lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20250509190108.1582362-1-seanjc@google.com>
Date: Fri,  9 May 2025 12:01:08 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86: Fixes for 6.15-rcN

Please pull a random variety of fixes for 6.15.  The SRSO change is the
most urgent fix, everything else has either existed for some time, or isn't
actively causing problems.

The following changes since commit 2d7124941a273c7233849a7a2bbfbeb7e28f1caa:

  Merge tag 'kvmarm-fixes-6.15-2' of https://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD (2025-04-24 13:28:53 -0400)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-fixes-6.15-rcN

for you to fetch changes up to e3417ab75ab2e7dca6372a1bfa26b1be3ac5889e:

  KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions (2025-05-08 07:17:10 -0700)

----------------------------------------------------------------
KVM x86 fixes for 6.15-rcN

 - Forcibly leave SMM on SHUTDOWN interception on AMD CPUs to avoid causing
   problems due to KVM stuffing INIT on SHUTDOWN (KVM needs to sanitize the
   VMCB as its state is undefined after SHUTDOWN, emulating INIT is the
   least awful choice).

 - Track the valid sync/dirty fields in kvm_run as a u64 to ensure KVM
   KVM doesn't goof a sanity check in the future.

 - Free obsolete roots when (re)loading the MMU to fix a bug where
   pre-faulting memory can get stuck due to always encountering a stale
   root.

 - When dumping GHCB state, use KVM's snapshot instead of the raw GHCB page
   to print state, so that KVM doesn't print stale/wrong information.

 - When changing memory attributes (e.g. shared <=> private), add potential
   hugepage ranges to the mmu_invalidate_range_{start,end} set so that KVM
   doesn't create a shared/private hugepage when the the corresponding
   attributes will become mixed (the attributes are commited *after* KVM
   finishes the invalidation).

 - Rework the SRSO mitigation to enable BP_SPEC_REDUCE only when KVM has at
   least one active VM.  Effectively BP_SPEC_REDUCE when KVM is loaded led
   to very measurable performance regressions for non-KVM workloads.

----------------------------------------------------------------
Dan Carpenter (1):
      KVM: x86: Check that the high 32bits are clear in kvm_arch_vcpu_ioctl_run()

Mikhail Lobanov (1):
      KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception

Sean Christopherson (2):
      KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing
      KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions

Tom Lendacky (1):
      KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields

Yan Zhao (1):
      KVM: x86/mmu: Check and free obsolete roots in kvm_mmu_reload()

 arch/x86/kvm/mmu.h     |  3 ++
 arch/x86/kvm/mmu/mmu.c | 70 +++++++++++++++++++++++++++++++++++-----------
 arch/x86/kvm/smm.c     |  1 +
 arch/x86/kvm/svm/sev.c | 32 ++++++++++++---------
 arch/x86/kvm/svm/svm.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++----
 arch/x86/kvm/svm/svm.h |  2 ++
 arch/x86/kvm/x86.c     |  4 +--
 7 files changed, 150 insertions(+), 37 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ