Commit d07b4328 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm 

Pull kvm fixes from Paolo Bonzini:
 "s390:

   - Fix failure to start guests with kvm.use_gisa=0

   - Panic if (un)share fails to maintain security.

  ARM:

   - Use kvfree() for the kvmalloc'd nested MMUs array

   - Set of fixes to address warnings in W=1 builds

   - Make KVM depend on assembler support for ARMv8.4

   - Fix for vgic-debug interface for VMs without LPIs

   - Actually check ID_AA64MMFR3_EL1.S1PIE in get-reg-list selftest

   - Minor code / comment cleanups for configuring PAuth traps

   - Take kvm->arch.config_lock to prevent destruction / initialization
     race for a vCPU's CPUIF which may lead to a UAF

  x86:

   - Disallow read-only memslots for SEV-ES and SEV-SNP (and TDX)

   - Fix smatch issues

   - Small cleanups

   - Make x2APIC ID 100% readonly

   - Fix typo in uapi constant

  Generic:

   - Use synchronize_srcu_expedited() on irqfd shutdown"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (21 commits)
  KVM: SEV: uapi: fix typo in SEV_RET_INVALID_CONFIG
  KVM: x86: Disallow read-only memslots for SEV-ES and SEV-SNP (and TDX)
  KVM: eventfd: Use synchronize_srcu_expedited() on shutdown
  KVM: selftests: Add a testcase to verify x2APIC is fully readonly
  KVM: x86: Make x2APIC ID 100% readonly
  KVM: x86: Use this_cpu_ptr() instead of per_cpu_ptr(smp_processor_id())
  KVM: x86: hyper-v: Remove unused inline function kvm_hv_free_pa_page()
  KVM: SVM: Fix an error code in sev_gmem_post_populate()
  KVM: SVM: Fix uninitialized variable bug
  KVM: arm64: vgic: Hold config_lock while tearing down a CPU interface
  KVM: selftests: arm64: Correct feature test for S1PIE in get-reg-list
  KVM: arm64: Tidying up PAuth code in KVM
  KVM: arm64: vgic-debug: Exit the iterator properly w/o LPI
  KVM: arm64: Enforce dependency on an ARMv8.4-aware toolchain
  s390/uv: Panic for set and remove shared access UVC errors
  KVM: s390: fix validity interception issue when gisa is switched off
  docs: KVM: Fix register ID of SPSR_FIQ
  KVM: arm64: vgic: fix unexpected unlock sparse warnings
  KVM: arm64: fix kdoc warnings in W=1 builds
  KVM: arm64: fix override-init warnings in W=1 builds
  ...
parents 9d590679 1c0e5881

Documentation/virt/kvm/api.rst

+1 −1
Original line number Diff line number Diff line
@@ -2592,7 +2592,7 @@ Specifically: 
  0x6030 0000 0010 004a SPSR_ABT    64  spsr[KVM_SPSR_ABT]

  0x6030 0000 0010 004c SPSR_UND    64  spsr[KVM_SPSR_UND]

  0x6030 0000 0010 004e SPSR_IRQ    64  spsr[KVM_SPSR_IRQ]

  0x6060 0000 0010 0050 SPSR_FIQ    64  spsr[KVM_SPSR_FIQ]

  0x6030 0000 0010 0050 SPSR_FIQ    64  spsr[KVM_SPSR_FIQ]

  0x6040 0000 0010 0054 V0         128  fp_regs.vregs[0]    [1]_

  0x6040 0000 0010 0058 V1         128  fp_regs.vregs[1]    [1]_

  ...

arch/arm64/kvm/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ if VIRTUALIZATION 


menuconfig KVM

	bool "Kernel-based Virtual Machine (KVM) support"

	depends on AS_HAS_ARMV8_4

	select KVM_COMMON

	select KVM_GENERIC_HARDWARE_ENABLING

	select KVM_GENERIC_MMU_NOTIFIER

arch/arm64/kvm/Makefile

+3 −0
Original line number Diff line number Diff line
@@ -10,6 +10,9 @@ include $(srctree)/virt/kvm/Makefile.kvm 
obj-$(CONFIG_KVM) += kvm.o

obj-$(CONFIG_KVM) += hyp/



CFLAGS_sys_regs.o += -Wno-override-init

CFLAGS_handle_exit.o += -Wno-override-init



kvm-y += arm.o mmu.o mmio.o psci.o hypercalls.o pvtime.o \

	 inject_fault.o va_layout.o handle_exit.o \

	 guest.o debug.o reset.o sys_regs.o stacktrace.o \

arch/arm64/kvm/arm.c

+5 −10
Original line number Diff line number Diff line
@@ -164,6 +164,7 @@ static int kvm_arm_default_max_vcpus(void) 
/**

 * kvm_arch_init_vm - initializes a VM data structure

 * @kvm:	pointer to the KVM struct

 * @type:	kvm device type

 */

int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)

{
@@ -521,10 +522,10 @@ void kvm_arch_vcpu_unblocking(struct kvm_vcpu *vcpu) 


static void vcpu_set_pauth_traps(struct kvm_vcpu *vcpu)

{

	if (vcpu_has_ptrauth(vcpu)) {

	if (vcpu_has_ptrauth(vcpu) && !is_protected_kvm_enabled()) {

		/*

		 * Either we're running running an L2 guest, and the API/APK

		 * bits come from L1's HCR_EL2, or API/APK are both set.

		 * Either we're running an L2 guest, and the API/APK bits come

		 * from L1's HCR_EL2, or API/APK are both set.

		 */

		if (unlikely(vcpu_has_nv(vcpu) && !is_hyp_ctxt(vcpu))) {

			u64 val;
@@ -541,16 +542,10 @@ static void vcpu_set_pauth_traps(struct kvm_vcpu *vcpu) 
		 * Save the host keys if there is any chance for the guest

		 * to use pauth, as the entry code will reload the guest

		 * keys in that case.

		 * Protected mode is the exception to that rule, as the

		 * entry into the EL2 code eagerly switch back and forth

		 * between host and hyp keys (and kvm_hyp_ctxt is out of

		 * reach anyway).

		 */

		if (is_protected_kvm_enabled())

			return;



		if (vcpu->arch.hcr_el2 & (HCR_API | HCR_APK)) {

			struct kvm_cpu_context *ctxt;



			ctxt = this_cpu_ptr_hyp_sym(kvm_hyp_ctxt);

			ptrauth_save_keys(ctxt);

		}

arch/arm64/kvm/hyp/include/hyp/switch.h

+0 −1
Original line number Diff line number Diff line
@@ -27,7 +27,6 @@ 
#include <asm/kvm_hyp.h>

#include <asm/kvm_mmu.h>

#include <asm/kvm_nested.h>

#include <asm/kvm_ptrauth.h>

#include <asm/fpsimd.h>

#include <asm/debug-monitors.h>

#include <asm/processor.h>