| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251210170552.970155-1-seanjc@google.com>
Date: Wed, 10 Dec 2025 09:05:52 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86 and guest_memfd fixes for 6.19
Please pull a variety of fixes for 6.19, all for pre-existing bugs. Note,
the KVM_MEM_GUEST_MEMFD fix changes KVM's ABI, but I don't see any way that
userspace could successfully use the broken behavior, and the intent and
documentation was always that KVM_MEM_GUEST_MEMFD memslots would be immutable.
The following changes since commit 32bd348be3fa07b26c5ea6b818a161c142dcc2f2:
KVM: Fix last_boosted_vcpu index assignment bug (2025-11-25 09:15:38 +0100)
are available in the Git repository at:
https://github.com/kvm-x86/linux.git tags/kvm-x86-fixes-6.19-rc1
for you to fetch changes up to 29763138830916f46daaa50e83e7f4f907a3236b:
KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit (2025-12-08 06:56:29 -0800)
----------------------------------------------------------------
KVM fixes for 6.19-rc1
- Add a missing "break" to fix param parsing in the rseq selftest.
- Apply runtime updates to the _current_ CPUID when userspace is setting
CPUID, e.g. as part of vCPU hotplug, to fix a false positive and to avoid
dropping the pending update.
- Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot, as it's not
supported by KVM and leads to a use-after-free due to KVM failing to unbind
the memslot from the previously-associated guest_memfd instance.
- Harden against similar KVM_MEM_GUEST_MEMFD goofs, and prepare for supporting
flags-only changes on KVM_MEM_GUEST_MEMFD memlslots, e.g. for dirty logging.
- Set exit_code[63:32] to -1 (all 0xffs) when synthesizing a nested
SVM_EXIT_ERR (a.k.a. VMEXIT_INVALID) #VMEXIT, as VMEXIT_INVALID is defined
as -1ull (a 64-bit value).
- Update SVI when activating APICv to fix a bug where a post-activation EOI
for an in-service IRQ would effective be lost due to SVI being stale.
- Immediately refresh APICv controls (if necessary) on a nested VM-Exit
instead of deferring the update via KVM_REQ_APICV_UPDATE, as the request is
effectively ignored because KVM thinks the vCPU already has the correct
APICv settings.
----------------------------------------------------------------
Dongli Zhang (2):
KVM: VMX: Update SVI during runtime APICv activation
KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit
Gavin Shan (1):
KVM: selftests: Add missing "break" in rseq_test's param parsing
Sean Christopherson (6):
KVM: x86: Apply runtime updates to current CPUID during KVM_SET_CPUID{,2}
KVM: selftests: Add a CPUID testcase for KVM_SET_CPUID2 with runtime updates
KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot
KVM: Harden and prepare for modifying existing guest_memfd memslots
KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits
KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN)
arch/x86/kvm/cpuid.c | 11 +++++++++--
arch/x86/kvm/svm/nested.c | 4 ++--
arch/x86/kvm/svm/svm.c | 2 ++
arch/x86/kvm/svm/svm.h | 7 ++++---
arch/x86/kvm/vmx/nested.c | 3 ++-
arch/x86/kvm/vmx/vmx.c | 9 ---------
arch/x86/kvm/x86.c | 7 +++++++
tools/testing/selftests/kvm/rseq_test.c | 1 +
tools/testing/selftests/kvm/x86/cpuid_test.c | 15 +++++++++++++++
virt/kvm/kvm_main.c | 17 ++++++++++++++++-
10 files changed, 58 insertions(+), 18 deletions(-)
Powered by blists - more mailing lists