| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABgObfbKCRggZm7kbeVkAykxO1tEi1v7q=emcSxWWgMLX20WPA@mail.gmail.com>
Date: Sun, 11 May 2025 13:13:33 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] KVM: x86: Fixes for 6.15-rcN
On Fri, May 9, 2025 at 9:01 PM Sean Christopherson <seanjc@...gle.com> wrote:
> Please pull a random variety of fixes for 6.15. The SRSO change is the
> most urgent fix, everything else has either existed for some time, or isn't
> actively causing problems.
Cool, thanks; pulled.
Paolo
> The following changes since commit 2d7124941a273c7233849a7a2bbfbeb7e28f1caa:
>
> Merge tag 'kvmarm-fixes-6.15-2' of https://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD (2025-04-24 13:28:53 -0400)
>
> are available in the Git repository at:
>
> https://github.com/kvm-x86/linux.git tags/kvm-x86-fixes-6.15-rcN
>
> for you to fetch changes up to e3417ab75ab2e7dca6372a1bfa26b1be3ac5889e:
>
> KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions (2025-05-08 07:17:10 -0700)
>
> ----------------------------------------------------------------
> KVM x86 fixes for 6.15-rcN
>
> - Forcibly leave SMM on SHUTDOWN interception on AMD CPUs to avoid causing
> problems due to KVM stuffing INIT on SHUTDOWN (KVM needs to sanitize the
> VMCB as its state is undefined after SHUTDOWN, emulating INIT is the
> least awful choice).
>
> - Track the valid sync/dirty fields in kvm_run as a u64 to ensure KVM
> KVM doesn't goof a sanity check in the future.
>
> - Free obsolete roots when (re)loading the MMU to fix a bug where
> pre-faulting memory can get stuck due to always encountering a stale
> root.
>
> - When dumping GHCB state, use KVM's snapshot instead of the raw GHCB page
> to print state, so that KVM doesn't print stale/wrong information.
>
> - When changing memory attributes (e.g. shared <=> private), add potential
> hugepage ranges to the mmu_invalidate_range_{start,end} set so that KVM
> doesn't create a shared/private hugepage when the the corresponding
> attributes will become mixed (the attributes are commited *after* KVM
> finishes the invalidation).
>
> - Rework the SRSO mitigation to enable BP_SPEC_REDUCE only when KVM has at
> least one active VM. Effectively BP_SPEC_REDUCE when KVM is loaded led
> to very measurable performance regressions for non-KVM workloads.
>
> ----------------------------------------------------------------
> Dan Carpenter (1):
> KVM: x86: Check that the high 32bits are clear in kvm_arch_vcpu_ioctl_run()
>
> Mikhail Lobanov (1):
> KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
>
> Sean Christopherson (2):
> KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing
> KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions
>
> Tom Lendacky (1):
> KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields
>
> Yan Zhao (1):
> KVM: x86/mmu: Check and free obsolete roots in kvm_mmu_reload()
>
> arch/x86/kvm/mmu.h | 3 ++
> arch/x86/kvm/mmu/mmu.c | 70 +++++++++++++++++++++++++++++++++++-----------
> arch/x86/kvm/smm.c | 1 +
> arch/x86/kvm/svm/sev.c | 32 ++++++++++++---------
> arch/x86/kvm/svm/svm.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++----
> arch/x86/kvm/svm/svm.h | 2 ++
> arch/x86/kvm/x86.c | 4 +--
> 7 files changed, 150 insertions(+), 37 deletions(-)
>
Powered by blists - more mailing lists