| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251126014455.788131-9-seanjc@google.com>
Date: Tue, 25 Nov 2025 17:44:55 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86: VMX changes for 6.19
The highlight is EPTP construction cleanup that's worthwhile on its own, but
is also a step toward eliding the EPT flushes that KVM does on pCPU migration,
which are especially costly when running nested:
https://lore.kernel.org/all/aJKW9gTeyh0-pvcg@google.com
The following changes since commit 3a8660878839faadb4f1a6dd72c3179c1df56787:
Linux 6.18-rc1 (2025-10-12 13:42:36 -0700)
are available in the Git repository at:
https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-6.19
for you to fetch changes up to dfd1572a64c90770a2bddfab9bbb69932217b1da:
KVM: VMX: Make loaded_vmcs_clear() static in vmx.c (2025-11-11 07:41:16 -0800)
----------------------------------------------------------------
KVM VMX changes for 6.19:
- Use the root role from kvm_mmu_page to construct EPTPs instead of the
current vCPU state, partly as worthwhile cleanup, but mostly to pave the
way for tracking per-root TLB flushes so that KVM can elide EPT flushes on
pCPU migration if KVM has flushed the root at least once.
- Add a few missing nested consistency checks.
- Rip out support for doing "early" consistency checks via hardware as the
functionality hasn't been used in years and is no longer useful in general,
and replace it with an off-by-default module param to detected missed
consistency checks (i.e. WARN if hardware finds a check that KVM does not).
- Fix a currently-benign bug where KVM would drop the guest's SPEC_CTRL[63:32]
on VM-Enter.
- Misc cleanups.
----------------------------------------------------------------
Dmytro Maluka (1):
KVM: VMX: Remove stale vmx_set_dr6() declaration
Sean Christopherson (10):
KVM: VMX: Hoist construct_eptp() "up" in vmx.c
KVM: nVMX: Hardcode dummy EPTP used for early nested consistency checks
KVM: x86/mmu: Move "dummy root" helpers to spte.h
KVM: VMX: Use kvm_mmu_page role to construct EPTP, not current vCPU state
KVM: nVMX: Add consistency check for TPR_THRESHOLD[31:4]!=0 without VID
KVM: nVMX: Add consistency check for TSC_MULTIPLIER=0
KVM: nVMX: Stuff vmcs02.TSC_MULTIPLIER early on for nested early checks
KVM: nVMX: Remove support for "early" consistency checks via hardware
KVM: nVMX: Add an off-by-default module param to WARN on missed consistency checks
KVM: VMX: Make loaded_vmcs_clear() static in vmx.c
Thorsten Blum (1):
KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init()
Uros Bizjak (1):
KVM: VMX: Ensure guest's SPEC_CTRL[63:32] is loaded on VM-Enter
Xin Li (1):
KVM: nVMX: Use vcpu instead of vmx->vcpu when vcpu is available
arch/x86/kvm/mmu/mmu_internal.h | 10 ---
arch/x86/kvm/mmu/spte.h | 10 +++
arch/x86/kvm/vmx/nested.c | 173 ++++++++++++++--------------------------
arch/x86/kvm/vmx/tdx.c | 30 +++----
arch/x86/kvm/vmx/vmenter.S | 20 +++--
arch/x86/kvm/vmx/vmx.c | 59 +++++++++-----
arch/x86/kvm/vmx/vmx.h | 2 -
arch/x86/kvm/vmx/x86_ops.h | 1 -
8 files changed, 135 insertions(+), 170 deletions(-)
Powered by blists - more mailing lists