lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CABgObfYsyATBr43PnSjsAx9ReJ_nhfD5osANOB0GhSQ_0+2DeA@mail.gmail.com>
Date: Thu, 18 Dec 2025 19:05:20 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] KVM: x86 and guest_memfd fixes for 6.19

On Wed, Dec 10, 2025 at 6:06 PM Sean Christopherson <seanjc@...gle.com> wrote:
>
> Please pull a variety of fixes for 6.19, all for pre-existing bugs.  Note,
> the KVM_MEM_GUEST_MEMFD fix changes KVM's ABI, but I don't see any way that
> userspace could successfully use the broken behavior, and the intent and
> documentation was always that KVM_MEM_GUEST_MEMFD memslots would be immutable.
>
> The following changes since commit 32bd348be3fa07b26c5ea6b818a161c142dcc2f2:
>
>   KVM: Fix last_boosted_vcpu index assignment bug (2025-11-25 09:15:38 +0100)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-fixes-6.19-rc1
>
> for you to fetch changes up to 29763138830916f46daaa50e83e7f4f907a3236b:
>
>   KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit (2025-12-08 06:56:29 -0800)

Pulled, thanks. I waited to see if anyone would send something else
but things have been calm.

Paolo

> ----------------------------------------------------------------
> KVM fixes for 6.19-rc1
>
>  - Add a missing "break" to fix param parsing in the rseq selftest.
>
>  - Apply runtime updates to the _current_ CPUID when userspace is setting
>    CPUID, e.g. as part of vCPU hotplug, to fix a false positive and to avoid
>    dropping the pending update.
>
>  - Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot, as it's not
>    supported by KVM and leads to a use-after-free due to KVM failing to unbind
>    the memslot from the previously-associated guest_memfd instance.
>
>  - Harden against similar KVM_MEM_GUEST_MEMFD goofs, and prepare for supporting
>    flags-only changes on KVM_MEM_GUEST_MEMFD memlslots, e.g. for dirty logging.
>
>  - Set exit_code[63:32] to -1 (all 0xffs) when synthesizing a nested
>    SVM_EXIT_ERR (a.k.a. VMEXIT_INVALID) #VMEXIT, as VMEXIT_INVALID is defined
>    as -1ull (a 64-bit value).
>
>  - Update SVI when activating APICv to fix a bug where a post-activation EOI
>    for an in-service IRQ would effective be lost due to SVI being stale.
>
>  - Immediately refresh APICv controls (if necessary) on a nested VM-Exit
>    instead of deferring the update via KVM_REQ_APICV_UPDATE, as the request is
>    effectively ignored because KVM thinks the vCPU already has the correct
>    APICv settings.
>
> ----------------------------------------------------------------
> Dongli Zhang (2):
>       KVM: VMX: Update SVI during runtime APICv activation
>       KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit
>
> Gavin Shan (1):
>       KVM: selftests: Add missing "break" in rseq_test's param parsing
>
> Sean Christopherson (6):
>       KVM: x86: Apply runtime updates to current CPUID during KVM_SET_CPUID{,2}
>       KVM: selftests: Add a CPUID testcase for KVM_SET_CPUID2 with runtime updates
>       KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot
>       KVM: Harden and prepare for modifying existing guest_memfd memslots
>       KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits
>       KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN)
>
>  arch/x86/kvm/cpuid.c                         | 11 +++++++++--
>  arch/x86/kvm/svm/nested.c                    |  4 ++--
>  arch/x86/kvm/svm/svm.c                       |  2 ++
>  arch/x86/kvm/svm/svm.h                       |  7 ++++---
>  arch/x86/kvm/vmx/nested.c                    |  3 ++-
>  arch/x86/kvm/vmx/vmx.c                       |  9 ---------
>  arch/x86/kvm/x86.c                           |  7 +++++++
>  tools/testing/selftests/kvm/rseq_test.c      |  1 +
>  tools/testing/selftests/kvm/x86/cpuid_test.c | 15 +++++++++++++++
>  virt/kvm/kvm_main.c                          | 17 ++++++++++++++++-
>  10 files changed, 58 insertions(+), 18 deletions(-)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ