Commit d1293776 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm 

Pull kvm fixes from Paolo Bonzini:
 "ARM64:

   - Fix the guest view of the ID registers, making the relevant fields
     writable from userspace (affecting ID_AA64DFR0_EL1 and
     ID_AA64PFR1_EL1)

   - Correcly expose S1PIE to guests, fixing a regression introduced in
     6.12-rc1 with the S1POE support

   - Fix the recycling of stage-2 shadow MMUs by tracking the context
     (are we allowed to block or not) as well as the recycling state

   - Address a couple of issues with the vgic when userspace
     misconfigures the emulation, resulting in various splats. Headaches
     courtesy of our Syzkaller friends

   - Stop wasting space in the HYP idmap, as we are dangerously close to
     the 4kB limit, and this has already exploded in -next

   - Fix another race in vgic_init()

   - Fix a UBSAN error when faking the cache topology with MTE enabled

  RISCV:

   - RISCV: KVM: use raw_spinlock for critical section in imsic

  x86:

   - A bandaid for lack of XCR0 setup in selftests, which causes trouble
     if the compiler is configured to have x86-64-v3 (with AVX) as the
     default ISA. Proper XCR0 setup will come in the next merge window.

   - Fix an issue where KVM would not ignore low bits of the nested CR3
     and potentially leak up to 31 bytes out of the guest memory's
     bounds

   - Fix case in which an out-of-date cached value for the segments
     could by returned by KVM_GET_SREGS.

   - More cleanups for KVM_X86_QUIRK_SLOT_ZAP_ALL

   - Override MTRR state for KVM confidential guests, making it WB by
     default as is already the case for Hyper-V guests.

  Generic:

   - Remove a couple of unused functions"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (27 commits)
  RISCV: KVM: use raw_spinlock for critical section in imsic
  KVM: selftests: Fix out-of-bounds reads in CPUID test's array lookups
  KVM: selftests: x86: Avoid using SSE/AVX instructions
  KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
  KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset()
  KVM: x86: Clean up documentation for KVM_X86_QUIRK_SLOT_ZAP_ALL
  KVM: x86/mmu: Add lockdep assert to enforce safe usage of kvm_unmap_gfn_range()
  KVM: x86/mmu: Zap only SPs that shadow gPTEs when deleting memslot
  x86/kvm: Override default caching mode for SEV-SNP and TDX
  KVM: Remove unused kvm_vcpu_gfn_to_pfn_atomic
  KVM: Remove unused kvm_vcpu_gfn_to_pfn
  KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration
  KVM: arm64: vgic: Don't check for vgic_ready() when setting NR_IRQS
  KVM: arm64: Fix shift-out-of-bounds bug
  KVM: arm64: Shave a few bytes from the EL2 idmap code
  KVM: arm64: Don't eagerly teardown the vgic on init error
  KVM: arm64: Expose S1PIE to guests
  KVM: arm64: nv: Clarify safety of allowing TLBI unmaps to reschedule
  KVM: arm64: nv: Punt stage-2 recycling to a vCPU request
  KVM: arm64: nv: Do not block when unmapping stage-2 if disallowed
  ...
parents c1bc09d7 e9001a38

Documentation/virt/kvm/api.rst

+9 −7
Original line number Diff line number Diff line
@@ -8098,13 +8098,15 @@ KVM_X86_QUIRK_MWAIT_NEVER_UD_FAULTS By default, KVM emulates MONITOR/MWAIT (if 
                                    KVM_X86_QUIRK_MISC_ENABLE_NO_MWAIT is

                                    disabled.



KVM_X86_QUIRK_SLOT_ZAP_ALL          By default, KVM invalidates all SPTEs in

                                    fast way for memslot deletion when VM type

                                    is KVM_X86_DEFAULT_VM.

                                    When this quirk is disabled or when VM type

                                    is other than KVM_X86_DEFAULT_VM, KVM zaps

                                    only leaf SPTEs that are within the range of

                                    the memslot being deleted.

KVM_X86_QUIRK_SLOT_ZAP_ALL          By default, for KVM_X86_DEFAULT_VM VMs, KVM

                                    invalidates all SPTEs in all memslots and

                                    address spaces when a memslot is deleted or

                                    moved.  When this quirk is disabled (or the

                                    VM type isn't KVM_X86_DEFAULT_VM), KVM only

                                    ensures the backing memory of the deleted

                                    or moved memslot isn't reachable, i.e KVM

                                    _may_ invalidate only SPTEs related to the

                                    memslot.

=================================== ============================================



7.32 KVM_CAP_MAX_VCPU_ID

Documentation/virt/kvm/locking.rst

+1 −1
Original line number Diff line number Diff line
@@ -136,7 +136,7 @@ For direct sp, we can easily avoid it since the spte of direct sp is fixed 
to gfn.  For indirect sp, we disabled fast page fault for simplicity.



A solution for indirect sp could be to pin the gfn, for example via

kvm_vcpu_gfn_to_pfn_atomic, before the cmpxchg.  After the pinning:

gfn_to_pfn_memslot_atomic, before the cmpxchg.  After the pinning:



- We have held the refcount of pfn; that means the pfn can not be freed and

  be reused for another gfn.

arch/arm64/include/asm/kvm_asm.h

+1 −0
Original line number Diff line number Diff line
@@ -178,6 +178,7 @@ struct kvm_nvhe_init_params { 
	unsigned long hcr_el2;

	unsigned long vttbr;

	unsigned long vtcr;

	unsigned long tmp;

};



/*

arch/arm64/include/asm/kvm_host.h

+7 −0
Original line number Diff line number Diff line
@@ -51,6 +51,7 @@ 
#define KVM_REQ_RELOAD_PMU	KVM_ARCH_REQ(5)

#define KVM_REQ_SUSPEND		KVM_ARCH_REQ(6)

#define KVM_REQ_RESYNC_PMU_EL0	KVM_ARCH_REQ(7)

#define KVM_REQ_NESTED_S2_UNMAP	KVM_ARCH_REQ(8)



#define KVM_DIRTY_LOG_MANUAL_CAPS   (KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE | \

				     KVM_DIRTY_LOG_INITIALLY_SET)
@@ -211,6 +212,12 @@ struct kvm_s2_mmu { 
	 */

	bool	nested_stage2_enabled;



	/*

	 * true when this MMU needs to be unmapped before being used for a new

	 * purpose.

	 */

	bool	pending_unmap;



	/*

	 *  0: Nobody is currently using this, check vttbr for validity

	 * >0: Somebody is actively using this.

arch/arm64/include/asm/kvm_mmu.h

+2 −1
Original line number Diff line number Diff line
@@ -166,7 +166,8 @@ int create_hyp_exec_mappings(phys_addr_t phys_addr, size_t size, 
int create_hyp_stack(phys_addr_t phys_addr, unsigned long *haddr);

void __init free_hyp_pgds(void);



void kvm_stage2_unmap_range(struct kvm_s2_mmu *mmu, phys_addr_t start, u64 size);

void kvm_stage2_unmap_range(struct kvm_s2_mmu *mmu, phys_addr_t start,

			    u64 size, bool may_block);

void kvm_stage2_flush_range(struct kvm_s2_mmu *mmu, phys_addr_t addr, phys_addr_t end);

void kvm_stage2_wp_range(struct kvm_s2_mmu *mmu, phys_addr_t addr, phys_addr_t end);