| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 10 Mar 2024 10:35:56 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: torvalds@...ux-foundation.org
Cc: linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Subject: [GIT PULL] Final set of KVM fixes for Linux 6.8
Linus,
The following changes since commit c48617fbbe831d4c80fe84056033f17b70a31136:
Merge tag 'kvmarm-fixes-6.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD (2024-02-21 05:18:56 -0500)
are available in the Git repository at:
https://git.kernel.org/pub/scm/virt/kvm/kvm.git tags/for-linus
for you to fetch changes up to 5abf6dceb066f2b02b225fd561440c98a8062681:
SEV: disable SEV-ES DebugSwap by default (2024-03-09 11:42:25 -0500)
Sorry that this comes in a bit late.
It's a bunch of fixes mostly involving confidential VMs; in particular,
many of the commits constrain the new guest_memfd API a bit more, so
that we're not stuck supporting more than it's necessary. However,
there's also a rare failure to mark a guest page as dirty and a fix
for awful startup performance with preemptible kernels (including
CONFIG_PREEMPT_DYNAMIC in non-preemptible mode) of guests with many vCPUs.
----------------------------------------------------------------
KVM GUEST_MEMFD fixes for 6.8:
- Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY to
avoid creating an inconsistent ABI (KVM_MEM_GUEST_MEMFD is not writable
from userspace, so there would be no way to write to a read-only
guest_memfd).
- Update documentation for KVM_SW_PROTECTED_VM to make it abundantly
clear that such VMs are purely for development and testing.
- Limit KVM_SW_PROTECTED_VM guests to the TDP MMU, as the long term plan
is to support confidential VMs with deterministic private memory (SNP
and TDX) only in the TDP MMU.
- Fix a bug in a GUEST_MEMFD dirty logging test that caused false passes.
x86 fixes:
- Fix missing marking of a guest page as dirty when emulating an atomic access.
- Check for mmu_notifier invalidation events before faulting in the pfn,
and before acquiring mmu_lock, to avoid unnecessary work and lock
contention with preemptible kernels (including CONFIG_PREEMPT_DYNAMIC
in non-preemptible mode).
- Disable AMD DebugSwap by default, it breaks VMSA signing and will be
re-enabled with a better VM creation API in 6.10.
- Do the cache flush of converted pages in svm_register_enc_region() before
dropping kvm->lock, to avoid a race with unregistering of the same region
and the consequent use-after-free issue.
----------------------------------------------------------------
Paolo Bonzini (3):
Merge tag 'kvm-x86-fixes-6.8-2' of https://github.com/kvm-x86/linux into HEAD
Merge tag 'kvm-x86-guest_memfd_fixes-6.8' of https://github.com/kvm-x86/linux into HEAD
SEV: disable SEV-ES DebugSwap by default
Sean Christopherson (8):
KVM: x86: Mark target gfn of emulated atomic instruction as dirty
KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY
KVM: x86: Update KVM_SW_PROTECTED_VM docs to make it clear they're a WIP
KVM: x86/mmu: Restrict KVM_SW_PROTECTED_VM to the TDP MMU
KVM: selftests: Create GUEST_MEMFD for relevant invalid flags testcases
KVM: selftests: Add a testcase to verify GUEST_MEMFD and READONLY are exclusive
KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing
Documentation/virt/kvm/api.rst | 5 +++
arch/x86/kvm/Kconfig | 7 ++--
arch/x86/kvm/mmu/mmu.c | 42 ++++++++++++++++++++++
arch/x86/kvm/svm/sev.c | 25 +++++++------
arch/x86/kvm/x86.c | 12 ++++++-
include/linux/kvm_host.h | 26 ++++++++++++++
.../testing/selftests/kvm/set_memory_region_test.c | 12 ++++++-
virt/kvm/kvm_main.c | 8 ++++-
8 files changed, 121 insertions(+), 16 deletions(-)
Powered by blists - more mailing lists