| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250509190108.1582362-1-seanjc@google.com>
Date: Fri, 9 May 2025 12:01:08 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86: Fixes for 6.15-rcN
Please pull a random variety of fixes for 6.15. The SRSO change is the
most urgent fix, everything else has either existed for some time, or isn't
actively causing problems.
The following changes since commit 2d7124941a273c7233849a7a2bbfbeb7e28f1caa:
Merge tag 'kvmarm-fixes-6.15-2' of https://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD (2025-04-24 13:28:53 -0400)
are available in the Git repository at:
https://github.com/kvm-x86/linux.git tags/kvm-x86-fixes-6.15-rcN
for you to fetch changes up to e3417ab75ab2e7dca6372a1bfa26b1be3ac5889e:
KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions (2025-05-08 07:17:10 -0700)
----------------------------------------------------------------
KVM x86 fixes for 6.15-rcN
- Forcibly leave SMM on SHUTDOWN interception on AMD CPUs to avoid causing
problems due to KVM stuffing INIT on SHUTDOWN (KVM needs to sanitize the
VMCB as its state is undefined after SHUTDOWN, emulating INIT is the
least awful choice).
- Track the valid sync/dirty fields in kvm_run as a u64 to ensure KVM
KVM doesn't goof a sanity check in the future.
- Free obsolete roots when (re)loading the MMU to fix a bug where
pre-faulting memory can get stuck due to always encountering a stale
root.
- When dumping GHCB state, use KVM's snapshot instead of the raw GHCB page
to print state, so that KVM doesn't print stale/wrong information.
- When changing memory attributes (e.g. shared <=> private), add potential
hugepage ranges to the mmu_invalidate_range_{start,end} set so that KVM
doesn't create a shared/private hugepage when the the corresponding
attributes will become mixed (the attributes are commited *after* KVM
finishes the invalidation).
- Rework the SRSO mitigation to enable BP_SPEC_REDUCE only when KVM has at
least one active VM. Effectively BP_SPEC_REDUCE when KVM is loaded led
to very measurable performance regressions for non-KVM workloads.
----------------------------------------------------------------
Dan Carpenter (1):
KVM: x86: Check that the high 32bits are clear in kvm_arch_vcpu_ioctl_run()
Mikhail Lobanov (1):
KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
Sean Christopherson (2):
KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing
KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions
Tom Lendacky (1):
KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields
Yan Zhao (1):
KVM: x86/mmu: Check and free obsolete roots in kvm_mmu_reload()
arch/x86/kvm/mmu.h | 3 ++
arch/x86/kvm/mmu/mmu.c | 70 +++++++++++++++++++++++++++++++++++-----------
arch/x86/kvm/smm.c | 1 +
arch/x86/kvm/svm/sev.c | 32 ++++++++++++---------
arch/x86/kvm/svm/svm.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++----
arch/x86/kvm/svm/svm.h | 2 ++
arch/x86/kvm/x86.c | 4 +--
7 files changed, 150 insertions(+), 37 deletions(-)
Powered by blists - more mailing lists