Commit 725d410f authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm 

Pull kvm updates from Paolo Bonzini:
 "The bulk of the changes here is a largish change to guest_memfd,
  delaying the clearing and encryption of guest-private pages until they
  are actually added to guest page tables. This started as "let's make
  it impossible to misuse the API" for SEV-SNP; but then it ballooned a
  bit.

  The new logic is generally simpler and more ready for hugepage support
  in guest_memfd.

  Summary:

   - fix latent bug in how usage of large pages is determined for
     confidential VMs

   - fix "underline too short" in docs

   - eliminate log spam from limited APIC timer periods

   - disallow pre-faulting of memory before SEV-SNP VMs are initialized

   - delay clearing and encrypting private memory until it is added to
     guest page tables

   - this change also enables another small cleanup: the checks in
     SNP_LAUNCH_UPDATE that limit it to non-populated, private pages can
     now be moved in the common kvm_gmem_populate() function

   - fix compilation error that the RISC-V merge introduced in selftests"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86/mmu: fix determination of max NPT mapping level for private pages
  KVM: riscv: selftests: Fix compile error
  KVM: guest_memfd: abstract how prepared folios are recorded
  KVM: guest_memfd: let kvm_gmem_populate() operate only on private gfns
  KVM: extend kvm_range_has_memory_attributes() to check subset of attributes
  KVM: cleanup and add shortcuts to kvm_range_has_memory_attributes()
  KVM: guest_memfd: move check for already-populated page to common code
  KVM: remove kvm_arch_gmem_prepare_needed()
  KVM: guest_memfd: make kvm_gmem_prepare_folio() operate on a single struct kvm
  KVM: guest_memfd: delay kvm_gmem_prepare_folio() until the memory is passed to the guest
  KVM: guest_memfd: return locked folio from __kvm_gmem_get_pfn
  KVM: rename CONFIG_HAVE_KVM_GMEM_* to CONFIG_HAVE_KVM_ARCH_GMEM_*
  KVM: guest_memfd: do not go through struct page
  KVM: guest_memfd: delay folio_mark_uptodate() until after successful preparation
  KVM: guest_memfd: return folio from __kvm_gmem_get_pfn()
  KVM: x86: disallow pre-fault for SNP VMs before initialization
  KVM: Documentation: Fix title underline too short warning
  KVM: x86: Eliminate log spam from limited APIC timer periods
parents 948752d2 1773014a

Documentation/virt/kvm/api.rst

+7 −1
Original line number Diff line number Diff line
@@ -6368,7 +6368,7 @@ a single guest_memfd file, but the bound ranges must not overlap). 
See KVM_SET_USER_MEMORY_REGION2 for additional details.



4.143 KVM_PRE_FAULT_MEMORY

------------------------

---------------------------



:Capability: KVM_CAP_PRE_FAULT_MEMORY

:Architectures: none
@@ -6405,6 +6405,12 @@ for the current vCPU state. KVM maps memory as if the vCPU generated a 
stage-2 read page fault, e.g. faults in memory as needed, but doesn't break

CoW.  However, KVM does not mark any newly created stage-2 PTE as Accessed.



In the case of confidential VM types where there is an initial set up of

private guest memory before the guest is 'finalized'/measured, this ioctl

should only be issued after completing all the necessary setup to put the

guest into a 'finalized' state so that the above semantics can be reliably

ensured.



In some cases, multiple vCPUs might share the page tables.  In this

case, the ioctl can be called in parallel.

arch/x86/include/asm/kvm_host.h

+1 −0
Original line number Diff line number Diff line
@@ -1305,6 +1305,7 @@ struct kvm_arch { 
	u8 vm_type;

	bool has_private_mem;

	bool has_protected_state;

	bool pre_fault_allowed;

	struct hlist_head mmu_page_hash[KVM_NUM_MMU_PAGES];

	struct list_head active_mmu_pages;

	struct list_head zapped_obsolete_pages;

arch/x86/kvm/Kconfig

+2 −2
Original line number Diff line number Diff line
@@ -141,8 +141,8 @@ config KVM_AMD_SEV 
	depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)

	select ARCH_HAS_CC_PLATFORM

	select KVM_GENERIC_PRIVATE_MEM

	select HAVE_KVM_GMEM_PREPARE

	select HAVE_KVM_GMEM_INVALIDATE

	select HAVE_KVM_ARCH_GMEM_PREPARE

	select HAVE_KVM_ARCH_GMEM_INVALIDATE

	help

	  Provides support for launching Encrypted VMs (SEV) and Encrypted VMs

	  with Encrypted State (SEV-ES) on AMD processors.

arch/x86/kvm/lapic.c

+1 −1
Original line number Diff line number Diff line
@@ -1743,7 +1743,7 @@ static void limit_periodic_timer_frequency(struct kvm_lapic *apic) 
		s64 min_period = min_timer_period_us * 1000LL;



		if (apic->lapic_timer.period < min_period) {

			pr_info_ratelimited(

			pr_info_once(

			    "vcpu %i: requested %lld ns "

			    "lapic timer period limited to %lld ns\n",

			    apic->vcpu->vcpu_id,

arch/x86/kvm/mmu/mmu.c

+5 −2
Original line number Diff line number Diff line
@@ -4335,7 +4335,7 @@ static u8 kvm_max_private_mapping_level(struct kvm *kvm, kvm_pfn_t pfn, 
	if (req_max_level)

		max_level = min(max_level, req_max_level);



	return req_max_level;

	return max_level;

}



static int kvm_faultin_pfn_private(struct kvm_vcpu *vcpu,
@@ -4743,6 +4743,9 @@ long kvm_arch_vcpu_pre_fault_memory(struct kvm_vcpu *vcpu, 
	u64 end;

	int r;



	if (!vcpu->kvm->arch.pre_fault_allowed)

		return -EOPNOTSUPP;



	/*

	 * reload is efficient when called repeatedly, so we can do it on

	 * every iteration.
@@ -7510,7 +7513,7 @@ static bool hugepage_has_attrs(struct kvm *kvm, struct kvm_memory_slot *slot, 
	const unsigned long end = start + KVM_PAGES_PER_HPAGE(level);



	if (level == PG_LEVEL_2M)

		return kvm_range_has_memory_attributes(kvm, start, end, attrs);

		return kvm_range_has_memory_attributes(kvm, start, end, ~0, attrs);



	for (gfn = start; gfn < end; gfn += KVM_PAGES_PER_HPAGE(level - 1)) {

		if (hugepage_test_mixed(slot, gfn, level - 1) ||