mbox series

[GIT,PULL] KVM: x86: Fixes for 6.9-rcN

Message ID 20240411203529.1866998-1-seanjc@google.com (mailing list archive)
State New, archived
Headers show
Series [GIT,PULL] KVM: x86: Fixes for 6.9-rcN | expand

Pull-request

https://github.com/kvm-x86/linux.git tags/kvm-x86-fixes-6.9-rcN

Message

Sean Christopherson April 11, 2024, 8:35 p.m. UTC
Please pull a big pile of fixes for 6.9.  Many of these were sent even before
the 6.9 merge window, but I was on vacation until rc2, and things piled up.

The back half of the commits were _just_ rebased to drop my version of the
LVTPC masking fixes, but that's your fault. :-)  For giggles, I also pushed
kvm-x86 tags/kvm-x86-fixed-6.9-rcN-unrebased if you or anyone else want a paper
trail for the pre-rebase commits.

Note, there's a perf change in here that didn't get an Ack from anyone, but the
fixes have been on-list for over a month, and I can't imagine anyone objecting
to adding a new feature flag to x86_pmu_capability, which for all intents and
purposes exists purely for KVM.

Thanks!

The following changes since commit fec50db7033ea478773b159e0e2efb135270e3b7:

  Linux 6.9-rc3 (2024-04-07 13:22:46 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-fixes-6.9-rcN

for you to fetch changes up to eefb85b3f0310c2f4149c50cb9b13094ed1dde25:

  KVM: Drop unused @may_block param from gfn_to_pfn_cache_invalidate_start() (2024-04-11 12:58:53 -0700)

----------------------------------------------------------------
KVM fixes for 6.9-rcN:

 - Fix a mostly benign bug in the gfn_to_pfn_cache infrastructure where KVM
   would allow userspace to refresh the cache with a bogus GPA.  The bug has
   existed for quite some time, but was exposed by a new sanity check added in
   6.9 (to ensure a cache is either GPA-based or HVA-based).

 - Drop an unused param from gfn_to_pfn_cache_invalidate_start() that got left
   behind during a 6.9 cleanup.

 - Disable support for virtualizing adaptive PEBS, as KVM's implementation is
   architecturally broken and can leak host LBRs to the guest.

 - Fix a bug where KVM neglects to set the enable bits for general purpose
   counters in PERF_GLOBAL_CTRL when initializing the virtual PMU.  Both Intel
   and AMD architectures require the bits to be set at RESET in order for v2
   PMUs to be backwards compatible with software that was written for v1 PMUs,
   i.e. for software that will never manually set the global enables.

 - Disable LBR virtualization on CPUs that don't support LBR callstacks, as
   KVM unconditionally uses PERF_SAMPLE_BRANCH_CALL_STACK when creating the
   virtual LBR perf event, i.e. KVM will always fail to create LBR events on
   such CPUs.

 - Fix a math goof in x86's hugepage logic for KVM_SET_MEMORY_ATTRIBUTES that
   results in an array overflow (detected by KASAN).

 - Fix a flaw in the max_guest_memory selftest that results in it exhausting
   the supply of ucall structures when run with more than 256 vCPUs.

 - Mark KVM_MEM_READONLY as supported for RISC-V in set_memory_region_test.

 - Fix a bug where KVM incorrectly thinks a TDP MMU root is an indirect shadow
   root due KVM unnecessarily clobbering root_role.direct when userspace sets
   guest CPUID.

 - Fix a dirty logging bug in the where KVM fails to write-protect TDP MMU
   SPTEs used for L2 if Page-Modification Logging is enabled for L1 and the L1
   hypervisor is NOT using EPT (if nEPT is enabled, KVM doesn't use the TDP MMU
   to run L2).  For simplicity, KVM always disables PML when running L2, but
   the TDP MMU wasn't accounting for root-specific conditions that force write-
   protect based dirty logging.

----------------------------------------------------------------
Andrew Jones (1):
      KVM: selftests: fix supported_flags for riscv

David Matlack (4):
      KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status
      KVM: x86/mmu: Remove function comments above clear_dirty_{gfn_range,pt_masked}()
      KVM: x86/mmu: Fix and clarify comments about clearing D-bit vs. write-protecting
      KVM: selftests: Add coverage of EPT-disabled to vmx_dirty_log_test

Maxim Levitsky (1):
      KVM: selftests: fix max_guest_memory_test with more that 256 vCPUs

Rick Edgecombe (1):
      KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes

Sean Christopherson (11):
      KVM: Add helpers to consolidate gfn_to_pfn_cache's page split check
      KVM: Check validity of offset+length of gfn_to_pfn_cache prior to activation
      KVM: Explicitly disallow activatating a gfn_to_pfn_cache with INVALID_GPA
      KVM: x86/pmu: Disable support for adaptive PEBS
      KVM: x86/pmu: Set enable bits for GP counters in PERF_GLOBAL_CTRL at "RESET"
      KVM: selftests: Verify post-RESET value of PERF_GLOBAL_CTRL in PMCs test
      KVM: VMX: Snapshot LBR capabilities during module initialization
      perf/x86/intel: Expose existence of callback support to KVM
      KVM: VMX: Disable LBR virtualization if the CPU doesn't support LBR callstacks
      KVM: x86/mmu: Precisely invalidate MMU root_role during CPUID update
      KVM: Drop unused @may_block param from gfn_to_pfn_cache_invalidate_start()

Tao Su (1):
      KVM: VMX: Ignore MKTME KeyID bits when intercepting #PF for allow_smaller_maxphyaddr

 arch/x86/events/intel/lbr.c                        |  1 +
 arch/x86/include/asm/perf_event.h                  |  1 +
 arch/x86/kvm/mmu/mmu.c                             |  9 ++--
 arch/x86/kvm/mmu/tdp_mmu.c                         | 51 ++++++++----------
 arch/x86/kvm/pmu.c                                 | 16 +++++-
 arch/x86/kvm/vmx/pmu_intel.c                       |  2 +-
 arch/x86/kvm/vmx/vmx.c                             | 41 ++++++++++++---
 arch/x86/kvm/vmx/vmx.h                             |  6 ++-
 .../testing/selftests/kvm/max_guest_memory_test.c  | 15 +++---
 .../testing/selftests/kvm/set_memory_region_test.c |  2 +-
 .../selftests/kvm/x86_64/pmu_counters_test.c       | 20 +++++++-
 .../selftests/kvm/x86_64/vmx_dirty_log_test.c      | 60 +++++++++++++++++-----
 virt/kvm/kvm_main.c                                |  3 +-
 virt/kvm/kvm_mm.h                                  |  6 +--
 virt/kvm/pfncache.c                                | 50 ++++++++++++------
 15 files changed, 194 insertions(+), 89 deletions(-)

Comments

Paolo Bonzini April 16, 2024, 4:55 p.m. UTC | #1
On Thu, Apr 11, 2024 at 10:35 PM Sean Christopherson <seanjc@google.com> wrote:
>
> Please pull a big pile of fixes for 6.9.  Many of these were sent even before
> the 6.9 merge window, but I was on vacation until rc2, and things piled up.
>
> The back half of the commits were _just_ rebased to drop my version of the
> LVTPC masking fixes, but that's your fault. :-)  For giggles, I also pushed
> kvm-x86 tags/kvm-x86-fixed-6.9-rcN-unrebased if you or anyone else want a paper
> trail for the pre-rebase commits.
>
> Note, there's a perf change in here that didn't get an Ack from anyone, but the
> fixes have been on-list for over a month, and I can't imagine anyone objecting
> to adding a new feature flag to x86_pmu_capability, which for all intents and
> purposes exists purely for KVM.
>
> Thanks!

Pulled, thanks.

Paolo

> The following changes since commit fec50db7033ea478773b159e0e2efb135270e3b7:
>
>   Linux 6.9-rc3 (2024-04-07 13:22:46 -0700)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-fixes-6.9-rcN
>
> for you to fetch changes up to eefb85b3f0310c2f4149c50cb9b13094ed1dde25:
>
>   KVM: Drop unused @may_block param from gfn_to_pfn_cache_invalidate_start() (2024-04-11 12:58:53 -0700)
>
> ----------------------------------------------------------------
> KVM fixes for 6.9-rcN:
>
>  - Fix a mostly benign bug in the gfn_to_pfn_cache infrastructure where KVM
>    would allow userspace to refresh the cache with a bogus GPA.  The bug has
>    existed for quite some time, but was exposed by a new sanity check added in
>    6.9 (to ensure a cache is either GPA-based or HVA-based).
>
>  - Drop an unused param from gfn_to_pfn_cache_invalidate_start() that got left
>    behind during a 6.9 cleanup.
>
>  - Disable support for virtualizing adaptive PEBS, as KVM's implementation is
>    architecturally broken and can leak host LBRs to the guest.
>
>  - Fix a bug where KVM neglects to set the enable bits for general purpose
>    counters in PERF_GLOBAL_CTRL when initializing the virtual PMU.  Both Intel
>    and AMD architectures require the bits to be set at RESET in order for v2
>    PMUs to be backwards compatible with software that was written for v1 PMUs,
>    i.e. for software that will never manually set the global enables.
>
>  - Disable LBR virtualization on CPUs that don't support LBR callstacks, as
>    KVM unconditionally uses PERF_SAMPLE_BRANCH_CALL_STACK when creating the
>    virtual LBR perf event, i.e. KVM will always fail to create LBR events on
>    such CPUs.
>
>  - Fix a math goof in x86's hugepage logic for KVM_SET_MEMORY_ATTRIBUTES that
>    results in an array overflow (detected by KASAN).
>
>  - Fix a flaw in the max_guest_memory selftest that results in it exhausting
>    the supply of ucall structures when run with more than 256 vCPUs.
>
>  - Mark KVM_MEM_READONLY as supported for RISC-V in set_memory_region_test.
>
>  - Fix a bug where KVM incorrectly thinks a TDP MMU root is an indirect shadow
>    root due KVM unnecessarily clobbering root_role.direct when userspace sets
>    guest CPUID.
>
>  - Fix a dirty logging bug in the where KVM fails to write-protect TDP MMU
>    SPTEs used for L2 if Page-Modification Logging is enabled for L1 and the L1
>    hypervisor is NOT using EPT (if nEPT is enabled, KVM doesn't use the TDP MMU
>    to run L2).  For simplicity, KVM always disables PML when running L2, but
>    the TDP MMU wasn't accounting for root-specific conditions that force write-
>    protect based dirty logging.
>
> ----------------------------------------------------------------
> Andrew Jones (1):
>       KVM: selftests: fix supported_flags for riscv
>
> David Matlack (4):
>       KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status
>       KVM: x86/mmu: Remove function comments above clear_dirty_{gfn_range,pt_masked}()
>       KVM: x86/mmu: Fix and clarify comments about clearing D-bit vs. write-protecting
>       KVM: selftests: Add coverage of EPT-disabled to vmx_dirty_log_test
>
> Maxim Levitsky (1):
>       KVM: selftests: fix max_guest_memory_test with more that 256 vCPUs
>
> Rick Edgecombe (1):
>       KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes
>
> Sean Christopherson (11):
>       KVM: Add helpers to consolidate gfn_to_pfn_cache's page split check
>       KVM: Check validity of offset+length of gfn_to_pfn_cache prior to activation
>       KVM: Explicitly disallow activatating a gfn_to_pfn_cache with INVALID_GPA
>       KVM: x86/pmu: Disable support for adaptive PEBS
>       KVM: x86/pmu: Set enable bits for GP counters in PERF_GLOBAL_CTRL at "RESET"
>       KVM: selftests: Verify post-RESET value of PERF_GLOBAL_CTRL in PMCs test
>       KVM: VMX: Snapshot LBR capabilities during module initialization
>       perf/x86/intel: Expose existence of callback support to KVM
>       KVM: VMX: Disable LBR virtualization if the CPU doesn't support LBR callstacks
>       KVM: x86/mmu: Precisely invalidate MMU root_role during CPUID update
>       KVM: Drop unused @may_block param from gfn_to_pfn_cache_invalidate_start()
>
> Tao Su (1):
>       KVM: VMX: Ignore MKTME KeyID bits when intercepting #PF for allow_smaller_maxphyaddr
>
>  arch/x86/events/intel/lbr.c                        |  1 +
>  arch/x86/include/asm/perf_event.h                  |  1 +
>  arch/x86/kvm/mmu/mmu.c                             |  9 ++--
>  arch/x86/kvm/mmu/tdp_mmu.c                         | 51 ++++++++----------
>  arch/x86/kvm/pmu.c                                 | 16 +++++-
>  arch/x86/kvm/vmx/pmu_intel.c                       |  2 +-
>  arch/x86/kvm/vmx/vmx.c                             | 41 ++++++++++++---
>  arch/x86/kvm/vmx/vmx.h                             |  6 ++-
>  .../testing/selftests/kvm/max_guest_memory_test.c  | 15 +++---
>  .../testing/selftests/kvm/set_memory_region_test.c |  2 +-
>  .../selftests/kvm/x86_64/pmu_counters_test.c       | 20 +++++++-
>  .../selftests/kvm/x86_64/vmx_dirty_log_test.c      | 60 +++++++++++++++++-----
>  virt/kvm/kvm_main.c                                |  3 +-
>  virt/kvm/kvm_mm.h                                  |  6 +--
>  virt/kvm/pfncache.c                                | 50 ++++++++++++------
>  15 files changed, 194 insertions(+), 89 deletions(-)
>