tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:
"ARM:

- Correctly expose GICv3 support even if no irqchip is created so
that userspace doesn't observe it changing pointlessly (fixing a
regression with QEMU)

- Don't issue a hypercall to set the id-mapped vectors when protected
mode is enabled (fix for pKVM in combination with CPUs affected by
Spectre-v3a)

x86 (five oneliners, of which the most interesting two are):

- a NULL pointer dereference on INVPCID executed with paging
disabled, but only if KVM is using shadow paging

- an incorrect bsearch comparison function which could truncate the
result and apply PMU event filtering incorrectly. This one comes
with a selftests update too"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
KVM: x86: hyper-v: fix type of valid_bank_mask
KVM: Free new dirty bitmap if creating a new memslot fails
KVM: eventfd: Fix false positive RCU usage warning
selftests: kvm/x86: Verify the pmu event filter matches the correct event
selftests: kvm/x86: Add the helper function create_pmu_event_filter
kvm: x86/pmu: Fix the compare function used by the pmu event filter
KVM: arm64: Don't hypercall before EL2 init
KVM: arm64: vgic-v3: Consistently populate ID_AA64PFR0_EL1.GIC
KVM: x86/mmu: Update number of zapped pages even if page list is stable

Linus Torvalds 6c3f5bec b3454ce0

+56 -19
+2 -1
arch/arm64/kvm/arm.c
··· 1436 1436 base = kern_hyp_va(kvm_ksym_ref(__bp_harden_hyp_vecs)); 1437 1437 kvm_init_vector_slot(base, HYP_VECTOR_SPECTRE_DIRECT); 1438 1438 1439 - if (kvm_system_needs_idmapped_vectors() && !has_vhe()) { 1439 + if (kvm_system_needs_idmapped_vectors() && 1440 + !is_protected_kvm_enabled()) { 1440 1441 err = create_hyp_exec_mappings(__pa_symbol(__bp_harden_hyp_vecs), 1441 1442 __BP_HARDEN_HYP_VECS_SZ, &base); 1442 1443 if (err)
+1 -2
arch/arm64/kvm/sys_regs.c
··· 1123 1123 val |= FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_CSV2), (u64)vcpu->kvm->arch.pfr0_csv2); 1124 1124 val &= ~ARM64_FEATURE_MASK(ID_AA64PFR0_CSV3); 1125 1125 val |= FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_CSV3), (u64)vcpu->kvm->arch.pfr0_csv3); 1126 - if (irqchip_in_kernel(vcpu->kvm) && 1127 - vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3) { 1126 + if (kvm_vgic_global_state.type == VGIC_V3) { 1128 1127 val &= ~ARM64_FEATURE_MASK(ID_AA64PFR0_GIC); 1129 1128 val |= FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_GIC), 1); 1130 1129 }
+2 -2
arch/x86/kvm/hyperv.c
··· 1914 1914 struct hv_send_ipi_ex send_ipi_ex; 1915 1915 struct hv_send_ipi send_ipi; 1916 1916 DECLARE_BITMAP(vcpu_mask, KVM_MAX_VCPUS); 1917 - unsigned long valid_bank_mask; 1917 + u64 valid_bank_mask; 1918 1918 u64 sparse_banks[KVM_HV_MAX_SPARSE_VCPU_SET_BITS]; 1919 1919 u32 vector; 1920 1920 bool all_cpus; ··· 1956 1956 valid_bank_mask = send_ipi_ex.vp_set.valid_bank_mask; 1957 1957 all_cpus = send_ipi_ex.vp_set.format == HV_GENERIC_SET_ALL; 1958 1958 1959 - if (hc->var_cnt != bitmap_weight(&valid_bank_mask, 64)) 1959 + if (hc->var_cnt != bitmap_weight((unsigned long *)&valid_bank_mask, 64)) 1960 1960 return HV_STATUS_INVALID_HYPERCALL_INPUT; 1961 1961 1962 1962 if (all_cpus)
+10 -6
arch/x86/kvm/mmu/mmu.c
··· 5470 5470 uint i; 5471 5471 5472 5472 if (pcid == kvm_get_active_pcid(vcpu)) { 5473 - mmu->invlpg(vcpu, gva, mmu->root.hpa); 5473 + if (mmu->invlpg) 5474 + mmu->invlpg(vcpu, gva, mmu->root.hpa); 5474 5475 tlb_flush = true; 5475 5476 } 5476 5477 5477 5478 for (i = 0; i < KVM_MMU_NUM_PREV_ROOTS; i++) { 5478 5479 if (VALID_PAGE(mmu->prev_roots[i].hpa) && 5479 5480 pcid == kvm_get_pcid(vcpu, mmu->prev_roots[i].pgd)) { 5480 - mmu->invlpg(vcpu, gva, mmu->prev_roots[i].hpa); 5481 + if (mmu->invlpg) 5482 + mmu->invlpg(vcpu, gva, mmu->prev_roots[i].hpa); 5481 5483 tlb_flush = true; 5482 5484 } 5483 5485 } ··· 5667 5665 { 5668 5666 struct kvm_mmu_page *sp, *node; 5669 5667 int nr_zapped, batch = 0; 5668 + bool unstable; 5670 5669 5671 5670 restart: 5672 5671 list_for_each_entry_safe_reverse(sp, node, ··· 5699 5696 goto restart; 5700 5697 } 5701 5698 5702 - if (__kvm_mmu_prepare_zap_page(kvm, sp, 5703 - &kvm->arch.zapped_obsolete_pages, &nr_zapped)) { 5704 - batch += nr_zapped; 5699 + unstable = __kvm_mmu_prepare_zap_page(kvm, sp, 5700 + &kvm->arch.zapped_obsolete_pages, &nr_zapped); 5701 + batch += nr_zapped; 5702 + 5703 + if (unstable) 5705 5704 goto restart; 5706 - } 5707 5705 } 5708 5706 5709 5707 /*
+5 -2
arch/x86/kvm/pmu.c
··· 171 171 return true; 172 172 } 173 173 174 - static int cmp_u64(const void *a, const void *b) 174 + static int cmp_u64(const void *pa, const void *pb) 175 175 { 176 - return *(__u64 *)a - *(__u64 *)b; 176 + u64 a = *(u64 *)pa; 177 + u64 b = *(u64 *)pb; 178 + 179 + return (a > b) - (a < b); 177 180 } 178 181 179 182 void reprogram_gp_counter(struct kvm_pmc *pmc, u64 eventsel)
+33 -4
tools/testing/selftests/kvm/x86_64/pmu_event_filter_test.c
··· 208 208 return success; 209 209 } 210 210 211 - static struct kvm_pmu_event_filter *make_pmu_event_filter(uint32_t nevents) 211 + static struct kvm_pmu_event_filter *alloc_pmu_event_filter(uint32_t nevents) 212 212 { 213 213 struct kvm_pmu_event_filter *f; 214 214 int size = sizeof(*f) + nevents * sizeof(f->events[0]); ··· 220 220 return f; 221 221 } 222 222 223 - static struct kvm_pmu_event_filter *event_filter(uint32_t action) 223 + 224 + static struct kvm_pmu_event_filter * 225 + create_pmu_event_filter(const uint64_t event_list[], 226 + int nevents, uint32_t action) 224 227 { 225 228 struct kvm_pmu_event_filter *f; 226 229 int i; 227 230 228 - f = make_pmu_event_filter(ARRAY_SIZE(event_list)); 231 + f = alloc_pmu_event_filter(nevents); 229 232 f->action = action; 230 - for (i = 0; i < ARRAY_SIZE(event_list); i++) 233 + for (i = 0; i < nevents; i++) 231 234 f->events[i] = event_list[i]; 232 235 233 236 return f; 237 + } 238 + 239 + static struct kvm_pmu_event_filter *event_filter(uint32_t action) 240 + { 241 + return create_pmu_event_filter(event_list, 242 + ARRAY_SIZE(event_list), 243 + action); 234 244 } 235 245 236 246 /* ··· 279 269 { 280 270 vm_ioctl(vm, KVM_SET_PMU_EVENT_FILTER, (void *)f); 281 271 return run_vm_to_sync(vm); 272 + } 273 + 274 + static void test_amd_deny_list(struct kvm_vm *vm) 275 + { 276 + uint64_t event = EVENT(0x1C2, 0); 277 + struct kvm_pmu_event_filter *f; 278 + uint64_t count; 279 + 280 + f = create_pmu_event_filter(&event, 1, KVM_PMU_EVENT_DENY); 281 + count = test_with_filter(vm, f); 282 + 283 + free(f); 284 + if (count != NUM_BRANCHES) 285 + pr_info("%s: Branch instructions retired = %lu (expected %u)\n", 286 + __func__, count, NUM_BRANCHES); 287 + TEST_ASSERT(count, "Allowed PMU event is not counting"); 282 288 } 283 289 284 290 static void test_member_deny_list(struct kvm_vm *vm) ··· 478 452 print_skip("Guest PMU is not functional"); 479 453 exit(KSFT_SKIP); 480 454 } 455 + 456 + if (use_amd_pmu()) 457 + test_amd_deny_list(vm); 481 458 482 459 test_without_filter(vm); 483 460 test_member_deny_list(vm);
+2 -1
virt/kvm/eventfd.c
··· 77 77 78 78 idx = srcu_read_lock(&kvm->irq_srcu); 79 79 80 - list_for_each_entry_rcu(irqfd, &resampler->list, resampler_link) 80 + list_for_each_entry_srcu(irqfd, &resampler->list, resampler_link, 81 + srcu_read_lock_held(&kvm->irq_srcu)) 81 82 eventfd_signal(irqfd->resamplefd, 1); 82 83 83 84 srcu_read_unlock(&kvm->irq_srcu, idx);
+1 -1
virt/kvm/kvm_main.c
··· 1560 1560 r = kvm_arch_prepare_memory_region(kvm, old, new, change); 1561 1561 1562 1562 /* Free the bitmap on failure if it was allocated above. */ 1563 - if (r && new && new->dirty_bitmap && old && !old->dirty_bitmap) 1563 + if (r && new && new->dirty_bitmap && (!old || !old->dirty_bitmap)) 1564 1564 kvm_destroy_dirty_bitmap(new); 1565 1565 1566 1566 return r;