| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251126014455.788131-7-seanjc@google.com>
Date: Tue, 25 Nov 2025 17:44:53 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86: SVM changes for 6.19
A handful of lowish priority nSVM fixes, AVIC support for 4k vCPUs, and new
uAPI to advertise SNP policy bits to userspace.
Side topic, this pull request is finally proof that I don't just merge my own
stuff :-D
There's a minor conflict in svm.h due to the removal of the
avic_ga_log_notifier() declaration in kvm/master:
diff --cc arch/x86/kvm/svm/svm.h
index dd78e6402345,a9f6c1ece63d..9e151dbdef25
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@@ -806,7 -802,8 +803,8 @@@ extern struct kvm_x86_nested_ops svm_ne
)
bool __init avic_hardware_setup(void);
-int avic_ga_log_notifier(u32 ga_tag);
+void avic_hardware_unsetup(void);
+ int avic_alloc_physical_id_table(struct kvm *kvm);
void avic_vm_destroy(struct kvm *kvm);
int avic_vm_init(struct kvm *kvm);
void avic_init_vmcb(struct vcpu_svm *svm, struct vmcb *vmcb);
And a conflict in cpufeatures.h with the "misc" pull request. This (and the
change from "misc") will also conflict with new features being added via the
tip-tree. Boris is aware and presumably will give Linus a heads up. Merging
on top of "misc":
diff --cc arch/x86/include/asm/cpufeatures.h
index fc5698844a0b,7129eb44adad..646d2a77a2e2
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@@ -499,11 -500,7 +500,12 @@@
#define X86_FEATURE_IBPB_EXIT_TO_USER (21*32+14) /* Use IBPB on exit-to-userspace, see VMSCAPE bug */
#define X86_FEATURE_ABMC (21*32+15) /* Assignable Bandwidth Monitoring Counters */
#define X86_FEATURE_MSR_IMM (21*32+16) /* MSR immediate form instructions */
- #define X86_FEATURE_CLEAR_CPU_BUF_VM_MMIO (21*32+17) /*
+ #define X86_FEATURE_X2AVIC_EXT (21*32+17) /* AMD SVM x2AVIC support for 4k vCPUs */
++#define X86_FEATURE_CLEAR_CPU_BUF_VM_MMIO (21*32+18) /*
+ * Clear CPU buffers before VM-Enter if the vCPU
+ * can access host MMIO (ignored for all intents
+ * and purposes if CLEAR_CPU_BUF_VM is set).
+ */
/*
* BUG word(s)
The following changes since commit 3a8660878839faadb4f1a6dd72c3179c1df56787:
Linux 6.18-rc1 (2025-10-12 13:42:36 -0700)
are available in the Git repository at:
https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.19
for you to fetch changes up to 275d6d1189e6d5f8e7c1da43ffd4b09d7089f174:
KVM: SEV: Add known supported SEV-SNP policy bits (2025-11-14 10:30:12 -0800)
----------------------------------------------------------------
KVM SVM changes for 6.19:
- Fix a few missing "VMCB dirty" bugs.
- Fix the worst of KVM's lack of EFER.LMSLE emulation.
- Add AVIC support for addressing 4k vCPUs in x2AVIC mode.
- Fix incorrect handling of selective CR0 writes when checking intercepts
during emulation of L2 instructions.
- Fix a currently-benign bug where KVM would clobber SPEC_CTRL[63:32] on
VMRUN and #VMEXIT.
- Fix a bug where KVM corrupt the guest code stream when re-injecting a soft
interrupt if the guest patched the underlying code after the VM-Exit, e.g.
when Linux patches code with a temporary INT3.
- Add KVM_X86_SNP_POLICY_BITS to advertise supported SNP policy bits to
userspace, and extend KVM "support" to all policy bits that don't require
any actual support from KVM.
----------------------------------------------------------------
Jim Mattson (4):
KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN
KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN
KVM: x86: Advertise EferLmsleUnsupported to userspace
KVM: SVM: Disallow EFER.LMSLE when not supported by hardware
Naveen N Rao (7):
KVM: SVM: Limit AVIC physical max index based on configured max_vcpu_ids
KVM: SVM: Add a helper to look up the max physical ID for AVIC
KVM: SVM: Replace hard-coded value 0x1FF with the corresponding macro
KVM: SVM: Expand AVIC_PHYSICAL_MAX_INDEX_MASK to be a 12-bit field
KVM: SVM: Move AVIC Physical ID table allocation to vcpu_precreate()
x86/cpufeatures: Add X86_FEATURE_X2AVIC_EXT
KVM: SVM: Add AVIC support for 4k vCPUs in x2AVIC mode
Omar Sandoval (1):
KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced
Tom Lendacky (4):
KVM: SEV: Consolidate the SEV policy bits in a single header file
crypto: ccp - Add an API to return the supported SEV-SNP policy bits
KVM: SEV: Publish supported SEV-SNP policy bits
KVM: SEV: Add known supported SEV-SNP policy bits
Uros Bizjak (1):
KVM: SVM: Ensure SPEC_CTRL[63:32] is context switched between guest and host
Yosry Ahmed (4):
KVM: nSVM: Remove redundant cases in nested_svm_intercept()
KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation
KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE
KVM: x86: Document a virtualization gap for GIF on AMD CPUs
Documentation/virt/kvm/x86/errata.rst | 9 +++-
arch/x86/include/asm/cpufeatures.h | 2 +
arch/x86/include/asm/kvm_host.h | 9 ++++
arch/x86/include/asm/svm.h | 5 +-
arch/x86/include/uapi/asm/kvm.h | 1 +
arch/x86/kernel/cpu/scattered.c | 1 +
arch/x86/kvm/cpuid.c | 1 +
arch/x86/kvm/svm/avic.c | 86 ++++++++++++++++++++++++++++-------
arch/x86/kvm/svm/nested.c | 12 +----
arch/x86/kvm/svm/sev.c | 45 +++++++++++-------
arch/x86/kvm/svm/svm.c | 78 ++++++++++++++++++++-----------
arch/x86/kvm/svm/svm.h | 4 +-
arch/x86/kvm/svm/vmenter.S | 47 +++++++++++++++----
arch/x86/kvm/x86.c | 21 +++++++++
drivers/crypto/ccp/sev-dev.c | 37 +++++++++++++++
include/linux/psp-sev.h | 37 +++++++++++++++
16 files changed, 310 insertions(+), 85 deletions(-)
Powered by blists - more mailing lists