tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull more kvm fixes from Paolo Bonzini:

- Static analysis fix

- New SEV-ES protocol for communicating invalid VMGEXIT requests

- Ensure APICv is considered inactive if there is no APIC

- Fix reserved bits for AMD PerfEvtSeln register

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure
KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary
KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails
KVM: x86/mmu: Retry page fault if root is invalidated by memslot update
KVM: VMX: Set failure code in prepare_vmcs02()
KVM: ensure APICv is considered inactive if there is no APIC
KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register

Linus Torvalds 90bf8d98 79a72162

+106 -51
+1
arch/x86/include/asm/kvm_host.h
··· 1036 1036 #define APICV_INHIBIT_REASON_PIT_REINJ 4 1037 1037 #define APICV_INHIBIT_REASON_X2APIC 5 1038 1038 #define APICV_INHIBIT_REASON_BLOCKIRQ 6 1039 + #define APICV_INHIBIT_REASON_ABSENT 7 1039 1040 1040 1041 struct kvm_arch { 1041 1042 unsigned long n_used_mmu_pages;
+11
arch/x86/include/asm/sev-common.h
··· 73 73 74 74 #define GHCB_RESP_CODE(v) ((v) & GHCB_MSR_INFO_MASK) 75 75 76 + /* 77 + * Error codes related to GHCB input that can be communicated back to the guest 78 + * by setting the lower 32-bits of the GHCB SW_EXITINFO1 field to 2. 79 + */ 80 + #define GHCB_ERR_NOT_REGISTERED 1 81 + #define GHCB_ERR_INVALID_USAGE 2 82 + #define GHCB_ERR_INVALID_SCRATCH_AREA 3 83 + #define GHCB_ERR_MISSING_INPUT 4 84 + #define GHCB_ERR_INVALID_INPUT 5 85 + #define GHCB_ERR_INVALID_EVENT 6 86 + 76 87 #endif
+21 -2
arch/x86/kvm/mmu/mmu.c
··· 1936 1936 1937 1937 static bool is_obsolete_sp(struct kvm *kvm, struct kvm_mmu_page *sp) 1938 1938 { 1939 - return sp->role.invalid || 1939 + if (sp->role.invalid) 1940 + return true; 1941 + 1942 + /* TDP MMU pages due not use the MMU generation. */ 1943 + return !sp->tdp_mmu_page && 1940 1944 unlikely(sp->mmu_valid_gen != kvm->arch.mmu_valid_gen); 1941 1945 } 1942 1946 ··· 3980 3976 return true; 3981 3977 } 3982 3978 3979 + /* 3980 + * Returns true if the page fault is stale and needs to be retried, i.e. if the 3981 + * root was invalidated by a memslot update or a relevant mmu_notifier fired. 3982 + */ 3983 + static bool is_page_fault_stale(struct kvm_vcpu *vcpu, 3984 + struct kvm_page_fault *fault, int mmu_seq) 3985 + { 3986 + if (is_obsolete_sp(vcpu->kvm, to_shadow_page(vcpu->arch.mmu->root_hpa))) 3987 + return true; 3988 + 3989 + return fault->slot && 3990 + mmu_notifier_retry_hva(vcpu->kvm, mmu_seq, fault->hva); 3991 + } 3992 + 3983 3993 static int direct_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) 3984 3994 { 3985 3995 bool is_tdp_mmu_fault = is_tdp_mmu(vcpu->arch.mmu); ··· 4031 4013 else 4032 4014 write_lock(&vcpu->kvm->mmu_lock); 4033 4015 4034 - if (fault->slot && mmu_notifier_retry_hva(vcpu->kvm, mmu_seq, fault->hva)) 4016 + if (is_page_fault_stale(vcpu, fault, mmu_seq)) 4035 4017 goto out_unlock; 4018 + 4036 4019 r = make_mmu_pages_available(vcpu); 4037 4020 if (r) 4038 4021 goto out_unlock;
+2 -1
arch/x86/kvm/mmu/paging_tmpl.h
··· 911 911 912 912 r = RET_PF_RETRY; 913 913 write_lock(&vcpu->kvm->mmu_lock); 914 - if (fault->slot && mmu_notifier_retry_hva(vcpu->kvm, mmu_seq, fault->hva)) 914 + 915 + if (is_page_fault_stale(vcpu, fault, mmu_seq)) 915 916 goto out_unlock; 916 917 917 918 kvm_mmu_audit(vcpu, AUDIT_PRE_PAGE_FAULT);
+1
arch/x86/kvm/svm/avic.c
··· 900 900 bool svm_check_apicv_inhibit_reasons(ulong bit) 901 901 { 902 902 ulong supported = BIT(APICV_INHIBIT_REASON_DISABLE) | 903 + BIT(APICV_INHIBIT_REASON_ABSENT) | 903 904 BIT(APICV_INHIBIT_REASON_HYPERV) | 904 905 BIT(APICV_INHIBIT_REASON_NESTED) | 905 906 BIT(APICV_INHIBIT_REASON_IRQWIN) |
+1 -1
arch/x86/kvm/svm/pmu.c
··· 281 281 pmu->nr_arch_gp_counters = AMD64_NUM_COUNTERS; 282 282 283 283 pmu->counter_bitmask[KVM_PMC_GP] = ((u64)1 << 48) - 1; 284 - pmu->reserved_bits = 0xffffffff00200000ull; 284 + pmu->reserved_bits = 0xfffffff000280000ull; 285 285 pmu->version = 1; 286 286 /* not applicable to AMD; but clean them to prevent any fall out */ 287 287 pmu->counter_bitmask[KVM_PMC_FIXED] = 0;
+60 -42
arch/x86/kvm/svm/sev.c
··· 2260 2260 __free_page(virt_to_page(svm->sev_es.vmsa)); 2261 2261 2262 2262 if (svm->sev_es.ghcb_sa_free) 2263 - kfree(svm->sev_es.ghcb_sa); 2263 + kvfree(svm->sev_es.ghcb_sa); 2264 2264 } 2265 2265 2266 2266 static void dump_ghcb(struct vcpu_svm *svm) ··· 2352 2352 memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitmap)); 2353 2353 } 2354 2354 2355 - static int sev_es_validate_vmgexit(struct vcpu_svm *svm) 2355 + static bool sev_es_validate_vmgexit(struct vcpu_svm *svm) 2356 2356 { 2357 2357 struct kvm_vcpu *vcpu; 2358 2358 struct ghcb *ghcb; 2359 - u64 exit_code = 0; 2359 + u64 exit_code; 2360 + u64 reason; 2360 2361 2361 2362 ghcb = svm->sev_es.ghcb; 2362 2363 2363 - /* Only GHCB Usage code 0 is supported */ 2364 - if (ghcb->ghcb_usage) 2365 - goto vmgexit_err; 2366 - 2367 2364 /* 2368 - * Retrieve the exit code now even though is may not be marked valid 2365 + * Retrieve the exit code now even though it may not be marked valid 2369 2366 * as it could help with debugging. 2370 2367 */ 2371 2368 exit_code = ghcb_get_sw_exit_code(ghcb); 2369 + 2370 + /* Only GHCB Usage code 0 is supported */ 2371 + if (ghcb->ghcb_usage) { 2372 + reason = GHCB_ERR_INVALID_USAGE; 2373 + goto vmgexit_err; 2374 + } 2375 + 2376 + reason = GHCB_ERR_MISSING_INPUT; 2372 2377 2373 2378 if (!ghcb_sw_exit_code_is_valid(ghcb) || 2374 2379 !ghcb_sw_exit_info_1_is_valid(ghcb) || ··· 2453 2448 case SVM_VMGEXIT_UNSUPPORTED_EVENT: 2454 2449 break; 2455 2450 default: 2451 + reason = GHCB_ERR_INVALID_EVENT; 2456 2452 goto vmgexit_err; 2457 2453 } 2458 2454 2459 - return 0; 2455 + return true; 2460 2456 2461 2457 vmgexit_err: 2462 2458 vcpu = &svm->vcpu; 2463 2459 2464 - if (ghcb->ghcb_usage) { 2460 + if (reason == GHCB_ERR_INVALID_USAGE) { 2465 2461 vcpu_unimpl(vcpu, "vmgexit: ghcb usage %#x is not valid\n", 2466 2462 ghcb->ghcb_usage); 2463 + } else if (reason == GHCB_ERR_INVALID_EVENT) { 2464 + vcpu_unimpl(vcpu, "vmgexit: exit code %#llx is not valid\n", 2465 + exit_code); 2467 2466 } else { 2468 - vcpu_unimpl(vcpu, "vmgexit: exit reason %#llx is not valid\n", 2467 + vcpu_unimpl(vcpu, "vmgexit: exit code %#llx input is not valid\n", 2469 2468 exit_code); 2470 2469 dump_ghcb(svm); 2471 2470 } 2472 2471 2473 - vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; 2474 - vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_UNEXPECTED_EXIT_REASON; 2475 - vcpu->run->internal.ndata = 2; 2476 - vcpu->run->internal.data[0] = exit_code; 2477 - vcpu->run->internal.data[1] = vcpu->arch.last_vmentry_cpu; 2472 + /* Clear the valid entries fields */ 2473 + memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitmap)); 2478 2474 2479 - return -EINVAL; 2475 + ghcb_set_sw_exit_info_1(ghcb, 2); 2476 + ghcb_set_sw_exit_info_2(ghcb, reason); 2477 + 2478 + return false; 2480 2479 } 2481 2480 2482 2481 void sev_es_unmap_ghcb(struct vcpu_svm *svm) ··· 2502 2493 svm->sev_es.ghcb_sa_sync = false; 2503 2494 } 2504 2495 2505 - kfree(svm->sev_es.ghcb_sa); 2496 + kvfree(svm->sev_es.ghcb_sa); 2506 2497 svm->sev_es.ghcb_sa = NULL; 2507 2498 svm->sev_es.ghcb_sa_free = false; 2508 2499 } ··· 2550 2541 scratch_gpa_beg = ghcb_get_sw_scratch(ghcb); 2551 2542 if (!scratch_gpa_beg) { 2552 2543 pr_err("vmgexit: scratch gpa not provided\n"); 2553 - return false; 2544 + goto e_scratch; 2554 2545 } 2555 2546 2556 2547 scratch_gpa_end = scratch_gpa_beg + len; 2557 2548 if (scratch_gpa_end < scratch_gpa_beg) { 2558 2549 pr_err("vmgexit: scratch length (%#llx) not valid for scratch address (%#llx)\n", 2559 2550 len, scratch_gpa_beg); 2560 - return false; 2551 + goto e_scratch; 2561 2552 } 2562 2553 2563 2554 if ((scratch_gpa_beg & PAGE_MASK) == control->ghcb_gpa) { ··· 2575 2566 scratch_gpa_end > ghcb_scratch_end) { 2576 2567 pr_err("vmgexit: scratch area is outside of GHCB shared buffer area (%#llx - %#llx)\n", 2577 2568 scratch_gpa_beg, scratch_gpa_end); 2578 - return false; 2569 + goto e_scratch; 2579 2570 } 2580 2571 2581 2572 scratch_va = (void *)svm->sev_es.ghcb; ··· 2588 2579 if (len > GHCB_SCRATCH_AREA_LIMIT) { 2589 2580 pr_err("vmgexit: scratch area exceeds KVM limits (%#llx requested, %#llx limit)\n", 2590 2581 len, GHCB_SCRATCH_AREA_LIMIT); 2591 - return false; 2582 + goto e_scratch; 2592 2583 } 2593 - scratch_va = kzalloc(len, GFP_KERNEL_ACCOUNT); 2584 + scratch_va = kvzalloc(len, GFP_KERNEL_ACCOUNT); 2594 2585 if (!scratch_va) 2595 - return false; 2586 + goto e_scratch; 2596 2587 2597 2588 if (kvm_read_guest(svm->vcpu.kvm, scratch_gpa_beg, scratch_va, len)) { 2598 2589 /* Unable to copy scratch area from guest */ 2599 2590 pr_err("vmgexit: kvm_read_guest for scratch area failed\n"); 2600 2591 2601 - kfree(scratch_va); 2602 - return false; 2592 + kvfree(scratch_va); 2593 + goto e_scratch; 2603 2594 } 2604 2595 2605 2596 /* ··· 2616 2607 svm->sev_es.ghcb_sa_len = len; 2617 2608 2618 2609 return true; 2610 + 2611 + e_scratch: 2612 + ghcb_set_sw_exit_info_1(ghcb, 2); 2613 + ghcb_set_sw_exit_info_2(ghcb, GHCB_ERR_INVALID_SCRATCH_AREA); 2614 + 2615 + return false; 2619 2616 } 2620 2617 2621 2618 static void set_ghcb_msr_bits(struct vcpu_svm *svm, u64 value, u64 mask, ··· 2672 2657 2673 2658 ret = svm_invoke_exit_handler(vcpu, SVM_EXIT_CPUID); 2674 2659 if (!ret) { 2675 - ret = -EINVAL; 2660 + /* Error, keep GHCB MSR value as-is */ 2676 2661 break; 2677 2662 } 2678 2663 ··· 2708 2693 GHCB_MSR_TERM_REASON_POS); 2709 2694 pr_info("SEV-ES guest requested termination: %#llx:%#llx\n", 2710 2695 reason_set, reason_code); 2711 - fallthrough; 2696 + 2697 + ret = -EINVAL; 2698 + break; 2712 2699 } 2713 2700 default: 2714 - ret = -EINVAL; 2701 + /* Error, keep GHCB MSR value as-is */ 2702 + break; 2715 2703 } 2716 2704 2717 2705 trace_kvm_vmgexit_msr_protocol_exit(svm->vcpu.vcpu_id, ··· 2738 2720 2739 2721 if (!ghcb_gpa) { 2740 2722 vcpu_unimpl(vcpu, "vmgexit: GHCB gpa is not set\n"); 2741 - return -EINVAL; 2723 + 2724 + /* Without a GHCB, just return right back to the guest */ 2725 + return 1; 2742 2726 } 2743 2727 2744 2728 if (kvm_vcpu_map(vcpu, ghcb_gpa >> PAGE_SHIFT, &svm->sev_es.ghcb_map)) { 2745 2729 /* Unable to map GHCB from guest */ 2746 2730 vcpu_unimpl(vcpu, "vmgexit: error mapping GHCB [%#llx] from guest\n", 2747 2731 ghcb_gpa); 2748 - return -EINVAL; 2732 + 2733 + /* Without a GHCB, just return right back to the guest */ 2734 + return 1; 2749 2735 } 2750 2736 2751 2737 svm->sev_es.ghcb = svm->sev_es.ghcb_map.hva; ··· 2759 2737 2760 2738 exit_code = ghcb_get_sw_exit_code(ghcb); 2761 2739 2762 - ret = sev_es_validate_vmgexit(svm); 2763 - if (ret) 2764 - return ret; 2740 + if (!sev_es_validate_vmgexit(svm)) 2741 + return 1; 2765 2742 2766 2743 sev_es_sync_from_ghcb(svm); 2767 2744 ghcb_set_sw_exit_info_1(ghcb, 0); 2768 2745 ghcb_set_sw_exit_info_2(ghcb, 0); 2769 2746 2770 - ret = -EINVAL; 2747 + ret = 1; 2771 2748 switch (exit_code) { 2772 2749 case SVM_VMGEXIT_MMIO_READ: 2773 2750 if (!setup_vmgexit_scratch(svm, true, control->exit_info_2)) ··· 2807 2786 default: 2808 2787 pr_err("svm: vmgexit: unsupported AP jump table request - exit_info_1=%#llx\n", 2809 2788 control->exit_info_1); 2810 - ghcb_set_sw_exit_info_1(ghcb, 1); 2811 - ghcb_set_sw_exit_info_2(ghcb, 2812 - X86_TRAP_UD | 2813 - SVM_EVTINJ_TYPE_EXEPT | 2814 - SVM_EVTINJ_VALID); 2789 + ghcb_set_sw_exit_info_1(ghcb, 2); 2790 + ghcb_set_sw_exit_info_2(ghcb, GHCB_ERR_INVALID_INPUT); 2815 2791 } 2816 2792 2817 - ret = 1; 2818 2793 break; 2819 2794 } 2820 2795 case SVM_VMGEXIT_UNSUPPORTED_EVENT: 2821 2796 vcpu_unimpl(vcpu, 2822 2797 "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", 2823 2798 control->exit_info_1, control->exit_info_2); 2799 + ret = -EINVAL; 2824 2800 break; 2825 2801 default: 2826 2802 ret = svm_invoke_exit_handler(vcpu, exit_code); ··· 2839 2821 return -EINVAL; 2840 2822 2841 2823 if (!setup_vmgexit_scratch(svm, in, bytes)) 2842 - return -EINVAL; 2824 + return 1; 2843 2825 2844 2826 return kvm_sev_es_string_io(&svm->vcpu, size, port, svm->sev_es.ghcb_sa, 2845 2827 count, in);
+3 -1
arch/x86/kvm/vmx/nested.c
··· 2591 2591 2592 2592 if ((vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL) && 2593 2593 WARN_ON_ONCE(kvm_set_msr(vcpu, MSR_CORE_PERF_GLOBAL_CTRL, 2594 - vmcs12->guest_ia32_perf_global_ctrl))) 2594 + vmcs12->guest_ia32_perf_global_ctrl))) { 2595 + *entry_failure_code = ENTRY_FAIL_DEFAULT; 2595 2596 return -EINVAL; 2597 + } 2596 2598 2597 2599 kvm_rsp_write(vcpu, vmcs12->guest_rsp); 2598 2600 kvm_rip_write(vcpu, vmcs12->guest_rip);
+1
arch/x86/kvm/vmx/vmx.c
··· 7525 7525 static bool vmx_check_apicv_inhibit_reasons(ulong bit) 7526 7526 { 7527 7527 ulong supported = BIT(APICV_INHIBIT_REASON_DISABLE) | 7528 + BIT(APICV_INHIBIT_REASON_ABSENT) | 7528 7529 BIT(APICV_INHIBIT_REASON_HYPERV) | 7529 7530 BIT(APICV_INHIBIT_REASON_BLOCKIRQ); 7530 7531
+5 -4
arch/x86/kvm/x86.c
··· 5740 5740 smp_wmb(); 5741 5741 kvm->arch.irqchip_mode = KVM_IRQCHIP_SPLIT; 5742 5742 kvm->arch.nr_reserved_ioapic_pins = cap->args[0]; 5743 + kvm_request_apicv_update(kvm, true, APICV_INHIBIT_REASON_ABSENT); 5743 5744 r = 0; 5744 5745 split_irqchip_unlock: 5745 5746 mutex_unlock(&kvm->lock); ··· 6121 6120 /* Write kvm->irq_routing before enabling irqchip_in_kernel. */ 6122 6121 smp_wmb(); 6123 6122 kvm->arch.irqchip_mode = KVM_IRQCHIP_KERNEL; 6123 + kvm_request_apicv_update(kvm, true, APICV_INHIBIT_REASON_ABSENT); 6124 6124 create_irqchip_unlock: 6125 6125 mutex_unlock(&kvm->lock); 6126 6126 break; ··· 8820 8818 { 8821 8819 init_rwsem(&kvm->arch.apicv_update_lock); 8822 8820 8823 - if (enable_apicv) 8824 - clear_bit(APICV_INHIBIT_REASON_DISABLE, 8825 - &kvm->arch.apicv_inhibit_reasons); 8826 - else 8821 + set_bit(APICV_INHIBIT_REASON_ABSENT, 8822 + &kvm->arch.apicv_inhibit_reasons); 8823 + if (!enable_apicv) 8827 8824 set_bit(APICV_INHIBIT_REASON_DISABLE, 8828 8825 &kvm->arch.apicv_inhibit_reasons); 8829 8826 }