Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fixes from Paolo Bonzini:
- A series of fixes to the MTRR emulation, tested in the BZ by several
users so they should be safe this late
- A fix for a division by zero
- Two very simple ARM and PPC fixes
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86: Reload pit counters for all channels when restoring state
KVM: MTRR: treat memory as writeback if MTRR is disabled in guest CPUID
KVM: MTRR: observe maxphyaddr from guest CPUID, not host
KVM: MTRR: fix fixed MTRR segment look up
KVM: VMX: Fix host initiated access to guest MSR_TSC_AUX
KVM: arm/arm64: vgic: Fix kvm_vgic_map_is_active's dist check
kvm: x86: move tracepoints outside extended quiescent state
KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR
+48
-16
+6
arch/powerpc/kvm/book3s_hv.c
+6
arch/powerpc/kvm/book3s_hv.c
···
224
224
225
225
static void kvmppc_set_msr_hv(struct kvm_vcpu *vcpu, u64 msr)
226
226
{
227
+
/*
228
+
* Check for illegal transactional state bit combination
229
+
* and if we find it, force the TS field to a safe state.
230
+
*/
231
+
if ((msr & MSR_TS_MASK) == MSR_TS_MASK)
232
+
msr &= ~MSR_TS_MASK;
227
233
vcpu->arch.shregs.msr = msr;
228
234
kvmppc_end_cede(vcpu);
229
235
}
+8
arch/x86/kvm/cpuid.h
+8
arch/x86/kvm/cpuid.h
···
38
38
return best && (best->ecx & bit(X86_FEATURE_XSAVE));
39
39
}
40
40
41
+
static inline bool guest_cpuid_has_mtrr(struct kvm_vcpu *vcpu)
42
+
{
43
+
struct kvm_cpuid_entry2 *best;
44
+
45
+
best = kvm_find_cpuid_entry(vcpu, 1, 0);
46
+
return best && (best->edx & bit(X86_FEATURE_MTRR));
47
+
}
48
+
41
49
static inline bool guest_cpuid_has_tsc_adjust(struct kvm_vcpu *vcpu)
42
50
{
43
51
struct kvm_cpuid_entry2 *best;
+19
-6
arch/x86/kvm/mtrr.c
+19
-6
arch/x86/kvm/mtrr.c
···
120
120
return mtrr_state->deftype & IA32_MTRR_DEF_TYPE_TYPE_MASK;
121
121
}
122
122
123
-
static u8 mtrr_disabled_type(void)
123
+
static u8 mtrr_disabled_type(struct kvm_vcpu *vcpu)
124
124
{
125
125
/*
126
126
* Intel SDM 11.11.2.2: all MTRRs are disabled when
127
127
* IA32_MTRR_DEF_TYPE.E bit is cleared, and the UC
128
128
* memory type is applied to all of physical memory.
129
+
*
130
+
* However, virtual machines can be run with CPUID such that
131
+
* there are no MTRRs. In that case, the firmware will never
132
+
* enable MTRRs and it is obviously undesirable to run the
133
+
* guest entirely with UC memory and we use WB.
129
134
*/
130
-
return MTRR_TYPE_UNCACHABLE;
135
+
if (guest_cpuid_has_mtrr(vcpu))
136
+
return MTRR_TYPE_UNCACHABLE;
137
+
else
138
+
return MTRR_TYPE_WRBACK;
131
139
}
132
140
133
141
/*
···
275
267
276
268
for (seg = 0; seg < seg_num; seg++) {
277
269
mtrr_seg = &fixed_seg_table[seg];
278
-
if (mtrr_seg->start >= addr && addr < mtrr_seg->end)
270
+
if (mtrr_seg->start <= addr && addr < mtrr_seg->end)
279
271
return seg;
280
272
}
281
273
···
308
300
*start = range->base & PAGE_MASK;
309
301
310
302
mask = range->mask & PAGE_MASK;
311
-
mask |= ~0ULL << boot_cpu_data.x86_phys_bits;
312
303
313
304
/* This cannot overflow because writing to the reserved bits of
314
305
* variable MTRRs causes a #GP.
···
363
356
if (var_mtrr_range_is_valid(cur))
364
357
list_del(&mtrr_state->var_ranges[index].node);
365
358
359
+
/* Extend the mask with all 1 bits to the left, since those
360
+
* bits must implicitly be 0. The bits are then cleared
361
+
* when reading them.
362
+
*/
366
363
if (!is_mtrr_mask)
367
364
cur->base = data;
368
365
else
369
-
cur->mask = data;
366
+
cur->mask = data | (-1LL << cpuid_maxphyaddr(vcpu));
370
367
371
368
/* add it to the list if it's enabled. */
372
369
if (var_mtrr_range_is_valid(cur)) {
···
437
426
*pdata = vcpu->arch.mtrr_state.var_ranges[index].base;
438
427
else
439
428
*pdata = vcpu->arch.mtrr_state.var_ranges[index].mask;
429
+
430
+
*pdata &= (1ULL << cpuid_maxphyaddr(vcpu)) - 1;
440
431
}
441
432
442
433
return 0;
···
683
670
}
684
671
685
672
if (iter.mtrr_disabled)
686
-
return mtrr_disabled_type();
673
+
return mtrr_disabled_type(vcpu);
687
674
688
675
/* not contained in any MTRRs. */
689
676
if (type == -1)
+2
-2
arch/x86/kvm/svm.c
+2
-2
arch/x86/kvm/svm.c
···
3422
3422
struct kvm_run *kvm_run = vcpu->run;
3423
3423
u32 exit_code = svm->vmcb->control.exit_code;
3424
3424
3425
+
trace_kvm_exit(exit_code, vcpu, KVM_ISA_SVM);
3426
+
3425
3427
if (!is_cr_intercept(svm, INTERCEPT_CR0_WRITE))
3426
3428
vcpu->arch.cr0 = svm->vmcb->save.cr0;
3427
3429
if (npt_enabled)
···
3893
3891
vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax;
3894
3892
vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp;
3895
3893
vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip;
3896
-
3897
-
trace_kvm_exit(svm->vmcb->control.exit_code, vcpu, KVM_ISA_SVM);
3898
3894
3899
3895
if (unlikely(svm->vmcb->control.exit_code == SVM_EXIT_NMI))
3900
3896
kvm_before_handle_nmi(&svm->vcpu);
+4
-3
arch/x86/kvm/vmx.c
+4
-3
arch/x86/kvm/vmx.c
···
2803
2803
msr_info->data = vcpu->arch.ia32_xss;
2804
2804
break;
2805
2805
case MSR_TSC_AUX:
2806
-
if (!guest_cpuid_has_rdtscp(vcpu))
2806
+
if (!guest_cpuid_has_rdtscp(vcpu) && !msr_info->host_initiated)
2807
2807
return 1;
2808
2808
/* Otherwise falls through */
2809
2809
default:
···
2909
2909
clear_atomic_switch_msr(vmx, MSR_IA32_XSS);
2910
2910
break;
2911
2911
case MSR_TSC_AUX:
2912
-
if (!guest_cpuid_has_rdtscp(vcpu))
2912
+
if (!guest_cpuid_has_rdtscp(vcpu) && !msr_info->host_initiated)
2913
2913
return 1;
2914
2914
/* Check reserved bit, higher 32 bits should be zero */
2915
2915
if ((data >> 32) != 0)
···
8042
8042
u32 exit_reason = vmx->exit_reason;
8043
8043
u32 vectoring_info = vmx->idt_vectoring_info;
8044
8044
8045
+
trace_kvm_exit(exit_reason, vcpu, KVM_ISA_VMX);
8046
+
8045
8047
/*
8046
8048
* Flush logged GPAs PML buffer, this will make dirty_bitmap more
8047
8049
* updated. Another good is, in kvm_vm_ioctl_get_dirty_log, before
···
8670
8668
vmx->loaded_vmcs->launched = 1;
8671
8669
8672
8670
vmx->exit_reason = vmcs_read32(VM_EXIT_REASON);
8673
-
trace_kvm_exit(vmx->exit_reason, vcpu, KVM_ISA_VMX);
8674
8671
8675
8672
/*
8676
8673
* the KVM_REQ_EVENT optimization bit is only on for one entry, and if
+8
-4
arch/x86/kvm/x86.c
+8
-4
arch/x86/kvm/x86.c
···
3572
3572
3573
3573
static int kvm_vm_ioctl_set_pit(struct kvm *kvm, struct kvm_pit_state *ps)
3574
3574
{
3575
+
int i;
3575
3576
mutex_lock(&kvm->arch.vpit->pit_state.lock);
3576
3577
memcpy(&kvm->arch.vpit->pit_state, ps, sizeof(struct kvm_pit_state));
3577
-
kvm_pit_load_count(kvm, 0, ps->channels[0].count, 0);
3578
+
for (i = 0; i < 3; i++)
3579
+
kvm_pit_load_count(kvm, i, ps->channels[i].count, 0);
3578
3580
mutex_unlock(&kvm->arch.vpit->pit_state.lock);
3579
3581
return 0;
3580
3582
}
···
3595
3593
static int kvm_vm_ioctl_set_pit2(struct kvm *kvm, struct kvm_pit_state2 *ps)
3596
3594
{
3597
3595
int start = 0;
3596
+
int i;
3598
3597
u32 prev_legacy, cur_legacy;
3599
3598
mutex_lock(&kvm->arch.vpit->pit_state.lock);
3600
3599
prev_legacy = kvm->arch.vpit->pit_state.flags & KVM_PIT_FLAGS_HPET_LEGACY;
···
3605
3602
memcpy(&kvm->arch.vpit->pit_state.channels, &ps->channels,
3606
3603
sizeof(kvm->arch.vpit->pit_state.channels));
3607
3604
kvm->arch.vpit->pit_state.flags = ps->flags;
3608
-
kvm_pit_load_count(kvm, 0, kvm->arch.vpit->pit_state.channels[0].count, start);
3605
+
for (i = 0; i < 3; i++)
3606
+
kvm_pit_load_count(kvm, i, kvm->arch.vpit->pit_state.channels[i].count, start);
3609
3607
mutex_unlock(&kvm->arch.vpit->pit_state.lock);
3610
3608
return 0;
3611
3609
}
···
6519
6515
if (req_immediate_exit)
6520
6516
smp_send_reschedule(vcpu->cpu);
6521
6517
6518
+
trace_kvm_entry(vcpu->vcpu_id);
6519
+
wait_lapic_expire(vcpu);
6522
6520
__kvm_guest_enter();
6523
6521
6524
6522
if (unlikely(vcpu->arch.switch_db_regs)) {
···
6533
6527
vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_RELOAD;
6534
6528
}
6535
6529
6536
-
trace_kvm_entry(vcpu->vcpu_id);
6537
-
wait_lapic_expire(vcpu);
6538
6530
kvm_x86_ops->run(vcpu);
6539
6531
6540
6532
/*