[GIT PULL] KVM: x86 pull requests for 6.12

[GIT PULL] KVM: x86 pull requests for 6.12

[Sean Christopherson]

There's a trivial (and amusing) conflict with KVM s390 in the selftests pull
request (we both added "config" to the .gitignore, within a few days of each
other, after the goof being around for a good year or more).

Note, the pull requests are relative to v6.11-rc4.  I got a late start, and for
some reason thought kvm/next would magically end up on rc4 or later.

Note #2, I had a brainfart and put the testcase for verifying KVM's fastpath
correctly exits to userspace when needed in selftests, whereas the actual KVM
fix is in misc.  So if you run KVM selftests in the middle of pulling everything,
expect the debug_regs test to fail.

[GIT PULL] KVM: Common changes for 6.12

[Sean Christopherson]

Fix a long-standing goof in the coalesced IO code, and a lurking bug in
kvm_clear_guest().

The following changes since commit 47ac09b91befbb6a235ab620c32af719f8208399:

  Linux 6.11-rc4 (2024-08-18 13:17:27 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-generic-6.12

for you to fetch changes up to 025dde582bbf31e7618f9283594ef5e2408e384b:

  KVM: Harden guest memory APIs against out-of-bounds accesses (2024-09-09 20:15:34 -0700)

----------------------------------------------------------------
KVK generic changes for 6.12:

 - Fix a bug that results in KVM prematurely exiting to userspace for coalesced
   MMIO/PIO in many cases, clean up the related code, and add a testcase.

 - Fix a bug in kvm_clear_guest() where it would trigger a buffer overflow _if_
   the gpa+len crosses a page boundary, which thankfully is guaranteed to not
   happen in the current code base.  Add WARNs in more helpers that read/write
   guest memory to detect similar bugs.

----------------------------------------------------------------
Ilias Stamatis (1):
      KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit

Sean Christopherson (4):
      KVM: selftests: Add a test for coalesced MMIO (and PIO on x86)
      KVM: Clean up coalesced MMIO ring full check
      KVM: Write the per-page "segment" when clearing (part of) a guest page
      KVM: Harden guest memory APIs against out-of-bounds accesses

 tools/testing/selftests/kvm/Makefile            |   3 +
 tools/testing/selftests/kvm/coalesced_io_test.c | 236 ++++++++++++++++++++++++
 tools/testing/selftests/kvm/include/kvm_util.h  |  26 +++
 virt/kvm/coalesced_mmio.c                       |  31 +---
 virt/kvm/kvm_main.c                             |  11 +-
 5 files changed, 283 insertions(+), 24 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/coalesced_io_test.c

[GIT PULL] KVM: x86: Misc changes for 6.12

[Sean Christopherson]

The highlight is a rework of the userspace MSR access code to automatically
suppress errors on disallowed accesses to advertised-but-unsupported MSRs.
Unfortunately, actually removing all of the !host_initiated exemptions in KVM
is decidely non-trivial, so realizing most the benefits will have to wait
(though this should make life much easier for CET enabling).

The lowlight is a rework of the x2APIC ICR handling.  KVM jumped through hoops
to deal with Intel CPUs storing the full 64-bit value at the ICR offset in the
vAPIC page, and then AMD (x2AVIC) came along and continued to split the value
to the legacy ICR and ICR2 offsets.  *sigh*

The following changes since commit 47ac09b91befbb6a235ab620c32af719f8208399:

  Linux 6.11-rc4 (2024-08-18 13:17:27 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-misc-6.12

for you to fetch changes up to 4ca077f26d885cbc97e742a5f3572aac244a0f8a:

  KVM: x86: Remove some unused declarations (2024-09-09 20:12:43 -0700)

----------------------------------------------------------------
KVM x86 misc changes for 6.12

 - Advertise AVX10.1 to userspace (effectively prep work for the "real" AVX10
   functionality that is on the horizon).

 - Rework common MSR handling code to suppress errors on userspace accesses to
   unsupported-but-advertised MSRs.  This will allow removing (almost?) all of
   KVM's exemptions for userspace access to MSRs that shouldn't exist based on
   the vCPU model (the actual cleanup is non-trivial future work).

 - Rework KVM's handling of x2APIC ICR, again, because AMD (x2AVIC) splits the
   64-bit value into the legacy ICR and ICR2 storage, whereas Intel (APICv)
   stores the entire 64-bit value a the ICR offset.

 - Fix a bug where KVM would fail to exit to userspace if one was triggered by
   a fastpath exit handler.

 - Add fastpath handling of HLT VM-Exit to expedite re-entering the guest when
   there's already a pending wake event at the time of the exit.

 - Finally fix the RSM vs. nested VM-Enter WARN by forcing the vCPU out of
   guest mode prior to signalling SHUTDOWN (architecturally, the SHUTDOWN is
   supposed to hit L1, not L2).

----------------------------------------------------------------
Li Chen (1):
      KVM: x86: Use this_cpu_ptr() in kvm_user_return_msr_cpu_online

Sean Christopherson (26):
      KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value
      KVM: x86: Move MSR_TYPE_{R,W,RW} values from VMX to x86, as enums
      KVM: x86: Rename KVM_MSR_RET_INVALID to KVM_MSR_RET_UNSUPPORTED
      KVM: x86: Refactor kvm_x86_ops.get_msr_feature() to avoid kvm_msr_entry
      KVM: x86: Rename get_msr_feature() APIs to get_feature_msr()
      KVM: x86: Refactor kvm_get_feature_msr() to avoid struct kvm_msr_entry
      KVM: x86: Funnel all fancy MSR return value handling into a common helper
      KVM: x86: Hoist x86.c's global msr_* variables up above kvm_do_msr_access()
      KVM: x86: Suppress failures on userspace access to advertised, unsupported MSRs
      KVM: x86: Suppress userspace access failures on unsupported, "emulated" MSRs
      KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits
      KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode()
      KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC)
      KVM: selftests: Open code vcpu_run() equivalent in guest_printf test
      KVM: selftests: Report unhandled exceptions on x86 as regular guest asserts
      KVM: selftests: Add x86 helpers to play nice with x2APIC MSR #GPs
      KVM: selftests: Skip ICR.BUSY test in xapic_state_test if x2APIC is enabled
      KVM: selftests: Test x2APIC ICR reserved bits
      KVM: selftests: Verify the guest can read back the x2APIC ICR it wrote
      KVM: selftests: Play nice with AMD's AVIC errata
      KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful
      KVM: x86: Dedup fastpath MSR post-handling logic
      KVM: x86: Exit to userspace if fastpath triggers one on instruction skip
      KVM: x86: Reorganize code in x86.c to co-locate vCPU blocking/running helpers
      KVM: x86: Add fastpath handling of HLT VM-Exits
      KVM: x86: Forcibly leave nested if RSM to L2 hits shutdown

Tao Su (1):
      KVM: x86: Advertise AVX10.1 CPUID to userspace

Thorsten Blum (1):
      KVM: x86: Optimize local variable in start_sw_tscdeadline()

Yue Haibing (1):
      KVM: x86: Remove some unused declarations

 arch/x86/include/asm/cpuid.h                       |   1 +
 arch/x86/include/asm/kvm-x86-ops.h                 |   2 +-
 arch/x86/include/asm/kvm_host.h                    |   5 +-
 arch/x86/kvm/cpuid.c                               |  30 +-
 arch/x86/kvm/lapic.c                               |  75 +-
 arch/x86/kvm/lapic.h                               |   1 -
 arch/x86/kvm/mmu.h                                 |   2 -
 arch/x86/kvm/mmu/mmu_internal.h                    |   2 -
 arch/x86/kvm/reverse_cpuid.h                       |   8 +
 arch/x86/kvm/smm.c                                 |  24 +-
 arch/x86/kvm/svm/svm.c                             |  44 +-
 arch/x86/kvm/vmx/main.c                            |   4 +-
 arch/x86/kvm/vmx/vmx.c                             |  10 +-
 arch/x86/kvm/vmx/vmx.h                             |   4 -
 arch/x86/kvm/vmx/x86_ops.h                         |   2 +-
 arch/x86/kvm/x86.c                                 | 841 +++++++++++----------
 arch/x86/kvm/x86.h                                 |  28 +-
 tools/testing/selftests/kvm/guest_print_test.c     |  19 +-
 tools/testing/selftests/kvm/include/x86_64/apic.h  |  21 +-
 tools/testing/selftests/kvm/lib/x86_64/processor.c |   8 +-
 .../selftests/kvm/x86_64/xapic_state_test.c        |  54 +-
 21 files changed, 681 insertions(+), 504 deletions(-)

[GIT PULL] KVM: x86: MMU changes for 6.12

[Sean Christopherson]

The bulk of the changes are to clean up the thorny "unprotect and retry" mess
that grew over time.  The other notable change is to support yielding in the
shadow MMU when zapping rmaps (simply a historic oversight, AFAICT).

The following changes since commit 47ac09b91befbb6a235ab620c32af719f8208399:

  Linux 6.11-rc4 (2024-08-18 13:17:27 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-mmu-6.12

for you to fetch changes up to 9a5bff7f5ec2383e3edac5eda561b52e267ccbb5:

  KVM: x86/mmu: Use KVM_PAGES_PER_HPAGE() instead of an open coded equivalent (2024-09-09 20:22:08 -0700)

----------------------------------------------------------------
KVM x86 MMU changes for 6.12:

 - Overhaul the "unprotect and retry" logic to more precisely identify cases
   where retrying is actually helpful, and to harden all retry paths against
   putting the guest into an infinite retry loop.

 - Add support for yielding, e.g. to honor NEED_RESCHED, when zapping rmaps in
   the shadow MMU.

 - Refactor pieces of the shadow MMU related to aging SPTEs in prepartion for
   adding MGLRU support in KVM.

 - Misc cleanups

----------------------------------------------------------------
Sean Christopherson (33):
      KVM: x86/mmu: Clean up function comments for dirty logging APIs
      KVM: x86/mmu: Decrease indentation in logic to sync new indirect shadow page
      KVM: x86/mmu: Drop pointless "return" wrapper label in FNAME(fetch)
      KVM: x86/mmu: Reword a misleading comment about checking gpte_changed()
      KVM: x86/mmu: Replace PFERR_NESTED_GUEST_PAGE with a more descriptive helper
      KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults
      KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected
      KVM: x86: Retry to-be-emulated insn in "slow" unprotect path iff sp is zapped
      KVM: x86: Get RIP from vCPU state when storing it to last_retry_eip
      KVM: x86: Store gpa as gpa_t, not unsigned long, when unprotecting for retry
      KVM: x86/mmu: Apply retry protection to "fast nTDP unprotect" path
      KVM: x86/mmu: Try "unprotect for retry" iff there are indirect SPs
      KVM: x86: Move EMULTYPE_ALLOW_RETRY_PF to x86_emulate_instruction()
      KVM: x86: Fold retry_instruction() into x86_emulate_instruction()
      KVM: x86/mmu: Don't try to unprotect an INVALID_GPA
      KVM: x86/mmu: Always walk guest PTEs with WRITE access when unprotecting
      KVM: x86/mmu: Move event re-injection unprotect+retry into common path
      KVM: x86: Remove manual pfn lookup when retrying #PF after failed emulation
      KVM: x86: Check EMULTYPE_WRITE_PF_TO_SP before unprotecting gfn
      KVM: x86: Apply retry protection to "unprotect on failure" path
      KVM: x86: Update retry protection fields when forcing retry on emulation failure
      KVM: x86: Rename reexecute_instruction()=>kvm_unprotect_and_retry_on_failure()
      KVM: x86/mmu: Subsume kvm_mmu_unprotect_page() into the and_retry() version
      KVM: x86/mmu: Detect if unprotect will do anything based on invalid_list
      KVM: x86/mmu: WARN on MMIO cache hit when emulating write-protected gfn
      KVM: x86/mmu: Move walk_slot_rmaps() up near for_each_slot_rmap_range()
      KVM: x86/mmu: Plumb a @can_yield parameter into __walk_slot_rmaps()
      KVM: x86/mmu: Add a helper to walk and zap rmaps for a memslot
      KVM: x86/mmu: Honor NEED_RESCHED when zapping rmaps and blocking is allowed
      KVM: x86/mmu: Morph kvm_handle_gfn_range() into an aging specific helper
      KVM: x86/mmu: Fold mmu_spte_age() into kvm_rmap_age_gfn_range()
      KVM: x86/mmu: Add KVM_RMAP_MANY to replace open coded '1' and '1ul' literals
      KVM: x86/mmu: Use KVM_PAGES_PER_HPAGE() instead of an open coded equivalent

 arch/x86/include/asm/kvm_host.h |  14 +-
 arch/x86/kvm/mmu/mmu.c          | 522 ++++++++++++++++++++++------------------
 arch/x86/kvm/mmu/mmu_internal.h |   3 +
 arch/x86/kvm/mmu/mmutrace.h     |   1 +
 arch/x86/kvm/mmu/paging_tmpl.h  |  63 ++---
 arch/x86/kvm/mmu/tdp_mmu.c      |   6 +-
 arch/x86/kvm/x86.c              | 133 +++-------
 7 files changed, 368 insertions(+), 374 deletions(-)

[GIT PULL] KVM: x86: VMX and PAT MSRs cleanup

[Sean Christopherson]

The theme of this pull request is to clean up the VMX MSR macros.  The PAT MSR
changes (reviewed by tglx) are included here as they allowed for an even more
aggressive cleanup of the VMX macros related to memtypes, e.g. for specifying
the EPT walk memtype in EPTPs.

The following changes since commit 47ac09b91befbb6a235ab620c32af719f8208399:

  Linux 6.11-rc4 (2024-08-18 13:17:27 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-pat_vmx_msrs-6.12

for you to fetch changes up to 566975f6ecd85247bd8989884d7b909d5a456da1:

  KVM: nVMX: Use macros and #defines in vmx_restore_vmx_misc() (2024-08-22 11:25:54 -0700)

----------------------------------------------------------------
KVM VMX and x86 PAT MSR macro cleanup for 6.12:

 - Add common defines for the x86 architectural memory types, i.e. the types
   that are shared across PAT, MTRRs, VMCSes, and EPTPs.

 - Clean up the various VMX MSR macros to make the code self-documenting
   (inasmuch as possible), and to make it less painful to add new macros.

----------------------------------------------------------------
Sean Christopherson (5):
      x86/cpu: KVM: Add common defines for architectural memory types (PAT, MTRRs, etc.)
      x86/cpu: KVM: Move macro to encode PAT value to common header
      KVM: x86: Stuff vCPU's PAT with default value at RESET, not creation
      KVM: nVMX: Add a helper to encode VMCS info in MSR_IA32_VMX_BASIC
      KVM VMX: Move MSR_IA32_VMX_MISC bit defines to asm/vmx.h

Xin Li (5):
      KVM: VMX: Move MSR_IA32_VMX_BASIC bit defines to asm/vmx.h
      KVM: VMX: Track CPU's MSR_IA32_VMX_BASIC as a single 64-bit value
      KVM: nVMX: Use macros and #defines in vmx_restore_vmx_basic()
      KVM: VMX: Open code VMX preemption timer rate mask in its accessor
      KVM: nVMX: Use macros and #defines in vmx_restore_vmx_misc()

 arch/x86/include/asm/msr-index.h | 34 +++++++++++++---------
 arch/x86/include/asm/vmx.h       | 40 +++++++++++++++++++-------
 arch/x86/kernel/cpu/mtrr/mtrr.c  |  6 ++++
 arch/x86/kvm/vmx/capabilities.h  | 10 +++----
 arch/x86/kvm/vmx/nested.c        | 62 +++++++++++++++++++++++++++-------------
 arch/x86/kvm/vmx/nested.h        |  2 +-
 arch/x86/kvm/vmx/vmx.c           | 30 +++++++++----------
 arch/x86/kvm/x86.c               |  4 +--
 arch/x86/kvm/x86.h               |  3 +-
 arch/x86/mm/pat/memtype.c        | 36 +++++++----------------
 10 files changed, 132 insertions(+), 95 deletions(-)

[GIT PULL] KVM: Selftests changes for 6.12

[Sean Christopherson]

As mentioned in the cover letter, the tools/testing/selftests/kvm/.gitignore
change will conflict with the s390 pull request.  Easiest solution should be to
just take my changes (they're a strict superset).

The other notable selftests related change isn't part of this pull request.  I
posted a mini-series to use the canonical $(ARCH) paths for KVM selftests
directories[*], e.g. arm64 instead of aarch64.  My plan is to send a v2 after
all the arch pull requests are merged and try to squeeze it into the back half
of the merge window (I kinda forgot about LPC and KVM Forum, but I'm crossing
my fingers here will be minimal conflicts).

[*] https://lore.kernel.org/all/20240826190116.145945-1-seanjc@google.com

The following changes since commit 47ac09b91befbb6a235ab620c32af719f8208399:

  Linux 6.11-rc4 (2024-08-18 13:17:27 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-selftests-6.12

for you to fetch changes up to c32e028057f144f15c06e2f09dfec49b14311910:

  KVM: selftests: Verify single-stepping a fastpath VM-Exit exits to userspace (2024-09-09 20:12:12 -0700)

----------------------------------------------------------------
KVM selftests changes for 6.12:

 - Fix a goof that caused some Hyper-V tests to be skipped when run on bare
   metal, i.e. NOT in a VM.

 - Add a regression test for KVM's handling of SHUTDOWN for an SEV-ES guest.

 - Explicitly include one-off assets in .gitignore.  Past Sean was completely
   wrong about not being able to detect missing .gitignore entries.

 - Verify userspace single-stepping works when KVM happens to handle a VM-Exit
   in its fastpath.

 - Misc cleanups

----------------------------------------------------------------
Peter Gonda (1):
      KVM: selftests: Add SEV-ES shutdown test

Sean Christopherson (4):
      KVM: selftests: Remove unused kvm_memcmp_hva_gva()
      KVM: selftests: Always unlink memory regions when deleting (VM free)
      KVM: selftests: Explicitly include committed one-off assets in .gitignore
      KVM: selftests: Verify single-stepping a fastpath VM-Exit exits to userspace

Vitaly Kuznetsov (2):
      KVM: selftests: Move Hyper-V specific functions out of processor.c
      KVM: selftests: Re-enable hyperv_evmcs/hyperv_svm_test on bare metal

 tools/testing/selftests/kvm/.gitignore             |  4 +
 tools/testing/selftests/kvm/include/kvm_util.h     |  2 -
 .../testing/selftests/kvm/include/x86_64/hyperv.h  | 18 +++++
 .../selftests/kvm/include/x86_64/processor.h       |  7 +-
 tools/testing/selftests/kvm/lib/kvm_util.c         | 85 ++--------------------
 tools/testing/selftests/kvm/lib/x86_64/hyperv.c    | 67 +++++++++++++++++
 tools/testing/selftests/kvm/lib/x86_64/processor.c | 61 ----------------
 tools/testing/selftests/kvm/x86_64/debug_regs.c    | 11 ++-
 tools/testing/selftests/kvm/x86_64/hyperv_evmcs.c  |  2 +-
 .../testing/selftests/kvm/x86_64/hyperv_svm_test.c |  2 +-
 .../testing/selftests/kvm/x86_64/sev_smoke_test.c  | 32 ++++++++
 .../testing/selftests/kvm/x86_64/xen_vmcall_test.c |  1 +
 12 files changed, 141 insertions(+), 151 deletions(-)

[GIT PULL] KVM: x86: SVM changes for 6.12

[Sean Christopherson]

I got nothing clever or interesting to say for this one.

The following changes since commit 47ac09b91befbb6a235ab620c32af719f8208399:

  Linux 6.11-rc4 (2024-08-18 13:17:27 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.12

for you to fetch changes up to 4440337af4d415c8abf8b9b0e10c79b7518e6e3c:

  KVM: SVM: let alternatives handle the cases when RSB filling is required (2024-09-10 10:27:53 -0700)

----------------------------------------------------------------
KVM SVM changes for 6.12:

 - Don't stuff the RSB after VM-Exit when RETPOLINE=y and AutoIBRS is enabled,
   i.e. when the CPU has already flushed the RSB.

 - Trace the per-CPU host save area as a VMCB pointer to improve readability
   and cleanup the retrieval of the SEV-ES host save area.

 - Remove unnecessary accounting of temporary nested VMCB related allocations.

----------------------------------------------------------------
Amit Shah (1):
      KVM: SVM: let alternatives handle the cases when RSB filling is required

Sean Christopherson (3):
      KVM: SVM: Add a helper to convert a SME-aware PA back to a struct page
      KVM: SVM: Add host SEV-ES save area structure into VMCB via a union
      KVM: SVM: Track the per-CPU host save area as a VMCB pointer

Yongqiang Liu (1):
      KVM: SVM: Remove unnecessary GFP_KERNEL_ACCOUNT in svm_set_nested_state()

 arch/x86/include/asm/svm.h | 20 +++++++++++++++-----
 arch/x86/kvm/svm/nested.c  |  4 ++--
 arch/x86/kvm/svm/svm.c     | 24 ++++++++++++------------
 arch/x86/kvm/svm/svm.h     | 18 ++++++++++++++++--
 arch/x86/kvm/svm/vmenter.S |  8 ++------
 5 files changed, 47 insertions(+), 27 deletions(-)

[GIT PULL] KVM: x86: VMX changes for 6.12

[Sean Christopherson]

The highlight is a fix for nested posted interrupts that shows up on CPUs with
IPI virtualization.  If KVM ends up handling an L1 virtual IRQ for L2's posted
interrupt notification vector, KVM will incorrectly synthesize a VM-Exit to L1
instead of processing pending posted interrupts.

I am very confident in the fix itself.  The refactorings to land the fix without
creating a TOCTOU bug on the other hand...  I did my best to test that I didn't
botch anything, but my first attempt went poorly, and as a result the changes
haven't been in -next for as long as I'd normally prefer.

The following changes since commit 47ac09b91befbb6a235ab620c32af719f8208399:

  Linux 6.11-rc4 (2024-08-18 13:17:27 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-6.12

for you to fetch changes up to f3009482512eb057e7161214a068c6bd7bae83a4:

  KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (2024-09-09 20:33:22 -0700)

----------------------------------------------------------------
KVM VMX changes for 6.12:

 - Set FINAL/PAGE in the page fault error code for EPT Violations if and only
   if the GVA is valid.  If the GVA is NOT valid, there is no guest-side page
   table walk and so stuffing paging related metadata is nonsensical.

 - Fix a bug where KVM would incorrectly synthesize a nested VM-Exit instead of
   emulating posted interrupt delivery to L2.

 - Add a lockdep assertion to detect unsafe accesses of vmcs12 structures.

 - Harden eVMCS loading against an impossible NULL pointer deref (really truly
   should be impossible).

 - Minor SGX fix and a cleanup.

----------------------------------------------------------------
Kai Huang (2):
      KVM: VMX: Do not account for temporary memory allocation in ECREATE emulation
      KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled

Maxim Levitsky (1):
      KVM: nVMX: Use vmx_segment_cache_clear() instead of open coded equivalent

Qiang Liu (1):
      KVM: VMX: Modify the BUILD_BUG_ON_MSG of the 32-bit field in the vmcs_check16 function

Sean Christopherson (9):
      KVM: nVMX: Honor userspace MSR filter lists for nested VM-Enter/VM-Exit
      KVM: x86: Move "ack" phase of local APIC IRQ delivery to separate API
      KVM: nVMX: Get to-be-acknowledge IRQ for nested VM-Exit at injection site
      KVM: nVMX: Suppress external interrupt VM-Exit injection if there's no IRQ
      KVM: nVMX: Detect nested posted interrupt NV at nested VM-Exit injection
      KVM: x86: Fold kvm_get_apic_interrupt() into kvm_cpu_get_interrupt()
      KVM: nVMX: Explicitly invalidate posted_intr_nv if PI is disabled at VM-Enter
      KVM: nVMX: Assert that vcpu->mutex is held when accessing secondary VMCSes
      KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid

Vitaly Kuznetsov (1):
      KVM: VMX: hyper-v: Prevent impossible NULL pointer dereference in evmcs_load()

 Documentation/virt/kvm/api.rst  | 23 ++++++++++---
 arch/x86/include/asm/kvm_host.h |  3 ++
 arch/x86/kvm/irq.c              | 10 ++++--
 arch/x86/kvm/lapic.c            |  9 +++---
 arch/x86/kvm/lapic.h            |  2 +-
 arch/x86/kvm/vmx/nested.c       | 72 ++++++++++++++++++++++++++++++-----------
 arch/x86/kvm/vmx/nested.h       |  6 ++++
 arch/x86/kvm/vmx/sgx.c          |  2 +-
 arch/x86/kvm/vmx/vmx.c          | 17 ++++++----
 arch/x86/kvm/vmx/vmx.h          |  5 +++
 arch/x86/kvm/vmx/vmx_onhyperv.h |  8 +++++
 arch/x86/kvm/vmx/vmx_ops.h      |  2 +-
 arch/x86/kvm/x86.c              |  6 ++--
 13 files changed, 124 insertions(+), 41 deletions(-)

Re: [GIT PULL] KVM: Common changes for 6.12

[Paolo Bonzini]

On Sat, Sep 14, 2024 at 3:14 AM Sean Christopherson <seanjc@google.com> wrote:
>
> Fix a long-standing goof in the coalesced IO code, and a lurking bug in
> kvm_clear_guest().
>
> The following changes since commit 47ac09b91befbb6a235ab620c32af719f8208399:
>
>   Linux 6.11-rc4 (2024-08-18 13:17:27 -0700)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-generic-6.12
>
> for you to fetch changes up to 025dde582bbf31e7618f9283594ef5e2408e384b:
>
>   KVM: Harden guest memory APIs against out-of-bounds accesses (2024-09-09 20:15:34 -0700)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> KVK generic changes for 6.12:
>
>  - Fix a bug that results in KVM prematurely exiting to userspace for coalesced
>    MMIO/PIO in many cases, clean up the related code, and add a testcase.
>
>  - Fix a bug in kvm_clear_guest() where it would trigger a buffer overflow _if_
>    the gpa+len crosses a page boundary, which thankfully is guaranteed to not
>    happen in the current code base.  Add WARNs in more helpers that read/write
>    guest memory to detect similar bugs.
>
> ----------------------------------------------------------------
> Ilias Stamatis (1):
>       KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit
>
> Sean Christopherson (4):
>       KVM: selftests: Add a test for coalesced MMIO (and PIO on x86)
>       KVM: Clean up coalesced MMIO ring full check
>       KVM: Write the per-page "segment" when clearing (part of) a guest page
>       KVM: Harden guest memory APIs against out-of-bounds accesses
>
>  tools/testing/selftests/kvm/Makefile            |   3 +
>  tools/testing/selftests/kvm/coalesced_io_test.c | 236 ++++++++++++++++++++++++
>  tools/testing/selftests/kvm/include/kvm_util.h  |  26 +++
>  virt/kvm/coalesced_mmio.c                       |  31 +---
>  virt/kvm/kvm_main.c                             |  11 +-
>  5 files changed, 283 insertions(+), 24 deletions(-)
>  create mode 100644 tools/testing/selftests/kvm/coalesced_io_test.c
>

Re: [GIT PULL] KVM: x86: MMU changes for 6.12

[Paolo Bonzini]

On Sat, Sep 14, 2024 at 3:14 AM Sean Christopherson <seanjc@google.com> wrote:
>
> The bulk of the changes are to clean up the thorny "unprotect and retry" mess
> that grew over time.  The other notable change is to support yielding in the
> shadow MMU when zapping rmaps (simply a historic oversight, AFAICT).

This conflicts with the "zap modified memslot only" series that is in kvm/next.

The resolution is nice since it's possible to reuse the new
kvm_unmap_gfn_range()

diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 8cd758913282..1f59781351f9 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -7064,17 +7064,10 @@ static void kvm_mmu_zap_memslot_leafs(
         .end = slot->base_gfn + slot->npages,
         .may_block = true,
     };
-    bool flush = false;

     write_lock(&kvm->mmu_lock);

-    if (kvm_memslots_have_rmaps(kvm))
-        flush = kvm_handle_gfn_range(kvm, &range, kvm_zap_rmap);
-
-    if (tdp_mmu_enabled)
-        flush = kvm_tdp_mmu_unmap_gfn_range(kvm, &range, flush);
-
-    if (flush)
+    if (kvm_unmap_gfn_range(kvm, &range))
         kvm_flush_remote_tlbs_memslot(kvm, slot);

     write_unlock(&kvm->mmu_lock);

(Pardon the whitespace damage!)

Paolo

> The following changes since commit 47ac09b91befbb6a235ab620c32af719f8208399:
>
>   Linux 6.11-rc4 (2024-08-18 13:17:27 -0700)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-mmu-6.12
>
> for you to fetch changes up to 9a5bff7f5ec2383e3edac5eda561b52e267ccbb5:
>
>   KVM: x86/mmu: Use KVM_PAGES_PER_HPAGE() instead of an open coded equivalent (2024-09-09 20:22:08 -0700)
>
> ----------------------------------------------------------------
> KVM x86 MMU changes for 6.12:
>
>  - Overhaul the "unprotect and retry" logic to more precisely identify cases
>    where retrying is actually helpful, and to harden all retry paths against
>    putting the guest into an infinite retry loop.
>
>  - Add support for yielding, e.g. to honor NEED_RESCHED, when zapping rmaps in
>    the shadow MMU.
>
>  - Refactor pieces of the shadow MMU related to aging SPTEs in prepartion for
>    adding MGLRU support in KVM.
>
>  - Misc cleanups
>
> ----------------------------------------------------------------
> Sean Christopherson (33):
>       KVM: x86/mmu: Clean up function comments for dirty logging APIs
>       KVM: x86/mmu: Decrease indentation in logic to sync new indirect shadow page
>       KVM: x86/mmu: Drop pointless "return" wrapper label in FNAME(fetch)
>       KVM: x86/mmu: Reword a misleading comment about checking gpte_changed()
>       KVM: x86/mmu: Replace PFERR_NESTED_GUEST_PAGE with a more descriptive helper
>       KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults
>       KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected
>       KVM: x86: Retry to-be-emulated insn in "slow" unprotect path iff sp is zapped
>       KVM: x86: Get RIP from vCPU state when storing it to last_retry_eip
>       KVM: x86: Store gpa as gpa_t, not unsigned long, when unprotecting for retry
>       KVM: x86/mmu: Apply retry protection to "fast nTDP unprotect" path
>       KVM: x86/mmu: Try "unprotect for retry" iff there are indirect SPs
>       KVM: x86: Move EMULTYPE_ALLOW_RETRY_PF to x86_emulate_instruction()
>       KVM: x86: Fold retry_instruction() into x86_emulate_instruction()
>       KVM: x86/mmu: Don't try to unprotect an INVALID_GPA
>       KVM: x86/mmu: Always walk guest PTEs with WRITE access when unprotecting
>       KVM: x86/mmu: Move event re-injection unprotect+retry into common path
>       KVM: x86: Remove manual pfn lookup when retrying #PF after failed emulation
>       KVM: x86: Check EMULTYPE_WRITE_PF_TO_SP before unprotecting gfn
>       KVM: x86: Apply retry protection to "unprotect on failure" path
>       KVM: x86: Update retry protection fields when forcing retry on emulation failure
>       KVM: x86: Rename reexecute_instruction()=>kvm_unprotect_and_retry_on_failure()
>       KVM: x86/mmu: Subsume kvm_mmu_unprotect_page() into the and_retry() version
>       KVM: x86/mmu: Detect if unprotect will do anything based on invalid_list
>       KVM: x86/mmu: WARN on MMIO cache hit when emulating write-protected gfn
>       KVM: x86/mmu: Move walk_slot_rmaps() up near for_each_slot_rmap_range()
>       KVM: x86/mmu: Plumb a @can_yield parameter into __walk_slot_rmaps()
>       KVM: x86/mmu: Add a helper to walk and zap rmaps for a memslot
>       KVM: x86/mmu: Honor NEED_RESCHED when zapping rmaps and blocking is allowed
>       KVM: x86/mmu: Morph kvm_handle_gfn_range() into an aging specific helper
>       KVM: x86/mmu: Fold mmu_spte_age() into kvm_rmap_age_gfn_range()
>       KVM: x86/mmu: Add KVM_RMAP_MANY to replace open coded '1' and '1ul' literals
>       KVM: x86/mmu: Use KVM_PAGES_PER_HPAGE() instead of an open coded equivalent
>
>  arch/x86/include/asm/kvm_host.h |  14 +-
>  arch/x86/kvm/mmu/mmu.c          | 522 ++++++++++++++++++++++------------------
>  arch/x86/kvm/mmu/mmu_internal.h |   3 +
>  arch/x86/kvm/mmu/mmutrace.h     |   1 +
>  arch/x86/kvm/mmu/paging_tmpl.h  |  63 ++---
>  arch/x86/kvm/mmu/tdp_mmu.c      |   6 +-
>  arch/x86/kvm/x86.c              | 133 +++-------
>  7 files changed, 368 insertions(+), 374 deletions(-)
>

Re: [GIT PULL] KVM: x86 pull requests for 6.12

[Paolo Bonzini]

On Sat, Sep 14, 2024 at 3:13 AM Sean Christopherson <seanjc@google.com> wrote:
> There's a trivial (and amusing) conflict with KVM s390 in the selftests pull
> request (we both added "config" to the .gitignore, within a few days of each
> other, after the goof being around for a good year or more).
>
> Note, the pull requests are relative to v6.11-rc4.  I got a late start, and for
> some reason thought kvm/next would magically end up on rc4 or later.
>
> Note #2, I had a brainfart and put the testcase for verifying KVM's fastpath
> correctly exits to userspace when needed in selftests, whereas the actual KVM
> fix is in misc.  So if you run KVM selftests in the middle of pulling everything,
> expect the debug_regs test to fail.

Pulled all, thanks. Due to combination of being recovering from flu +
preparing to travel I will probably spend not be able to run tests for
a few days, but everything should be okay for the merge window.

Paolo

Re: [GIT PULL] KVM: x86 pull requests for 6.12

[Paolo Bonzini]

On Sat, Sep 14, 2024 at 4:54 PM Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> On Sat, Sep 14, 2024 at 3:13 AM Sean Christopherson <seanjc@google.com> wrote:
> > There's a trivial (and amusing) conflict with KVM s390 in the selftests pull
> > request (we both added "config" to the .gitignore, within a few days of each
> > other, after the goof being around for a good year or more).
> >
> > Note, the pull requests are relative to v6.11-rc4.  I got a late start, and for
> > some reason thought kvm/next would magically end up on rc4 or later.
> >
> > Note #2, I had a brainfart and put the testcase for verifying KVM's fastpath
> > correctly exits to userspace when needed in selftests, whereas the actual KVM
> > fix is in misc.  So if you run KVM selftests in the middle of pulling everything,
> > expect the debug_regs test to fail.
>
> Pulled all, thanks. Due to combination of being recovering from flu +
> preparing to travel I will probably spend not be able to run tests for
> a few days, but everything should be okay for the merge window.

Hmm, I tried running tests in a slightly non-standard way (compiling
the will-be-6.12 code on a 6.10 kernel and installing the module)
because that's what I could do for now, and I'm getting system hangs
in a few tests. The first ones that hung were

hyperv_ipi
hyperv_tlb_flush
xapic_ipi_test

And of course, this is on a machine that doesn't have serial
console... :( I think for now I'll push the non-x86 stuff to kvm/next
and then either bisect or figure out how to run tests normally.

Paolo

Re: [GIT PULL] KVM: x86 pull requests for 6.12

[Sean Christopherson]

On Sun, Sep 15, 2024, Paolo Bonzini wrote:
> On Sat, Sep 14, 2024 at 4:54 PM Paolo Bonzini <pbonzini@redhat.com> wrote:
> >
> > On Sat, Sep 14, 2024 at 3:13 AM Sean Christopherson <seanjc@google.com> wrote:
> > > There's a trivial (and amusing) conflict with KVM s390 in the selftests pull
> > > request (we both added "config" to the .gitignore, within a few days of each
> > > other, after the goof being around for a good year or more).
> > >
> > > Note, the pull requests are relative to v6.11-rc4.  I got a late start, and for
> > > some reason thought kvm/next would magically end up on rc4 or later.
> > >
> > > Note #2, I had a brainfart and put the testcase for verifying KVM's fastpath
> > > correctly exits to userspace when needed in selftests, whereas the actual KVM
> > > fix is in misc.  So if you run KVM selftests in the middle of pulling everything,
> > > expect the debug_regs test to fail.
> >
> > Pulled all, thanks. Due to combination of being recovering from flu +
> > preparing to travel I will probably spend not be able to run tests for
> > a few days, but everything should be okay for the merge window.
> 
> Hmm, I tried running tests in a slightly non-standard way (compiling
> the will-be-6.12 code on a 6.10 kernel and installing the module)
> because that's what I could do for now, and I'm getting system hangs
> in a few tests. The first ones that hung were
> 
> hyperv_ipi
> hyperv_tlb_flush

This one failing gives me hope that it's some weird combination of 6.10 and the
for-6.12 code.  Off the top of my head, I can't think of any relevant changes.

FWIW, I haven't been able to reproduce any failures with kvm/next+kvm-x86/next,
on AMD or Intel.

> xapic_ipi_test
> 
> And of course, this is on a machine that doesn't have serial
> console... :( I think for now I'll push the non-x86 stuff to kvm/next
> and then either bisect or figure out how to run tests normally.