lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241222194225.355168-1-pbonzini@redhat.com>
Date: Sun, 22 Dec 2024 14:42:25 -0500
From: Paolo Bonzini <pbonzini@...hat.com>
To: torvalds@...ux-foundation.org
Cc: linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org
Subject: [GIT PULL] KVM fixes for Linux 6.13-rc4 (or rc5)

Linus,

The following changes since commit 78d4f34e2115b517bcbfe7ec0d018bbbb6f9b0b8:

  Linux 6.13-rc3 (2024-12-15 15:58:23 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/virt/kvm/kvm.git tags/for-linus

for you to fetch changes up to 8afa5b10af9d748b055a43949f819d9991d63938:

  Merge tag 'kvm-x86-fixes-6.13-rcN' of https://github.com/kvm-x86/linux into HEAD (2024-12-22 12:07:16 -0500)

----------------------------------------------------------------
KVM x86 fixes for 6.13:

- Disable AVIC on SNP-enabled systems that don't allow writes to the virtual
  APIC page, as such hosts will hit unexpected RMP #PFs in the host when
  running VMs of any flavor.

- Fix a WARN in the hypercall completion path due to KVM trying to determine
  if a guest with protected register state is in 64-bit mode (KVM's ABI is to
  assume such guests only make hypercalls in 64-bit mode).

- Allow the guest to write to supported bits in MSR_AMD64_DE_CFG to fix a
  regression with Windows guests, and because KVM's read-only behavior appears
  to be entirely made up.

- Treat TDP MMU faults as spurious if the faulting access is allowed given the
  existing SPTE.  This fixes a benign WARN (other than the WARN itself) due to
  unexpectedly replacing a writable SPTE with a read-only SPTE.

- Emit a warning when KVM is configured with ignore_msrs=1 and also to hide the
  MSRs that the guest is looking for from the kernel logs.  ignore_msrs can
  trick guests into assuming that certain processor features are present, and
  this in turn leads to bogus bug reports.

----------------------------------------------------------------
Paolo Bonzini (2):
      KVM: x86: let it be known that ignore_msrs is a bad idea
      Merge tag 'kvm-x86-fixes-6.13-rcN' of https://github.com/kvm-x86/linux into HEAD

Sean Christopherson (3):
      KVM: x86: Play nice with protected guests in complete_hypercall_exit()
      KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits
      KVM: x86/mmu: Treat TDP MMU faults as spurious if access is already allowed

Suravee Suthikulpanit (1):
      KVM: SVM: Disable AVIC on SNP-enabled system without HvInUseWrAllowed feature

Wolfram Sang (1):
      KVM: VMX: don't include '<linux/find.h>' directly

 arch/x86/include/asm/cpufeatures.h |  1 +
 arch/x86/kvm/mmu/mmu.c             | 12 ------------
 arch/x86/kvm/mmu/spte.h            | 17 +++++++++++++++++
 arch/x86/kvm/mmu/tdp_mmu.c         |  5 +++++
 arch/x86/kvm/svm/avic.c            |  6 ++++++
 arch/x86/kvm/svm/svm.c             |  9 ---------
 arch/x86/kvm/vmx/posted_intr.h     |  2 +-
 arch/x86/kvm/x86.c                 |  9 ++++++++-
 8 files changed, 38 insertions(+), 23 deletions(-)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ