From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Sean Christopherson <seanjc@google.com>
Subject: [GIT PULL] KVM: x86: VMX changes for 6.15
Date: Tue, 18 Mar 2025 11:03:02 -0700 [thread overview]
Message-ID: <20250318180303.283401-8-seanjc@google.com> (raw)
In-Reply-To: <20250318180303.283401-1-seanjc@google.com>
Nothing major for VMX, mostly prep work for FRED virtualization.
The following changes since commit a64dcfb451e254085a7daee5fe51bf22959d52d3:
Linux 6.14-rc2 (2025-02-09 12:45:03 -0800)
are available in the Git repository at:
https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-6.15
for you to fetch changes up to 0c3566b63de860f6d42e3d9254890c00ac0970d7:
KVM: VMX: Extract checks on entry/exit control pairs to a helper macro (2025-03-03 07:45:54 -0800)
----------------------------------------------------------------
KVM VMX changes for 6.15
- Fix a bug where KVM unnecessarily reads XFD_ERR from hardware and thus
modifies the vCPU's XFD_ERR on a #NM due to CR0.TS=1.
- Pass XFD_ERR as a psueo-payload when injecting #NM as a preparatory step
for upcoming FRED virtualization support.
- Decouple the EPT entry RWX protection bit macros from the EPT Violation bits
as a general cleanup, and in anticipation of adding support for emulating
Mode-Based Execution (MBEC).
- Reject KVM_RUN if userspace manages to gain control and stuff invalid guest
state while KVM is in the middle of emulating nested VM-Enter.
- Add a macro to handle KVM's sanity checks on entry/exit VMCS control pairs
in anticipation of adding sanity checks for secondary exit controls (the
primary field is out of bits).
----------------------------------------------------------------
Nikolay Borisov (1):
KVM: VMX: Remove EPT_VIOLATIONS_ACC_*_BIT defines
Sean Christopherson (5):
KVM: VMX: Don't modify guest XFD_ERR if CR0.TS=1
KVM: VMX: Pass XFD_ERR as pseudo-payload when injecting #NM
KVM: nVMX: Decouple EPT RWX bits from EPT Violation protection bits
KVM: VMX: Reject KVM_RUN if userspace forces emulation during nested VM-Enter
KVM: VMX: Extract checks on entry/exit control pairs to a helper macro
arch/x86/include/asm/vmx.h | 28 ++++++-----
arch/x86/kvm/mmu/paging_tmpl.h | 3 +-
arch/x86/kvm/vmx/vmx.c | 106 +++++++++++++++++++++++++++++------------
3 files changed, 92 insertions(+), 45 deletions(-)
next prev parent reply other threads:[~2025-03-18 18:03 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-18 18:02 [GIT PULL] KVM: x86: Changes for 6.15 Sean Christopherson
2025-03-18 18:02 ` [GIT PULL] KVM: x86: Misc changes " Sean Christopherson
2025-03-18 18:02 ` [GIT PULL] KVM: x86: MMU " Sean Christopherson
2025-03-18 18:02 ` [GIT PULL] KVM: x86: PV clock " Sean Christopherson
2025-03-18 18:02 ` [GIT PULL] KVM: Selftests changes for 6.15, part 2 Sean Christopherson
2025-03-18 18:03 ` [GIT PULL] KVM: Selftests changes for 6.15, part 1 Sean Christopherson
2025-03-18 18:03 ` [GIT PULL] KVM: x86: SVM changes for 6.15 Sean Christopherson
2025-03-18 18:03 ` Sean Christopherson [this message]
2025-03-18 18:03 ` [GIT PULL] KVM: x86: Xen " Sean Christopherson
2025-03-19 17:53 ` [GIT PULL] KVM: x86: Changes " Paolo Bonzini
2025-03-19 19:42 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250318180303.283401-8-seanjc@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox