/crypto/ccp/Kconfig                         |   12 +
 drivers/crypto/ccp/Makefile                        |    1 +
 drivers/crypto/ccp/psp-dev.c                       |  805 +++++++++++++
 drivers/crypto/ccp/psp-dev.h                       |   83 ++
 drivers/crypto/ccp/sp-dev.c                        |   35 +
 drivers/crypto/ccp/sp-dev.h                        |   28 +-
 drivers/crypto/ccp/sp-pci.c                        |   52 +
 drivers/s390/char/sclp_early.c                     |    3 +-
 include/kvm/arm_arch_timer.h                       |    2 +
 include/kvm/arm_vgic.h                             |   13 +-
 include/linux/kvm_host.h                           |   14 +-
 include/linux/psp-sev.h                            |  606 ++++++++++
 include/uapi/linux/kvm.h                           |   90 ++
 include/uapi/linux/psp-sev.h                       |  142 +++
 kernel/configs/kvm_guest.config                    |    1 +
 virt/kvm/Kconfig                                   |    3 +
 virt/kvm/arm/arch_timer.c                          |  138 ++-
 virt/kvm/arm/arm.c                                 |  153 ++-
 virt/kvm/arm/hyp/vgic-v2-sr.c                      |    1 +
 virt/kvm/arm/mmu.c                                 |   64 +-
 virt/kvm/arm/vgic/vgic-its.c                       |    4 +-
 virt/kvm/arm/vgic/vgic-mmio.c                      |  115 +-
 virt/kvm/arm/vgic/vgic-v2.c                        |   29 +
 virt/kvm/arm/vgic/vgic-v3.c                        |   29 +
 virt/kvm/arm/vgic/vgic.c                           |   41 +-
 virt/kvm/arm/vgic/vgic.h                           |    8 +
 virt/kvm/kvm_main.c                                |   62 +-
 123 files changed, 6579 insertions(+), 1416 deletions(-)

---8<---
Sample merge resolution.
---
diff --cc arch/arm64/include/asm/pgtable-prot.h
index 2db84df5eb42,4e12dabd342b..108ecad7acc5
--- a/arch/arm64/include/asm/pgtable-prot.h
+++ b/arch/arm64/include/asm/pgtable-prot.h
@@@ -53,24 -47,23 +53,24 @@@
  #define PROT_SECT_NORMAL	(PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL))
  #define PROT_SECT_NORMAL_EXEC	(PROT_SECT_DEFAULT | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL))
  
 -#define _PAGE_DEFAULT		(PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL))
 +#define _PAGE_DEFAULT		(_PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL))
 +#define _HYP_PAGE_DEFAULT	_PAGE_DEFAULT
  
 -#define PAGE_KERNEL		__pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE)
 -#define PAGE_KERNEL_RO		__pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_RDONLY)
 -#define PAGE_KERNEL_ROX		__pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_RDONLY)
 -#define PAGE_KERNEL_EXEC	__pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE)
 -#define PAGE_KERNEL_EXEC_CONT	__pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_CONT)
 +#define PAGE_KERNEL		__pgprot(PROT_NORMAL)
 +#define PAGE_KERNEL_RO		__pgprot((PROT_NORMAL & ~PTE_WRITE) | PTE_RDONLY)
 +#define PAGE_KERNEL_ROX		__pgprot((PROT_NORMAL & ~(PTE_WRITE | PTE_PXN)) | PTE_RDONLY)
 +#define PAGE_KERNEL_EXEC	__pgprot(PROT_NORMAL & ~PTE_PXN)
 +#define PAGE_KERNEL_EXEC_CONT	__pgprot((PROT_NORMAL & ~PTE_PXN) | PTE_CONT)
  
 -#define PAGE_HYP		__pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN)
 -#define PAGE_HYP_EXEC		__pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY)
 -#define PAGE_HYP_RO		__pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN)
 +#define PAGE_HYP		__pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN)
 +#define PAGE_HYP_EXEC		__pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY)
 +#define PAGE_HYP_RO		__pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN)
  #define PAGE_HYP_DEVICE		__pgprot(PROT_DEVICE_nGnRE | PTE_HYP)
  
- #define PAGE_S2			__pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY)
- #define PAGE_S2_DEVICE		__pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN)
 -#define PAGE_S2			__pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY | PTE_S2_XN)
 -#define PAGE_S2_DEVICE		__pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_S2_XN)
++#define PAGE_S2			__pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY | PTE_S2_XN)
++#define PAGE_S2_DEVICE		__pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_S2_XN)
  
 -#define PAGE_NONE		__pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_PXN | PTE_UXN)
 +#define PAGE_NONE		__pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN)
  #define PAGE_SHARED		__pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE)
  #define PAGE_SHARED_EXEC	__pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_WRITE)
  #define PAGE_READONLY		__pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN)
diff --cc arch/x86/include/asm/mshyperv.h
index b52af150cbd8,1790002a2052..25283f7eb299
--- a/arch/x86/include/asm/mshyperv.h
+++ b/arch/x86/include/asm/mshyperv.h
@@@ -314,13 -315,21 +315,21 @@@ void hyperv_init(void)
  void hyperv_setup_mmu_ops(void);
  void hyper_alloc_mmu(void);
  void hyperv_report_panic(struct pt_regs *regs, long err);
 -bool hv_is_hypercall_page_setup(void);
 +bool hv_is_hyperv_initialized(void);
  void hyperv_cleanup(void);
+ 
+ void hyperv_reenlightenment_intr(struct pt_regs *regs);
+ void set_hv_tscchange_cb(void (*cb)(void));
+ void clear_hv_tscchange_cb(void);
+ void hyperv_stop_tsc_emulation(void);
  #else /* CONFIG_HYPERV */
  static inline void hyperv_init(void) {}
 -static inline bool hv_is_hypercall_page_setup(void) { return false; }
 +static inline bool hv_is_hyperv_initialized(void) { return false; }
  static inline void hyperv_cleanup(void) {}
  static inline void hyperv_setup_mmu_ops(void) {}
+ static inline void set_hv_tscchange_cb(void (*cb)(void)) {}
+ static inline void clear_hv_tscchange_cb(void) {}
+ static inline void hyperv_stop_tsc_emulation(void) {};
  #endif /* CONFIG_HYPERV */
  
  #ifdef CONFIG_HYPERV_TSCPAGE
diff --cc arch/x86/kvm/cpuid.c
index 13f5d4217e4f,20e491b94f44..a0c5a69bc7c4
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@@ -363,12 -371,9 +369,13 @@@ static inline int __do_cpuid_ent(struc
  		F(LAHF_LM) | F(CMP_LEGACY) | 0 /*SVM*/ | 0 /* ExtApicSpace */ |
  		F(CR8_LEGACY) | F(ABM) | F(SSE4A) | F(MISALIGNSSE) |
  		F(3DNOWPREFETCH) | F(OSVW) | 0 /* IBS */ | F(XOP) |
- 		0 /* SKINIT, WDT, LWP */ | F(FMA4) | F(TBM);
+ 		0 /* SKINIT, WDT, LWP */ | F(FMA4) | F(TBM) |
+ 		F(TOPOEXT);
  
 +	/* cpuid 0x80000008.ebx */
 +	const u32 kvm_cpuid_8000_0008_ebx_x86_features =
 +		F(IBPB) | F(IBRS);
 +
  	/* cpuid 0xC0000001.edx */
  	const u32 kvm_cpuid_C000_0001_edx_x86_features =
  		F(XSTORE) | F(XSTORE_EN) | F(XCRYPT) | F(XCRYPT_EN) |
diff --cc arch/x86/kvm/svm.c
index 4e3c79530526,1bf20e9160bd..b3e488a74828
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@@ -533,7 -573,9 +577,10 @@@ struct svm_cpu_data 
  	struct kvm_ldttss_desc *tss_desc;
  
  	struct page *save_area;
 +	struct vmcb *current_vmcb;
+ 
+ 	/* index = sev_asid, value = vmcb pointer */
+ 	struct vmcb **sev_vmcbs;
  };
  
  static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data);
diff --cc arch/x86/kvm/vmx.c
index bee4c49f6dd0,9973a301364e..9d95957be4e8
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@@ -903,18 -864,25 +869,23 @@@ static const unsigned short vmcs_field_
  
  static inline short vmcs_field_to_offset(unsigned long field)
  {
 +	const size_t size = ARRAY_SIZE(vmcs_field_to_offset_table);
 +	unsigned short offset;
+ 	unsigned index;
  
- 	BUILD_BUG_ON(size > SHRT_MAX);
- 	if (field >= size)
+ 	if (field >> 15)
  		return -ENOENT;
  
- 	field = array_index_nospec(field, size);
- 	offset = vmcs_field_to_offset_table[field];
+ 	index = ROL16(field, 6);
 -	if (index >= ARRAY_SIZE(vmcs_field_to_offset_table))
++	if (index >= size)
+ 		return -ENOENT;
+ 
 -	/*
 -	 * FIXME: Mitigation for CVE-2017-5753.  To be replaced with a
 -	 * generic mechanism.
 -	 */
 -	asm("lfence");
 -
 -	if (vmcs_field_to_offset_table[index] == 0)
++	index = array_index_nospec(index, size);
++	offset = vmcs_field_to_offset_table[index];
 +	if (offset == 0)
  		return -ENOENT;
+ 
 -	return vmcs_field_to_offset_table[index];
 +	return offset;
  }
  
  static inline struct vmcs12 *get_vmcs12(struct kvm_vcpu *vcpu)
@@@ -10206,69 -10049,55 +10212,84 @@@ static inline bool nested_vmx_prepare_m
  	struct page *page;
  	unsigned long *msr_bitmap_l1;
  	unsigned long *msr_bitmap_l0 = to_vmx(vcpu)->nested.vmcs02.msr_bitmap;
 +	/*
 +	 * pred_cmd & spec_ctrl are trying to verify two things:
 +	 *
 +	 * 1. L0 gave a permission to L1 to actually passthrough the MSR. This
 +	 *    ensures that we do not accidentally generate an L02 MSR bitmap
 +	 *    from the L12 MSR bitmap that is too permissive.
 +	 * 2. That L1 or L2s have actually used the MSR. This avoids
 +	 *    unnecessarily merging of the bitmap if the MSR is unused. This
 +	 *    works properly because we only update the L01 MSR bitmap lazily.
 +	 *    So even if L0 should pass L1 these MSRs, the L01 bitmap is only
 +	 *    updated to reflect this when L1 (or its L2s) actually write to
 +	 *    the MSR.
 +	 */
 +	bool pred_cmd = msr_write_intercepted_l01(vcpu, MSR_IA32_PRED_CMD);
 +	bool spec_ctrl = msr_write_intercepted_l01(vcpu, MSR_IA32_SPEC_CTRL);
  
+ 	/* Nothing to do if the MSR bitmap is not in use.  */
+ 	if (!cpu_has_vmx_msr_bitmap() ||
+ 	    !nested_cpu_has(vmcs12, CPU_BASED_USE_MSR_BITMAPS))
+ 		return false;
+ 
+ 	/* This shortcut is ok because we support only x2APIC MSRs so far. */
 -	if (!nested_cpu_has_virt_x2apic_mode(vmcs12))
 +	if (!nested_cpu_has_virt_x2apic_mode(vmcs12) &&
 +	    !pred_cmd && !spec_ctrl)
  		return false;
  
  	page = kvm_vcpu_gpa_to_page(vcpu, vmcs12->msr_bitmap);
  	if (is_error_page(page))
  		return false;
+ 
  	msr_bitmap_l1 = (unsigned long *)kmap(page);
- 
- 	memset(msr_bitmap_l0, 0xff, PAGE_SIZE);
- 
- 	if (nested_cpu_has_virt_x2apic_mode(vmcs12)) {
- 		if (nested_cpu_has_apic_reg_virt(vmcs12))
- 			for (msr = 0x800; msr <= 0x8ff; msr++)
- 				nested_vmx_disable_intercept_for_msr(
- 					msr_bitmap_l1, msr_bitmap_l0,
- 					msr, MSR_TYPE_R);
- 
- 		nested_vmx_disable_intercept_for_msr(
- 				msr_bitmap_l1, msr_bitmap_l0,
- 				APIC_BASE_MSR + (APIC_TASKPRI >> 4),
- 				MSR_TYPE_R | MSR_TYPE_W);
- 
- 		if (nested_cpu_has_vid(vmcs12)) {
- 			nested_vmx_disable_intercept_for_msr(
- 				msr_bitmap_l1, msr_bitmap_l0,
- 				APIC_BASE_MSR + (APIC_EOI >> 4),
- 				MSR_TYPE_W);
- 			nested_vmx_disable_intercept_for_msr(
- 				msr_bitmap_l1, msr_bitmap_l0,
- 				APIC_BASE_MSR + (APIC_SELF_IPI >> 4),
- 				MSR_TYPE_W);
+ 	if (nested_cpu_has_apic_reg_virt(vmcs12)) {
+ 		/*
+ 		 * L0 need not intercept reads for MSRs between 0x800 and 0x8ff, it
+ 		 * just lets the processor take the value from the virtual-APIC page;
+ 		 * take those 256 bits directly from the L1 bitmap.
+ 		 */
+ 		for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) {
+ 			unsigned word = msr / BITS_PER_LONG;
+ 			msr_bitmap_l0[word] = msr_bitmap_l1[word];
+ 			msr_bitmap_l0[word + (0x800 / sizeof(long))] = ~0;
  		}
+ 	} else {
+ 		for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) {
+ 			unsigned word = msr / BITS_PER_LONG;
+ 			msr_bitmap_l0[word] = ~0;
+ 			msr_bitmap_l0[word + (0x800 / sizeof(long))] = ~0;
+ 		}
+ 	}
+ 
+ 	nested_vmx_disable_intercept_for_msr(
+ 		msr_bitmap_l1, msr_bitmap_l0,
+ 		X2APIC_MSR(APIC_TASKPRI),
+ 		MSR_TYPE_W);
+ 
+ 	if (nested_cpu_has_vid(vmcs12)) {
+ 		nested_vmx_disable_intercept_for_msr(
+ 			msr_bitmap_l1, msr_bitmap_l0,
+ 			X2APIC_MSR(APIC_EOI),
+ 			MSR_TYPE_W);
+ 		nested_vmx_disable_intercept_for_msr(
+ 			msr_bitmap_l1, msr_bitmap_l0,
+ 			X2APIC_MSR(APIC_SELF_IPI),
+ 			MSR_TYPE_W);
  	}
 +
 +	if (spec_ctrl)
 +		nested_vmx_disable_intercept_for_msr(
 +					msr_bitmap_l1, msr_bitmap_l0,
 +					MSR_IA32_SPEC_CTRL,
 +					MSR_TYPE_R | MSR_TYPE_W);
 +
 +	if (pred_cmd)
 +		nested_vmx_disable_intercept_for_msr(
 +					msr_bitmap_l1, msr_bitmap_l0,
 +					MSR_IA32_PRED_CMD,
 +					MSR_TYPE_W);
 +
  	kunmap(page);
  	kvm_release_page_clean(page);
  

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ