lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251110152517.421706-1-pbonzini@redhat.com>
Date: Mon, 10 Nov 2025 16:25:17 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: torvalds@...ux-foundation.org
Cc: linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org
Subject: [GIT PULL] KVM fixes for Linux 6.18-rc5^H6

Linus,

The following changes since commit 6146a0f1dfae5d37442a9ddcba012add260bceb0:

  Linux 6.18-rc4 (2025-11-02 11:28:02 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/virt/kvm/kvm.git tags/for-linus

for you to fetch changes up to 8a4821412cf2c1429fffa07c012dd150f2edf78c:

  KVM: nSVM: Fix and simplify LBR virtualization handling with nested (2025-11-09 08:50:13 +0100)

I generally try to send out on Sunday to ensure I collect pull requests
from all submaintainers, but yesterday I only prepared this one and
didn't have time to send it; the timing will therefore make 6.18-rc6 a
bit bigger.

Paolo
----------------------------------------------------------------
Arm:

- Fix trapping regression when no in-kernel irqchip is present

- Check host-provided, untrusted ranges and offsets in pKVM

- Fix regression restoring the ID_PFR1_EL1 register

- Fix vgic ITS locking issues when LPIs are not directly injected

Arm selftests:

- Correct target CPU programming in vgic_lpi_stress selftest

- Fix exposure of SCTLR2_EL2 and ZCR_EL2 in get-reg-list selftest

RISC-V:

- Fix check for local interrupts on riscv32

- Read HGEIP CSR on the correct cpu when checking for IMSIC interrupts

- Remove automatic I/O mapping from kvm_arch_prepare_memory_region()

x86:

- Inject #UD if the guest attempts to execute SEAMCALL or TDCALL as KVM
  doesn't support virtualization the instructions, but the instructions
  are gated only by VMXON.  That is, they will VM-Exit instead of taking
  a #UD and until now this resulted in KVM exiting to userspace with an
  emulation error.

- Unload the "FPU" when emulating INIT of XSTATE features if and only if
  the FPU is actually loaded, instead of trying to predict when KVM will
  emulate an INIT (CET support missed the MP_STATE path).  Add sanity
  checks to detect and harden against similar bugs in the future.

- Unregister KVM's GALog notifier (for AVIC) when kvm-amd.ko is unloaded.

- Use a raw spinlock for svm->ir_list_lock as the lock is taken during
  schedule(), and "normal" spinlocks are sleepable locks when PREEMPT_RT=y.

- Remove guest_memfd bindings on memslot deletion when a gmem file is dying
  to fix a use-after-free race found by syzkaller.

- Fix a goof in the EPT Violation handler where KVM checks the wrong
  variable when determining if the reported GVA is valid.

- Fix and simplify the handling of LBR virtualization on AMD, which was made
  buggy and unnecessarily complicated by nested VM support

Misc:

- Update Oliver's email address

----------------------------------------------------------------
Chao Gao (1):
      KVM: x86: Call out MSR_IA32_S_CET is not handled by XSAVES

Fangyu Yu (2):
      RISC-V: KVM: Read HGEIP CSR on the correct cpu
      RISC-V: KVM: Remove automatic I/O mapping for VM_PFNMAP

Marc Zyngier (3):
      KVM: arm64: Make all 32bit ID registers fully writable
      KVM: arm64: Set ID_{AA64PFR0,PFR1}_EL1.GIC when GICv3 is configured
      KVM: arm64: Limit clearing of ID_{AA64PFR0,PFR1}_EL1.GIC to userspace irqchip

Mark Brown (2):
      KVM: arm64: selftests: Add SCTLR2_EL2 to get-reg-list
      KVM: arm64: selftests: Filter ZCR_EL2 in get-reg-list

Maxim Levitsky (1):
      KVM: SVM: switch to raw spinlock for svm->ir_list_lock

Maximilian Dittgen (1):
      KVM: selftests: fix MAPC RDbase target formatting in vgic_lpi_stress

Oliver Upton (3):
      KVM: arm64: vgic-v3: Reinstate IRQ lock ordering for LPI xarray
      KVM: arm64: vgic-v3: Release reserved slot outside of lpi_xa's lock
      MAINTAINERS: Switch myself to using kernel.org address

Paolo Bonzini (3):
      Merge tag 'kvm-riscv-fixes-6.18-2' of https://github.com/kvm-riscv/linux into HEAD
      Merge tag 'kvm-x86-fixes-6.18-rc5' of https://github.com/kvm-x86/linux into HEAD
      Merge tag 'kvmarm-fixes-6.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD

Samuel Holland (1):
      RISC-V: KVM: Fix check for local interrupts on riscv32

Sascha Bischoff (1):
      KVM: arm64: vgic-v3: Trap all if no in-kernel irqchip

Sean Christopherson (7):
      KVM: VMX: Inject #UD if guest tries to execute SEAMCALL or TDCALL
      KVM: x86: Unload "FPU" state on INIT if and only if its currently in-use
      KVM: x86: Harden KVM against imbalanced load/put of guest FPU state
      KVM: SVM: Initialize per-CPU svm_data at the end of hardware setup
      KVM: SVM: Unregister KVM's GALog notifier on kvm-amd.ko exit
      KVM: SVM: Make avic_ga_log_notifier() local to avic.c
      KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying

Sebastian Ene (1):
      KVM: arm64: Check the untrusted offset in FF-A memory share

Sukrit Bhatnagar (1):
      KVM: VMX: Fix check for valid GVA on an EPT violation

Vincent Donnefort (1):
      KVM: arm64: Check range args for pKVM mem transitions

Yosry Ahmed (3):
      KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated
      KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv()
      KVM: nSVM: Fix and simplify LBR virtualization handling with nested

 .mailmap                                           |  3 +-
 MAINTAINERS                                        |  2 +-
 arch/arm64/kvm/hyp/nvhe/ffa.c                      |  9 ++-
 arch/arm64/kvm/hyp/nvhe/mem_protect.c              | 28 +++++++
 arch/arm64/kvm/sys_regs.c                          | 71 +++++++++--------
 arch/arm64/kvm/vgic/vgic-debug.c                   | 16 +++-
 arch/arm64/kvm/vgic/vgic-init.c                    | 16 +++-
 arch/arm64/kvm/vgic/vgic-its.c                     | 18 ++---
 arch/arm64/kvm/vgic/vgic-v3.c                      |  3 +-
 arch/arm64/kvm/vgic/vgic.c                         | 23 ++++--
 arch/riscv/kvm/aia_imsic.c                         | 16 +++-
 arch/riscv/kvm/mmu.c                               | 25 +-----
 arch/riscv/kvm/vcpu.c                              |  2 +-
 arch/x86/include/uapi/asm/vmx.h                    |  1 +
 arch/x86/kvm/svm/avic.c                            | 24 +++---
 arch/x86/kvm/svm/nested.c                          | 20 ++---
 arch/x86/kvm/svm/svm.c                             | 88 ++++++++++------------
 arch/x86/kvm/svm/svm.h                             |  4 +-
 arch/x86/kvm/vmx/common.h                          |  2 +-
 arch/x86/kvm/vmx/nested.c                          |  8 ++
 arch/x86/kvm/vmx/vmx.c                             |  8 ++
 arch/x86/kvm/x86.c                                 | 48 +++++++-----
 tools/testing/selftests/kvm/arm64/get-reg-list.c   |  3 +
 tools/testing/selftests/kvm/lib/arm64/gic_v3_its.c |  9 ++-
 virt/kvm/guest_memfd.c                             | 47 ++++++++----
 25 files changed, 297 insertions(+), 197 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ