| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260131023133.2661-1-seanjc@google.com>
Date: Fri, 30 Jan 2026 18:31:33 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: Fix for 6.19-rc8 (or final)
Sorry for the late pull request, I was waiting on reviews for the CET fix to
settle down. I _just_ amended that commit to add a Reviewed-by, but it's been
in linux-next with identical code since Tuesday.
The most pressing issue is the IRQ routing bug (and also probably the scariest,
but it's had several weeks in -next), as it leads to all kinds of badness on
AMD platforms.
The following changes since commit 3611ca7c12b740e250d83f8bbe3554b740c503b0:
selftests: kvm: Verify TILELOADD actually #NM faults when XFD[18]=1 (2026-01-10 07:17:30 +0100)
are available in the Git repository at:
https://github.com/kvm-x86/linux.git tags/kvm-x86-fixes-6.19-rc8
for you to fetch changes up to f8ade833b733ae0b72e87ac6d2202a1afbe3eb4a:
KVM: x86: Explicitly configure supported XSS from {svm,vmx}_set_cpu_caps() (2026-01-30 13:27:33 -0800)
----------------------------------------------------------------
KVM fixes for 6.19
- Fix a bug where AVIC is incorrectly inhibited when running with x2AVIC
disabled via module param (or on a system without x2AVIC).
- Fix a dangling device posted IRQs bug by explicitly checking if the irqfd is
still active (on the list) when handling an eventfd signal, instead of
zeroing the irqfd's routing information when the irqfd is deassigned.
Zeroing the irqfd's routing info causes arm64 and x86's to not disable
posting for the IRQ (kvm_arch_irq_bypass_del_producer() looks for an MSI),
incorrectly leaving the IRQ in posted mode (and leading to use-after-free
and memory leaks on AMD in particular).
- Disable FORTIFY_SOURCE for KVM selftests to prevent the compiler from
generating calls to the checked versions of memset() and friends, which
leads to unexpected page faults in guest code due e.g. __memset_chk@plt
not being resolved.
- Explicitly configure the support XSS from within {svm,vmx}_set_cpu_caps() to
fix a bug where VMX will compute the reference VMCS configuration with SHSTK
and IBT enabled, but then compute each CPUs local config with SHSTK and IBT
disabled if not all CET xfeatures are enabled, e.g. if the kernel is built
with X86_KERNEL_IBT=n. The mismatch in features results in differing nVMX
setting, and ultimately causes kvm-intel.ko to refuse to load with nested=1.
----------------------------------------------------------------
Sean Christopherson (4):
KVM: SVM: Check vCPU ID against max x2AVIC ID if and only if x2AVIC is enabled
KVM: Don't clobber irqfd routing type when deassigning irqfd
KVM: x86: Assert that non-MSI doesn't have bypass vCPU when deleting producer
KVM: x86: Explicitly configure supported XSS from {svm,vmx}_set_cpu_caps()
Zhiquan Li (1):
KVM: selftests: Add -U_FORTIFY_SOURCE to avoid some unpredictable test failures
arch/x86/kvm/irq.c | 3 ++-
arch/x86/kvm/svm/avic.c | 4 +--
arch/x86/kvm/svm/svm.c | 2 ++
arch/x86/kvm/vmx/vmx.c | 2 ++
arch/x86/kvm/x86.c | 30 ++++++++++++----------
arch/x86/kvm/x86.h | 2 ++
tools/testing/selftests/kvm/Makefile.kvm | 1 +
virt/kvm/eventfd.c | 44 +++++++++++++++++---------------
8 files changed, 52 insertions(+), 36 deletions(-)
Powered by blists - more mailing lists