lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260207041011.913471-2-seanjc@google.com>
Date: Fri,  6 Feb 2026 20:10:03 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86: APIC related changes for 6.20

A variety of cleanups and minor fixes, mostly related to APIC and APICv.

The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:

  Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-apic-6.20

for you to fetch changes up to ac4f869c56301831a60706a84acbf13b4f0f9886:

  KVM: VMX: Remove declaration of nested_mark_vmcs12_pages_dirty() (2026-01-14 06:01:03 -0800)

----------------------------------------------------------------
KVM x86 APIC-ish changes for 6.20

 - Fix a benign bug where KVM could use the wrong memslots (ignored SMM) when
   creating a vCPU-specific mapping of guest memory.

 - Clean up KVM's handling of marking mapped vCPU pages dirty.

 - Drop a pile of *ancient* sanity checks hidden behind in KVM's unused
   ASSERT() macro, most of which could be trivially triggered by the guest
   and/or user, and all of which were useless.

 - Fold "struct dest_map" into its sole user, "struct rtc_status", to make it
   more obvious what the weird parameter is used for, and to allow burying the
   RTC shenanigans behind CONFIG_KVM_IOAPIC=y.

 - Bury all of ioapic.h and KVM_IRQCHIP_KERNEL behind CONFIG_KVM_IOAPIC=y.

 - Add a regression test for recent APICv update fixes.

 - Rework KVM's handling of VMCS updates while L2 is active to temporarily
   switch to vmcs01 instead of deferring the update until the next nested
   VM-Exit.  The deferred updates approach directly contributed to several
   bugs, was proving to be a maintenance burden due to the difficulty in
   auditing the correctness of deferred updates, and was polluting
   "struct nested_vmx" with a growing pile of booleans.

 - Handle "hardware APIC ISR", a.k.a. SVI, updates in kvm_apic_update_apicv()
   to consolidate the updates, and to co-locate SVI updates with the updates
   for KVM's own cache of ISR information.

 - Drop a dead function declaration.

----------------------------------------------------------------
Binbin Wu (1):
      KVM: VMX: Remove declaration of nested_mark_vmcs12_pages_dirty()

Fred Griffoul (1):
      KVM: nVMX: Mark APIC access page dirty when syncing vmcs12 pages

Sean Christopherson (21):
      KVM: Use vCPU specific memslots in __kvm_vcpu_map()
      KVM: x86: Mark vmcs12 pages as dirty if and only if they're mapped
      KVM: nVMX: Precisely mark vAPIC and PID maps dirty when delivering nested PI
      KVM: VMX: Move nested_mark_vmcs12_pages_dirty() to vmx.c, and rename
      KVM: x86: Drop ASSERT()s on APIC/vCPU being non-NULL
      KVM: x86: Drop guest/user-triggerable asserts on IRR/ISR vectors
      KVM: x86: Drop ASSERT() on I/O APIC EOIs being only for LEVEL_to WARN_ON_ONCE
      KVM: x86: Drop guest-triggerable ASSERT()s on I/O APIC access alignment
      KVM: x86: Drop MAX_NR_RESERVED_IOAPIC_PINS, use KVM_MAX_IRQ_ROUTES directly
      KVM: x86: Add a wrapper to handle common case of IRQ delivery without dest_map
      KVM: x86: Fold "struct dest_map" into "struct rtc_status"
      KVM: x86: Bury ioapic.h definitions behind CONFIG_KVM_IOAPIC
      KVM: x86: Hide KVM_IRQCHIP_KERNEL behind CONFIG_KVM_IOAPIC=y
      KVM: selftests: Add a test to verify APICv updates (while L2 is active)
      KVM: nVMX: Switch to vmcs01 to update PML controls on-demand if L2 is active
      KVM: nVMX: Switch to vmcs01 to update TPR threshold on-demand if L2 is active
      KVM: nVMX: Switch to vmcs01 to update SVI on-demand if L2 is active
      KVM: nVMX: Switch to vmcs01 to refresh APICv controls on-demand if L2 is active
      KVM: nVMX: Switch to vmcs01 to update APIC page on-demand if L2 is active
      KVM: nVMX: Switch to vmcs01 to set virtual APICv mode on-demand if L2 is active
      KVM: x86: Update APICv ISR (a.k.a. SVI) as part of kvm_apic_update_apicv()

 arch/x86/include/asm/kvm_host.h                    |   2 +
 arch/x86/kvm/hyperv.c                              |   2 +-
 arch/x86/kvm/ioapic.c                              |  43 +++---
 arch/x86/kvm/ioapic.h                              |  38 ++---
 arch/x86/kvm/irq.c                                 |   4 +-
 arch/x86/kvm/lapic.c                               |  97 ++++++-------
 arch/x86/kvm/lapic.h                               |  21 ++-
 arch/x86/kvm/vmx/nested.c                          |  54 +------
 arch/x86/kvm/vmx/nested.h                          |   1 -
 arch/x86/kvm/vmx/vmx.c                             | 106 +++++++++-----
 arch/x86/kvm/vmx/vmx.h                             |   9 --
 arch/x86/kvm/x86.c                                 |  11 +-
 arch/x86/kvm/xen.c                                 |   2 +-
 include/linux/kvm_host.h                           |   9 +-
 tools/testing/selftests/kvm/Makefile.kvm           |   1 +
 tools/testing/selftests/kvm/include/x86/apic.h     |   4 +
 .../selftests/kvm/x86/vmx_apicv_updates_test.c     | 155 +++++++++++++++++++++
 virt/kvm/kvm_main.c                                |   2 +-
 18 files changed, 334 insertions(+), 227 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86/vmx_apicv_updates_test.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ