lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240605115644.8573-1-pbonzini@redhat.com>
Date: Wed,  5 Jun 2024 07:56:44 -0400
From: Paolo Bonzini <pbonzini@...hat.com>
To: torvalds@...ux-foundation.org
Cc: linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org
Subject: [GIT PULL] KVM fixes for Linux 6.10-rc3

Linus,

The following changes since commit c3f38fa61af77b49866b006939479069cd451173:

  Linux 6.10-rc2 (2024-06-02 15:44:56 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/virt/kvm/kvm.git tags/for-linus

for you to fetch changes up to db574f2f96d0c9a245a9e787e3d9ec288fb2b445:

  KVM: x86/mmu: Don't save mmu_invalidate_seq after checking private attr (2024-06-05 06:45:06 -0400)

The pull request is dominated by a couple large series for ARM
and x86 respectively, but apart from that things are calm.

----------------------------------------------------------------
ARM:

* Large set of FP/SVE fixes for pKVM, addressing the fallout
  from the per-CPU data rework and making sure that the host
  is not involved in the FP/SVE switching any more

* Allow FEAT_BTI to be enabled with NV now that FEAT_PAUTH
  is completely supported

* Fix for the respective priorities of Failed PAC, Illegal
  Execution state and Instruction Abort exceptions

* Fix the handling of AArch32 instruction traps failing their
  condition code, which was broken by the introduction of
  ESR_EL2.ISS2

* Allow vcpus running in AArch32 state to be restored in
  System mode

* Fix AArch32 GPR restore that would lose the 64 bit state
  under some conditions

RISC-V:

* No need to use mask when hart-index-bits is 0

* Fix incorrect reg_subtype labels in kvm_riscv_vcpu_set_reg_isa_ext()

x86:

* Fixes and debugging help for the #VE sanity check.  Also disable
  it by default, even for CONFIG_DEBUG_KERNEL, because it was found
  to trigger spuriously (most likely a processor erratum as the
  exact symptoms vary by generation).

* Avoid WARN() when two NMIs arrive simultaneously during an NMI-disabled
  situation (GIF=0 or interrupt shadow) when the processor supports
  virtual NMI.  While generally KVM will not request an NMI window
  when virtual NMIs are supported, in this case it *does* have to
  single-step over the interrupt shadow or enable the STGI intercept,
  in order to deliver the latched second NMI.

* Drop support for hand tuning APIC timer advancement from userspace.
  Since we have adaptive tuning, and it has proved to work well,
  drop the module parameter for manual configuration and with it a
  few stupid bugs that it had.

----------------------------------------------------------------
Fuad Tabba (9):
      KVM: arm64: Reintroduce __sve_save_state
      KVM: arm64: Fix prototype for __sve_save_state/__sve_restore_state
      KVM: arm64: Abstract set/clear of CPTR_EL2 bits behind helper
      KVM: arm64: Specialize handling of host fpsimd state on trap
      KVM: arm64: Allocate memory mapped at hyp for host sve state in pKVM
      KVM: arm64: Eagerly restore host fpsimd/sve state in pKVM
      KVM: arm64: Consolidate initializing the host data's fpsimd_state/sve in pKVM
      KVM: arm64: Refactor CPACR trap bit setting/clearing to use ELx format
      KVM: arm64: Ensure that SME controls are disabled in protected mode

Isaku Yamahata (1):
      KVM: x86/mmu: Use SHADOW_NONPRESENT_VALUE for atomic zap in TDP MMU

Marc Zyngier (5):
      KVM: arm64: Fix AArch32 register narrowing on userspace write
      KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
      KVM: arm64: AArch32: Fix spurious trapping of conditional instructions
      KVM: arm64: nv: Fix relative priorities of exceptions generated by ERETAx
      KVM: arm64: nv: Expose BTI and CSV_frac to a guest hypervisor

Nikunj A Dadhania (1):
      KVM: SEV-ES: Prevent MSR access post VMSA encryption

Paolo Bonzini (3):
      Merge branch 'kvm-fixes-6.10-1' into HEAD
      Merge tag 'kvm-riscv-fixes-6.10-1' of https://github.com/kvm-riscv/linux into HEAD
      Merge tag 'kvmarm-fixes-6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD

Quan Zhou (1):
      RISC-V: KVM: Fix incorrect reg_subtype labels in kvm_riscv_vcpu_set_reg_isa_ext function

Ravi Bangoria (2):
      KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent
      KVM: SEV-ES: Delegate LBR virtualization to the processor

Sean Christopherson (11):
      KVM: VMX: Don't kill the VM on an unexpected #VE
      KVM: nVMX: Initialize #VE info page for vmcs02 when proving #VE support
      KVM: nVMX: Always handle #VEs in L0 (never forward #VEs from L2 to L1)
      KVM: x86/mmu: Add sanity checks that KVM doesn't create EPT #VE SPTEs
      KVM: VMX: Dump VMCS on unexpected #VE
      KVM: x86/mmu: Print SPTEs on unexpected #VE
      KVM: VMX: Enumerate EPT Violation #VE support in /proc/cpuinfo
      KVM: x86: Disable KVM_INTEL_PROVE_VE by default
      KVM: x86: Force KVM_WERROR if the global WERROR is enabled
      KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked
      KVM: x86: Drop support for hand tuning APIC timer advancement from userspace

Tao Su (1):
      KVM: x86/mmu: Don't save mmu_invalidate_seq after checking private attr

Yong-Xuan Wang (1):
      RISC-V: KVM: No need to use mask when hart-index-bit is 0

 arch/arm64/include/asm/el2_setup.h      |  6 +--
 arch/arm64/include/asm/kvm_arm.h        |  6 +++
 arch/arm64/include/asm/kvm_emulate.h    | 71 ++++++++++++++++++++++++++--
 arch/arm64/include/asm/kvm_host.h       | 25 +++++++++-
 arch/arm64/include/asm/kvm_hyp.h        |  4 +-
 arch/arm64/include/asm/kvm_pkvm.h       |  9 ++++
 arch/arm64/kvm/arm.c                    | 76 +++++++++++++++++++++++++++++
 arch/arm64/kvm/emulate-nested.c         | 21 +++++----
 arch/arm64/kvm/fpsimd.c                 | 11 +++--
 arch/arm64/kvm/guest.c                  |  3 +-
 arch/arm64/kvm/hyp/aarch32.c            | 18 ++++++-
 arch/arm64/kvm/hyp/fpsimd.S             |  6 +++
 arch/arm64/kvm/hyp/include/hyp/switch.h | 36 +++++++-------
 arch/arm64/kvm/hyp/include/nvhe/pkvm.h  |  1 -
 arch/arm64/kvm/hyp/nvhe/hyp-main.c      | 84 +++++++++++++++++++++++++++++----
 arch/arm64/kvm/hyp/nvhe/pkvm.c          | 17 ++-----
 arch/arm64/kvm/hyp/nvhe/setup.c         | 25 +++++++++-
 arch/arm64/kvm/hyp/nvhe/switch.c        | 24 ++++++++--
 arch/arm64/kvm/hyp/vhe/switch.c         | 12 +++--
 arch/arm64/kvm/nested.c                 |  6 ++-
 arch/arm64/kvm/reset.c                  |  3 ++
 arch/riscv/kvm/aia_device.c             |  7 +--
 arch/riscv/kvm/vcpu_onereg.c            |  4 +-
 arch/x86/include/asm/kvm_host.h         |  1 +
 arch/x86/include/asm/vmxfeatures.h      |  2 +-
 arch/x86/kvm/Kconfig                    | 11 +++--
 arch/x86/kvm/lapic.c                    | 39 ++++++++-------
 arch/x86/kvm/lapic.h                    |  2 +-
 arch/x86/kvm/mmu/mmu.c                  | 48 ++++++++++++++-----
 arch/x86/kvm/mmu/spte.h                 |  9 ++++
 arch/x86/kvm/mmu/tdp_iter.h             |  2 +
 arch/x86/kvm/mmu/tdp_mmu.c              |  2 +-
 arch/x86/kvm/svm/sev.c                  | 19 ++++++--
 arch/x86/kvm/svm/svm.c                  | 69 ++++++++++++++++++++-------
 arch/x86/kvm/svm/svm.h                  |  4 +-
 arch/x86/kvm/vmx/nested.c               |  5 ++
 arch/x86/kvm/vmx/vmx.c                  | 11 ++++-
 arch/x86/kvm/x86.c                      | 11 +----
 38 files changed, 559 insertions(+), 151 deletions(-)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ