lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260207041011.913471-5-seanjc@google.com>
Date: Fri,  6 Feb 2026 20:10:06 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Sean Christopherson <seanjc@...gle.com>
Subject: [GIT PULL] KVM: x86: Misc changes for 6.20

No real theme here, truly a misc set of changes.  The most notable change is
the Suppress EOI Broadcast quirk (not actually implemented as a quirk), which
generated a _lot_ of discussion (David W. still isn't thrilled that in-kernel
I/O APIC support isn't included[*]), but overall I think we ended up with a
solid implementation.

[*] https://lore.kernel.org/all/83f9b0a5dd0bc1de9d1e61954f6dd5211df45163.camel@infradead.org

The following changes since commit 9ace4753a5202b02191d54e9fdf7f9e3d02b85eb:

  Linux 6.19-rc4 (2026-01-04 14:41:55 -0800)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-misc-6.20

for you to fetch changes up to 6517dfbcc918f970a928d9dc17586904bac06893:

  KVM: x86: Add x2APIC "features" to control EOI broadcast suppression (2026-01-30 13:28:35 -0800)

----------------------------------------------------------------
KVM x86 misc changes for 6.20

 - Disallow changing the virtual CPU model if L2 is active, for all the same
   reasons KVM disallows change the model after the first KVM_RUN.

 - Fix a bug where KVM would incorrectly reject host accesses to PV MSRs that
   were advertised as supported to userspace when running with
   KVM_CAP_ENFORCE_PV_FEATURE_CPUID enabled.

 - Fix a bug where KVM would attempt to read protect guest state (CR3) when
   configuring an async #PF entry.

 - Fail the build if EXPORT_SYMBOL_GPL or EXPORT_SYMBOL is used in KVM (for x86
   only) to enforce usage of EXPORT_SYMBOL_FOR_KVM_INTERNAL.  Explicitly allow
   the few exports that are intended for external usage.

 - Ignore -EBUSY when checking nested events after a vCPU exits blocking as
   the WARN is user-triggerable, and because exiting to userspace on -EBUSY
   does more harm than good in pretty much every situation.

 - Throw in the towel and drop the WARN on INIT/SIPI being blocked when vCPU is
   in Wait-For-SIPI, as playing whack-a-mole with syzkaller turned out to be an
   unwinnable game.

 - Add support for new Intel instructions that don't require anything beyond
   enumerating feature flags to userspace.

 - Grab SRCU when reading PDPTRs in KVM_GET_SREGS2.

 - Add WARNs to guard against modifying KVM's CPU caps outside of the intended
   setup flow, as nested VMX in particular is sensitive to unexpected changes
   in KVM's golden configuration.

 - Add a quirk to allow userspace to opt-in to actually suppress EOI broadcasts
   when the suppression feature is enabled by the guest (currently limited to
   split IRQCHIP, i.e. userspace I/O APIC).  Sadly, simply fixing KVM to honor
   Suppress EOI Broadcasts isn't an option as some userspaces have come to rely
   on KVM's buggy behavior (KVM advertises Supress EOI Broadcast irrespective
   of whether or not userspace I/O APIC supports Directed EOIs).

 - Minor cleanups.

----------------------------------------------------------------
Jun Miao (1):
      KVM: x86: align the code with kvm_x86_call()

Khushit Shah (1):
      KVM: x86: Add x2APIC "features" to control EOI broadcast suppression

Sean Christopherson (6):
      KVM: x86: Disallow setting CPUID and/or feature MSRs if L2 is active
      KVM: x86: Return "unsupported" instead of "invalid" on access to unsupported PV MSR
      KVM: x86: Enforce use of EXPORT_SYMBOL_FOR_KVM_INTERNAL
      KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()
      KVM: x86: Drop WARN on INIT/SIPI being blocked when vCPU is in Wait-For-SIPI
      KVM: x86: Harden against unexpected adjustments to kvm_cpu_caps

Vasiliy Kovalev (1):
      KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2()

Xiaoyao Li (1):
      KVM: x86: Don't read guest CR3 when doing async pf while the MMU is direct

Zhao Liu (4):
      KVM: x86: Advertise MOVRS CPUID to userspace
      KVM: x86: Advertise AMX CPUIDs in subleaf 0x1E.0x1 to userspace
      KVM: x86: Advertise AVX10.2 CPUID to userspace
      KVM: x86: Advertise AVX10_VNNI_INT CPUID to userspace

 Documentation/virt/kvm/api.rst     | 28 ++++++++++++-
 arch/x86/include/asm/cpufeatures.h |  1 +
 arch/x86/include/asm/kvm_host.h    |  9 +++++
 arch/x86/include/uapi/asm/kvm.h    |  6 ++-
 arch/x86/kvm/Makefile              | 49 +++++++++++++++++++++++
 arch/x86/kvm/cpuid.c               | 75 +++++++++++++++++++++++++++++------
 arch/x86/kvm/cpuid.h               | 12 +++++-
 arch/x86/kvm/ioapic.c              |  2 +-
 arch/x86/kvm/lapic.c               | 77 +++++++++++++++++++++++++++++++-----
 arch/x86/kvm/lapic.h               |  2 +
 arch/x86/kvm/mmu/mmu.c             | 11 +++---
 arch/x86/kvm/pmu.c                 |  2 +-
 arch/x86/kvm/reverse_cpuid.h       | 19 +++++++++
 arch/x86/kvm/svm/svm.c             |  4 +-
 arch/x86/kvm/vmx/vmx.c             |  4 +-
 arch/x86/kvm/x86.c                 | 81 +++++++++++++++++++++++---------------
 arch/x86/kvm/x86.h                 | 15 ++++++-
 17 files changed, 328 insertions(+), 69 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ