[GIT PULL] KVM: x86 pull requests 6.18

[GIT PULL] KVM: x86 pull requests 6.18

[Sean Christopherson]

Sorry this is coming in late, it's been a long week.

Similar to 6.17, a few anomolies in the form of external and cross-branch
dependencies, but thankfully only one conflict that I know of (details in
CET pull request).  Oh, and one "big" anomoly: there's a pull request for
guest-side x86/kvm changes (but it's small, hence the quotes).

I tried my best to document anything unusual in the individual pull requests,
so hopefully nothing is too surprising.

[GIT PULL] x86/kvm: Guest side changes for 6.18

[Sean Christopherson]

A few smallish guest-side changes.

The following changes since commit a6ad54137af92535cfe32e19e5f3bc1bb7dbd383:

  Merge branch 'guest-memfd-mmap' into HEAD (2025-08-27 04:41:35 -0400)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-guest-6.18

for you to fetch changes up to 960550503965094b0babd7e8c83ec66c8a763b0b:

  x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT (2025-09-11 08:58:37 -0700)

----------------------------------------------------------------
x86/kvm guest side changes for 6.18

 - For the legacy PCI hole (memory between TOLUD and 4GiB) to UC when
   overriding guest MTRR for TDX/SNP to fix an issue where ACPI auto-mapping
   could map devices as WB and prevent the device drivers from mapping their
   devices with UC/UC-.

 - Make kvm_async_pf_task_wake() a local static helper and remove its
   export.

 - Use native qspinlocks when running in a VM with dedicated vCPU=>pCPU
   bindings even when PV_UNHALT is unsupported.

----------------------------------------------------------------
Li RongQing (1):
      x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT

Sean Christopherson (2):
      x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP
      x86/kvm: Make kvm_async_pf_task_wake() a local static helper

 arch/x86/include/asm/kvm_para.h |  2 --
 arch/x86/kernel/kvm.c           | 44 ++++++++++++++++++++++++++++-------------
 2 files changed, 30 insertions(+), 16 deletions(-)

[GIT PULL] KVM: One lone common change for 6.18

[Sean Christopherson]

Tag says it all...

The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:

  Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-generic-6.18

for you to fetch changes up to cf6a8401b6a12c3bdd54c7414af28625ec6450da:

  KVM: remove redundant __GFP_NOWARN (2025-08-19 11:51:13 -0700)

----------------------------------------------------------------
KVM common changes for 6.18

Remove a redundant __GFP_NOWARN from kvm_setup_async_pf() as __GFP_NOWARN is
now included in GFP_NOWAIT.

----------------------------------------------------------------
Qianfeng Rong (1):
      KVM: remove redundant __GFP_NOWARN

 virt/kvm/async_pf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

[GIT PULL] KVM: x86: MMU changes for 6.18

[Sean Christopherson]

Recover TDP MMU NX huge pages under read lock, and fix two (interruptible)
deadlocks in prefaulting and in the TDX anti-zero-step code (there's a
selftest from Yan for the prefaulting case that I'll send along later).

The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:

  Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-mmu-6.18

for you to fetch changes up to 2bc2694fe20bf06eb73524426e3f4581d7b28923:

  KVM: TDX: Do not retry locally when the retry is caused by invalid memslot (2025-09-10 12:06:35 -0700)

----------------------------------------------------------------
KVM x86 MMU changes for 6.18

 - Recover possible NX huge pages within the TDP MMU under read lock to
   reduce guest jitter when restoring NX huge pages.

 - Return -EAGAIN during prefault if userspace concurrently deletes/moves the
   relevant memslot to fix an issue where prefaulting could deadlock with the
   memslot update.

 - Don't retry in TDX's anti-zero-step mitigation if the target memslot is
   invalid, i.e. is being deleted or moved, to fix a deadlock scenario similar
   to the aforementioned prefaulting case.

----------------------------------------------------------------
Sean Christopherson (2):
      KVM: x86/mmu: Return -EAGAIN if userspace deletes/moves memslot during prefault
      KVM: TDX: Do not retry locally when the retry is caused by invalid memslot

Vipin Sharma (3):
      KVM: x86/mmu: Track possible NX huge pages separately for TDP vs. Shadow MMU
      KVM: x86/mmu: Rename kvm_tdp_mmu_zap_sp() to better indicate its purpose
      KVM: x86/mmu: Recover TDP MMU NX huge pages using MMU read lock

 arch/x86/include/asm/kvm_host.h |  39 ++++++----
 arch/x86/kvm/mmu/mmu.c          | 165 ++++++++++++++++++++++++++--------------
 arch/x86/kvm/mmu/mmu_internal.h |   6 +-
 arch/x86/kvm/mmu/tdp_mmu.c      |  49 +++++++++---
 arch/x86/kvm/mmu/tdp_mmu.h      |   3 +-
 arch/x86/kvm/vmx/tdx.c          |  11 +++
 virt/kvm/kvm_main.c             |   1 +
 7 files changed, 192 insertions(+), 82 deletions(-)

[GIT PULL] KVM: Selftests changes for 6.18

[Sean Christopherson]

A mix of fixes, cleanups and new coverage.  Note, there's also a large-ish new
MSR selftest coming in through the "cet" pull request.

The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:

  Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-selftests-6.18

for you to fetch changes up to df1f294013da715f32521b3d0a69773e660a1af5:

  KVM: selftests: Add ex_str() to print human friendly name of exception vectors (2025-09-23 08:39:02 -0700)

----------------------------------------------------------------
KVM selftests changes for 6.18

 - Add #DE coverage in the fastops test (the only exception that's guest-
   triggerable in fastop-emulated instructions).

 - Fix PMU selftests errors encountered on Granite Rapids (GNR), Sierra
   Forest (SRF) and Clearwater Forest (CWF).

 - Minor cleanups and improvements

----------------------------------------------------------------
Alok Tiwari (1):
      KVM: selftests: Fix typo in hyperv cpuid test message

Dapeng Mi (2):
      KVM: selftests: Add timing_info bit support in vmx_pmu_caps_test
      KVM: selftests: Validate more arch-events in pmu_counters_test

Gopi Krishna Menon (1):
      KVM: selftests: fix minor typo in cpumodel_subfuncs

James Houghton (1):
      KVM: selftests: Fix signedness issue with vCPU mmap size check

Sean Christopherson (8):
      KVM: selftests: Move Intel and AMD module param helpers to x86/processor.h
      KVM: selftests: Add support for #DE exception fixup
      KVM: selftests: Add coverage for 'b' (byte) sized fastops emulation
      KVM: selftests: Dedup the gnarly constraints of the fastops tests (more macros!)
      KVM: selftests: Add support for DIV and IDIV in the fastops test
      KVM: selftests: Track unavailable_mask for PMU events as 32-bit value
      KVM: selftests: Reduce number of "unavailable PMU events" combos tested
      KVM: selftests: Add ex_str() to print human friendly name of exception vectors

Sukrut Heroorkar (1):
      selftests/kvm: remove stale TODO in xapic_state_test

dongsheng (1):
      KVM: selftests: Handle Intel Atom errata that leads to PMU event overcount

 tools/testing/selftests/kvm/include/kvm_util.h     | 17 +++--
 tools/testing/selftests/kvm/include/x86/pmu.h      | 26 +++++++
 .../testing/selftests/kvm/include/x86/processor.h  | 35 ++++++++-
 tools/testing/selftests/kvm/lib/kvm_util.c         | 42 ++---------
 tools/testing/selftests/kvm/lib/x86/pmu.c          | 49 +++++++++++++
 tools/testing/selftests/kvm/lib/x86/processor.c    | 39 +++++++++-
 .../selftests/kvm/s390/cpumodel_subfuncs_test.c    |  2 +-
 tools/testing/selftests/kvm/x86/fastops_test.c     | 82 +++++++++++++++++-----
 tools/testing/selftests/kvm/x86/hyperv_cpuid.c     |  2 +-
 tools/testing/selftests/kvm/x86/hyperv_features.c  | 16 ++---
 .../testing/selftests/kvm/x86/monitor_mwait_test.c |  8 +--
 .../testing/selftests/kvm/x86/pmu_counters_test.c  | 67 ++++++++++++------
 .../selftests/kvm/x86/pmu_event_filter_test.c      |  4 +-
 .../testing/selftests/kvm/x86/vmx_pmu_caps_test.c  |  7 +-
 tools/testing/selftests/kvm/x86/xapic_state_test.c |  4 +-
 tools/testing/selftests/kvm/x86/xcr0_cpuid_test.c  | 12 ++--
 16 files changed, 303 insertions(+), 109 deletions(-)

[GIT PULL] KVM: x86: VMX changes for 6.18

[Sean Christopherson]

Fix a TDX bug detected by Smatch where KVM would return '0' on failure, do a
bit of early prep for FRED virtualization, and tidy up.

The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:

  Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-6.18

for you to fetch changes up to 510c47f165f0c1f0b57329a30a9a797795519831:

  KVM: TDX: Fix uninitialized error code for __tdx_bringup() (2025-09-19 15:25:34 -0700)

----------------------------------------------------------------
KVM VMX changes for 6.18

 - Add read/write helpers for MSRs that need to be accessed with preemption
   disable to prepare for virtualizing FRED RSP0.

 - Fix a bug where KVM would return 0/success from __tdx_bringup() on error,
   i.e. where KVM would load with enable_tdx=true despite TDX not being usable.

 - Minor cleanups.

----------------------------------------------------------------
Qianfeng Rong (1):
      KVM: TDX: Remove redundant __GFP_ZERO

Sean Christopherson (1):
      KVM: VMX: Add host MSR read/write helpers to consolidate preemption handling

Tony Lindgren (1):
      KVM: TDX: Fix uninitialized error code for __tdx_bringup()

Xin Li (1):
      KVM: VMX: Fix an indentation

 arch/x86/kvm/vmx/tdx.c | 12 ++++--------
 arch/x86/kvm/vmx/vmx.c | 37 ++++++++++++++++++++++++++-----------
 2 files changed, 30 insertions(+), 19 deletions(-)

[GIT PULL] KVM: x86: SVM changes for 6.18

[Sean Christopherson]

The headliner here is to enable AVIC by deafult for Zen4+ if x2AVIC is
supported.  The other highlight is support for Secure TSC (support for
CiphertextHiding is coming in a separate pull request).

The "lowlight" is a bug fix for an issue where KVM could clobber TSC_AUX if an
SEV-ES+ vCPU runs on the same pCPU as a non-SEV-ES CPU.

Regarding enabling AVIC by default, despite there still being at least one
known wart (the IRQ window inhibit mess), I think AVIC is stable enough to
enable by default.  More importantly, I think that getting it enabled in 6.18
in particular, i.e. in the next LTS, will be a net positive in the sense that
we'll hopefully get more "free" testing, and thus help fix any lurking bugs
for the folks that are explicitly enabling AVIC.

The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:

  Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.18

for you to fetch changes up to ca2967de5a5b098b43c5ad665672945ce7e7d4f7:

  KVM: SVM: Enable AVIC by default for Zen4+ if x2AVIC is support (2025-09-23 08:56:49 -0700)

----------------------------------------------------------------
KVM SVM changes for 6.18

 - Require a minimum GHCB version of 2 when starting SEV-SNP guests via
   KVM_SEV_INIT2 so that invalid GHCB versions result in immediate errors
   instead of latent guest failures.

 - Add support for Secure TSC for SEV-SNP guests, which prevents the untrusted
   host from tampering with the guest's TSC frequency, while still allowing the
   the VMM to configure the guest's TSC frequency prior to launch.

 - Mitigate the potential for TOCTOU bugs when accessing GHCB fields by
   wrapping all accesses via READ_ONCE().

 - Validate the XCR0 provided by the guest (via the GHCB) to avoid tracking a
   bogous XCR0 value in KVM's software model.

 - Save an SEV guest's policy if and only if LAUNCH_START fully succeeds to
   avoid leaving behind stale state (thankfully not consumed in KVM).

 - Explicitly reject non-positive effective lengths during SNP's LAUNCH_UPDATE
   instead of subtly relying on guest_memfd to do the "heavy" lifting.

 - Reload the pre-VMRUN TSC_AUX on #VMEXIT for SEV-ES guests, not the host's
   desired TSC_AUX, to fix a bug where KVM could clobber a different vCPU's
   TSC_AUX due to hardware not matching the value cached in the user-return MSR
   infrastructure.

 - Enable AVIC by default for Zen4+ if x2AVIC (and other prereqs) is supported,
   and clean up the AVIC initialization code along the way.

----------------------------------------------------------------
Hou Wenlong (2):
      KVM: x86: Add helper to retrieve current value of user return MSR
      KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest

Naveen N Rao (1):
      KVM: SVM: Enable AVIC by default for Zen4+ if x2AVIC is support

Nikunj A Dadhania (4):
      KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it
      KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests
      x86/cpufeatures: Add SNP Secure TSC
      KVM: SVM: Enable Secure TSC for SNP guests

Sean Christopherson (15):
      KVM: SVM: Move SEV-ES VMSA allocation to a dedicated sev_vcpu_create() helper
      KVM: SEV: Move init of SNP guest state into sev_init_vmcb()
      KVM: SEV: Set RESET GHCB MSR value during sev_es_init_vmcb()
      KVM: SEV: Fold sev_es_vcpu_reset() into sev_vcpu_create()
      KVM: SEV: Save the SEV policy if and only if LAUNCH_START succeeds
      KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code()
      KVM: SEV: Read save fields from GHCB exactly once
      KVM: SEV: Validate XCR0 provided by guest in GHCB
      KVM: SEV: Reject non-positive effective lengths during LAUNCH_UPDATE
      KVM: SVM: Make svm_x86_ops globally visible, clean up on-HyperV usage
      KVM: SVM: Move x2AVIC MSR interception helper to avic.c
      KVM: SVM: Update "APICv in x2APIC without x2AVIC" in avic.c, not svm.c
      KVM: SVM: Always print "AVIC enabled" separately, even when force enabled
      KVM: SVM: Don't advise the user to do force_avic=y (when x2AVIC is detected)
      KVM: SVM: Move global "avic" variable to avic.c

Thorsten Blum (1):
      KVM: nSVM: Replace kzalloc() + copy_from_user() with memdup_user()

 arch/x86/include/asm/cpufeatures.h |   1 +
 arch/x86/include/asm/kvm_host.h    |   2 +
 arch/x86/include/asm/svm.h         |   1 +
 arch/x86/kvm/svm/avic.c            | 151 ++++++++++++++++++++++++++++------
 arch/x86/kvm/svm/nested.c          |  18 ++---
 arch/x86/kvm/svm/sev.c             | 160 +++++++++++++++++++++++++------------
 arch/x86/kvm/svm/svm.c             | 126 +++++------------------------
 arch/x86/kvm/svm/svm.h             |  40 ++++++----
 arch/x86/kvm/svm/svm_onhyperv.c    |  28 ++++++-
 arch/x86/kvm/svm/svm_onhyperv.h    |  31 +------
 arch/x86/kvm/x86.c                 |   9 ++-
 virt/kvm/guest_memfd.c             |   3 +-
 12 files changed, 323 insertions(+), 247 deletions(-)

[GIT PULL] KVM: x86: SNP CipherTextHiding for 6.18

[Sean Christopherson]

The tag has all the details of the feature.  Note that this is based directly
on the v6.18-ccp tag from the cryptodev tree.  I included all of the ccp
commits in the shortlog just in case the KVM pull request lands before the
crypto pull request.

The following changes since commit 8f5ae30d69d7543eee0d70083daf4de8fe15d585:

  Linux 6.17-rc1 (2025-08-10 19:41:16 +0300)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-ciphertext-6.18

for you to fetch changes up to 6c7c620585c6537dd5dcc75f972b875caf00f773:

  KVM: SEV: Add SEV-SNP CipherTextHiding support (2025-09-15 10:14:11 -0700)

----------------------------------------------------------------
KVM SEV-SNP CipherText Hiding support for 6.18

Add support for SEV-SNP's CipherText Hiding, an opt-in feature that prevents
unauthorized CPU accesses from reading the ciphertext of SNP guest private
memory, e.g. to attempt an offline attack.  Instead of ciphertext, the CPU
will always read back all FFs when CipherText Hiding is enabled.

Add new module parameter to the KVM module to enable CipherText Hiding and
control the number of ASIDs that can be used for VMs with CipherText Hiding,
which is in effect the number of SNP VMs.  When CipherText Hiding is enabled,
the hared SEV-ES/SEV-SNP ASID space is split into separate ranges for SEV-ES
and SEV-SNP guests, i.e. ASIDs that can be used for CipherText Hiding cannot
be used to run SEV-ES guests.

----------------------------------------------------------------
Ashish Kalra (7):
      crypto: ccp - New bit-field definitions for SNP_PLATFORM_STATUS command
      crypto: ccp - Cache SEV platform status and platform state
      crypto: ccp - Add support for SNP_FEATURE_INFO command
      crypto: ccp - Introduce new API interface to indicate SEV-SNP Ciphertext hiding feature
      crypto: ccp - Add support to enable CipherTextHiding on SNP_INIT_EX
      KVM: SEV: Introduce new min,max sev_es and sev_snp asid variables
      KVM: SEV: Add SEV-SNP CipherTextHiding support

 Documentation/admin-guide/kernel-parameters.txt |  21 ++++
 arch/x86/kvm/svm/sev.c                          |  68 +++++++++++--
 drivers/crypto/ccp/sev-dev.c                    | 127 +++++++++++++++++++++---
 drivers/crypto/ccp/sev-dev.h                    |   6 +-
 include/linux/psp-sev.h                         |  44 +++++++-
 include/uapi/linux/psp-sev.h                    |  10 +-
 6 files changed, 249 insertions(+), 27 deletions(-)

[GIT PULL] KVM: x86: Misc changes for 6.18

[Sean Christopherson]

Lots and lots (and lots) of prep work for CET and FRED virtualization, and for
mediated vPMU support (about 1/3 of that series is in here, as it didn't make
the cut this time around, and the cleanups are worthwhile on their own).

Buried in here is also support for immediate forms of RDMSR/WRMSRNS, and
fastpath exit handling for TSC_DEADLINE writes on AMD.

The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:

  Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-misc-6.18

for you to fetch changes up to 86bcd23df9cec9c2df520ae0982033e301d3c184:

  KVM: x86: Fix hypercalls docs section number order (2025-09-22 07:51:36 -0700)

----------------------------------------------------------------
KVM x86 changes for 6.18

 - Don't (re)check L1 intercepts when completing userspace I/O to fix a flaw
   where a misbehaving usersepace (a.k.a. syzkaller) could swizzle L1's
   intercepts and trigger a variety of WARNs in KVM.

 - Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 guests, as the MSR is
   supposed to exist for v2 PMUs.

 - Allow Centaur CPU leaves (base 0xC000_0000) for Zhaoxin CPUs.

 - Clean up KVM's vector hashing code for delivering lowest priority IRQs.

 - Clean up the fastpath handler code to only handle IPIs and WRMSRs that are
   actually "fast", as opposed to handling those that KVM _hopes_ are fast, and
   in the process of doing so add fastpath support for TSC_DEADLINE writes on
   AMD CPUs.

 - Clean up a pile of PMU code in anticipation of adding support for mediated
   vPMUs.

 - Add support for the immediate forms of RDMSR and WRMSRNS, sans full
   emulator support (KVM should never need to emulate the MSRs outside of
   forced emulation and other contrived testing scenarios).

 - Clean up the MSR APIs in preparation for CET and FRED virtualization, as
   well as mediated vPMU support.

 - Rejecting a fully in-kernel IRQCHIP if EOIs are protected, i.e. for TDX VMs,
   as KVM can't faithfully emulate an I/O APIC for such guests.

 - KVM_REQ_MSR_FILTER_CHANGED into a generic RECALC_INTERCEPTS in preparation
   for mediated vPMU support, as KVM will need to recalculate MSR intercepts in
   response to PMU refreshes for guests with mediated vPMUs.

 - Misc cleanups and minor fixes.

----------------------------------------------------------------
Bagas Sanjaya (1):
      KVM: x86: Fix hypercalls docs section number order

Chao Gao (1):
      KVM: x86: Zero XSTATE components on INIT by iterating over supported features

Dapeng Mi (5):
      KVM: x86/pmu: Correct typo "_COUTNERS" to "_COUNTERS"
      KVM: x86: Rename vmx_vmentry/vmexit_ctrl() helpers
      KVM: x86/pmu: Move PMU_CAP_{FW_WRITES,LBR_FMT} into msr-index.h header
      KVM: VMX: Add helpers to toggle/change a bit in VMCS execution controls
      KVM: x86/pmu: Use BIT_ULL() instead of open coded equivalents

Ewan Hai (1):
      KVM: x86: allow CPUID 0xC000_0000 to proceed on Zhaoxin CPUs

Jiaming Zhang (1):
      Documentation: KVM: Call out that KVM strictly follows the 8254 PIT spec

Liao Yuanhong (2):
      KVM: x86: Use guard() instead of mutex_lock() to simplify code
      KVM: x86: hyper-v: Use guard() instead of mutex_lock() to simplify code

Sagi Shahar (1):
      KVM: TDX: Reject fully in-kernel irqchip if EOIs are protected, i.e. for TDX VMs

Sean Christopherson (34):
      KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
      KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2
      KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid
      KVM: x86: Add kvm_icr_to_lapic_irq() helper to allow for fastpath IPIs
      KVM: x86: Only allow "fast" IPIs in fastpath WRMSR(X2APIC_ICR) handler
      KVM: x86: Drop semi-arbitrary restrictions on IPI type in fastpath
      KVM: x86: Unconditionally handle MSR_IA32_TSC_DEADLINE in fastpath exits
      KVM: x86: Acquire SRCU in WRMSR fastpath iff instruction needs to be skipped
      KVM: x86: Unconditionally grab data from EDX:EAX in WRMSR fastpath
      KVM: x86: Fold WRMSR fastpath helpers into the main handler
      KVM: x86/pmu: Move kvm_init_pmu_capability() to pmu.c
      KVM: x86/pmu: Add wrappers for counting emulated instructions/branches
      KVM: x86/pmu: Calculate set of to-be-emulated PMCs at time of WRMSRs
      KVM: x86/pmu: Rename pmc_speculative_in_use() to pmc_is_locally_enabled()
      KVM: x86/pmu: Open code pmc_event_is_allowed() in its callers
      KVM: x86/pmu: Drop redundant check on PMC being globally enabled for emulation
      KVM: x86/pmu: Drop redundant check on PMC being locally enabled for emulation
      KVM: x86/pmu: Rename check_pmu_event_filter() to pmc_is_event_allowed()
      KVM: x86: Push acquisition of SRCU in fastpath into kvm_pmu_trigger_event()
      KVM: x86: Add a fastpath handler for INVD
      KVM: x86: Rename local "ecx" variables to "msr" and "pmc" as appropriate
      KVM: x86: Use double-underscore read/write MSR helpers as appropriate
      KVM: x86: Manually clear MPX state only on INIT
      KVM: x86: Move kvm_irq_delivery_to_apic() from irq.c to lapic.c
      KVM: x86: Make "lowest priority" helpers local to lapic.c
      KVM: x86: Move vector_hashing into lapic.c
      KVM: VMX: Setup canonical VMCS config prior to kvm_x86_vendor_init()
      KVM: SVM: Check pmu->version, not enable_pmu, when getting PMC MSRs
      KVM: x86/pmu: Snapshot host (i.e. perf's) reported PMU capabilities
      KVM: x86: Rework KVM_REQ_MSR_FILTER_CHANGED into a generic RECALC_INTERCEPTS
      KVM: x86: Use KVM_REQ_RECALC_INTERCEPTS to react to CPUID updates
      KVM: x86/pmu: Move initialization of valid PMCs bitmask to common x86
      KVM: x86/pmu: Restrict GLOBAL_{CTRL,STATUS}, fixed PMCs, and PEBS to PMU v2+
      KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't

Thomas Huth (1):
      arch/x86/kvm/ioapic: Remove license boilerplate with bad FSF address

Xin Li (5):
      x86/cpufeatures: Add a CPU feature bit for MSR immediate form instructions
      KVM: x86: Rename handle_fastpath_set_msr_irqoff() to handle_fastpath_wrmsr()
      KVM: x86: Add support for RDMSR/WRMSRNS w/ immediate on Intel
      KVM: VMX: Support the immediate form of WRMSRNS in the VM-Exit fastpath
      KVM: x86: Advertise support for the immediate form of MSR instructions

Yang Weijiang (2):
      KVM: x86: Rename kvm_{g,s}et_msr()* to show that they emulate guest accesses
      KVM: x86: Add kvm_msr_{read,write}() helpers

Yury Norov (1):
      kvm: x86: simplify kvm_vector_to_index()

 Documentation/virt/kvm/api.rst                     |   6 +
 Documentation/virt/kvm/x86/hypercalls.rst          |   6 +-
 arch/x86/include/asm/cpufeatures.h                 |   1 +
 arch/x86/include/asm/kvm-x86-ops.h                 |   2 +-
 arch/x86/include/asm/kvm_host.h                    |  31 +-
 arch/x86/include/asm/msr-index.h                   |  16 +-
 arch/x86/include/uapi/asm/vmx.h                    |   6 +-
 arch/x86/kernel/cpu/scattered.c                    |   1 +
 arch/x86/kvm/cpuid.c                               |  13 +-
 arch/x86/kvm/emulate.c                             |  13 +-
 arch/x86/kvm/hyperv.c                              |  12 +-
 arch/x86/kvm/ioapic.c                              |  15 +-
 arch/x86/kvm/irq.c                                 |  57 ----
 arch/x86/kvm/irq.h                                 |   4 -
 arch/x86/kvm/kvm_emulate.h                         |   3 +-
 arch/x86/kvm/lapic.c                               | 169 ++++++++---
 arch/x86/kvm/lapic.h                               |  15 +-
 arch/x86/kvm/pmu.c                                 | 169 +++++++++--
 arch/x86/kvm/pmu.h                                 |  60 +---
 arch/x86/kvm/reverse_cpuid.h                       |   5 +
 arch/x86/kvm/smm.c                                 |   4 +-
 arch/x86/kvm/svm/pmu.c                             |   8 +-
 arch/x86/kvm/svm/svm.c                             |  30 +-
 arch/x86/kvm/vmx/capabilities.h                    |   3 -
 arch/x86/kvm/vmx/main.c                            |  14 +-
 arch/x86/kvm/vmx/nested.c                          |  29 +-
 arch/x86/kvm/vmx/pmu_intel.c                       |  85 +++---
 arch/x86/kvm/vmx/tdx.c                             |   5 +
 arch/x86/kvm/vmx/vmx.c                             |  91 ++++--
 arch/x86/kvm/vmx/vmx.h                             |  13 +
 arch/x86/kvm/vmx/x86_ops.h                         |   2 +-
 arch/x86/kvm/x86.c                                 | 334 ++++++++++++---------
 arch/x86/kvm/x86.h                                 |   5 +-
 .../testing/selftests/kvm/x86/pmu_counters_test.c  |   8 +-
 34 files changed, 715 insertions(+), 520 deletions(-)

[GIT PULL] KVM: x86: CET virtualization for 6.18

[Sean Christopherson]

This one is a bit wonky.  It's based off the "misc" branch/request, includes
a merge of "selftests", and a merge of a slightly older version of "svm".
I generated the shortlog against the last merge commit and manually added
the two merge commits.  Hopefully it came out right?

This will also superficially conflict with the tip tree, which has PeterZ's
fastop purge.  The resolution is a simple "take the changes from each", but
it's the emulator instruction definitions, i.e. stupid hard to read, so just
a heads up: https://lore.kernel.org/all/aNEb7o3xrTDQ6JP4@finisterre.sirena.org.uk

As for the content, getting this ready was much more of a scramble than I was
planning/hoping, especially given that this has been a work in-progress since
forever.  However, most of the late churn was for "stupid" things like not
disabling SHSTK support on AMD when using shadow paging, i.e. stuff that needed
to be handled, but is completely unrelated to core CET virtualization.

So, I don't think letting this sit in -next for a full cycle will be a net
positive; somewhat similar to what happened with TDX, though on a smaller scale,
the scope and volume of changes and contributors was making it difficult to
manage the series.  If there are issues, I think we'll come out ahead by
applying fixes on top instead of trying to respin the full series or squash
fixups.

There are a pile of KVM-Unit-Test changes to validate a good chunk of this
(but we can definitely do better).  A good number of them are sitting on my
systems in a half-baked state, so it'll probably be a few weeks (or more)
before you see a KUT pull request.

The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:

  Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-cet-6.18

for you to fetch changes up to d292035fb5d209b78beda356a2a9720154bd7c00:

  KVM: VMX: Make CR4.CET a guest owned bit (2025-09-23 10:03:09 -0700)

----------------------------------------------------------------
KVM x86 CET virtualization support for 6.18

Add support for virtualizing Control-flow Enforcement Technology (CET) on
Intel (Shadow Stacks and Indirect Branch Tracking) and AMD (Shadow Stacks).

CET is comprised of two distinct features, Shadow Stacks (SHSTK) and Indirect
Branch Tracking (IBT), that can be utilized by software to help provide
Control-flow integrity (CFI).  SHSTK defends against backward-edge attacks
(a.k.a. Return-oriented programming (ROP)), while IBT defends against
forward-edge attacks (a.k.a. similarly CALL/JMP-oriented programming (COP/JOP)).

Attackers commonly use ROP and COP/JOP methodologies to redirect the control-
flow to unauthorized targets in order to execute small snippets of code,
a.k.a. gadgets, of the attackers choice.  By chaining together several gadgets,
an attacker can perform arbitrary operations and circumvent the system's
defenses.

SHSTK defends against backward-edge attacks, which execute gadgets by modifying
the stack to branch to the attacker's target via RET, by providing a second
stack that is used exclusively to track control transfer operations.  The
shadow stack is separate from the data/normal stack, and can be enabled
independently in user and kernel mode.

When SHSTK is is enabled, CALL instructions push the return address on both the
data and shadow stack. RET then pops the return address from both stacks and
compares the addresses.  If the return addresses from the two stacks do not
match, the CPU generates a Control Protection (#CP) exception.

IBT defends against backward-edge attacks, which branch to gadgets by executing
indirect CALL and JMP instructions with attacker controlled register or memory
state, by requiring the target of indirect branches to start with a special
marker instruction, ENDBRANCH.  If an indirect branch is executed and the next
instruction is not an ENDBRANCH, the CPU generates a #CP.  Note, ENDBRANCH
behaves as a NOP if IBT is disabled or unsupported.

From a virtualization perspective, CET presents several problems.  While SHSTK
and IBT have two layers of enabling, a global control in the form of a CR4 bit,
and a per-feature control in user and kernel (supervisor) MSRs (U_CET and S_CET
respectively), the {S,U}_CET MSRs can be context switched via XSAVES/XRSTORS.
Practically speaking, intercepting and emulating XSAVES/XRSTORS is not a viable
option due to complexity, and outright disallowing use of XSTATE to context
switch SHSTK/IBT state would render the features unusable to most guests.

To limit the overall complexity without sacrificing performance or usability,
simply ignore the potential virtualization hole, but ensure that all paths in
KVM treat SHSTK/IBT as usable by the guest if the feature is supported in
hardware, and the guest has access to at least one of SHSTK or IBT.  I.e. allow
userspace to advertise one of SHSTK or IBT if both are supported in hardware,
even though doing so would allow a misbehaving guest to use the unadvertised
feature.

Fully emulating SHSTK and IBT would also require significant complexity, e.g.
to track and update branch state for IBT, and shadow stack state for SHSTK.
Given that emulating large swaths of the guest code stream isn't necessary on
modern CPUs, punt on emulating instructions that meaningful impact or consume
SHSTK or IBT.  However, instead of doing nothing, explicitly reject emulation
of such instructions so that KVM's emulator can't be abused to circumvent CET.
Disable support for SHSTK and IBT if KVM is configured such that emulation of
arbitrary guest instructions may be required, specifically if Unrestricted
Guest (Intel only) is disabled, or if KVM will emulate a guest.MAXPHYADDR that
is smaller than host.MAXPHYADDR.

Lastly disable SHSTK support if shadow paging is enabled, as the protections
for the shadow stack are novel (shadow stacks require Writable=0,Dirty=1, so
that they can't be directly modified by software), i.e. would require
non-trivial support in the Shadow MMU.

Note, AMD CPUs currently only support SHSTK.  Explicitly disable IBT support
so that KVM doesn't over-advertise if AMD CPUs add IBT, and virtualizing IBT
in SVM requires KVM modifications.


----------------------------------------------------------------
Chao Gao (4):
      KVM: x86: Check XSS validity against guest CPUIDs
      KVM: nVMX: Add consistency checks for CR0.WP and CR4.CET
      KVM: nVMX: Add consistency checks for CET states
      KVM: nVMX: Advertise new VM-Entry/Exit control bits for CET state

John Allen (4):
      KVM: SVM: Emulate reads and writes to shadow stack MSRs
      KVM: SVM: Update dump_vmcb with shadow stack save area additions
      KVM: SVM: Pass through shadow stack MSRs as appropriate
      KVM: SVM: Enable shadow stack virtualization for SVM

Mathias Krause (1):
      KVM: VMX: Make CR4.CET a guest owned bit

Sean Christopherson (25):
      KVM: x86: Merge 'svm' into 'cet' to pick up GHCB dependencies
      KVM: x86: Merge 'selftests' into 'cet' to pick up ex_str()
      KVM: x86: Report XSS as to-be-saved if there are supported features
      KVM: x86: Load guest FPU state when access XSAVE-managed MSRs
      KVM: x86: Don't emulate instructions affected by CET features
      KVM: x86: Don't emulate task switches when IBT or SHSTK is enabled
      KVM: x86: Emulate SSP[63:32]!=0 #GP(0) for FAR JMP to 32-bit mode
      KVM: x86/mmu: WARN on attempt to check permissions for Shadow Stack #PF
      KVM: x86/mmu: Pretty print PK, SS, and SGX flags in MMU tracepoints
      KVM: nVMX: Always forward XSAVES/XRSTORS exits from L2 to L1
      KVM: x86: Disable support for Shadow Stacks if TDP is disabled
      KVM: x86: Initialize allow_smaller_maxphyaddr earlier in setup
      KVM: x86: Disable support for IBT and SHSTK if allow_smaller_maxphyaddr is true
      KVM: VMX: Configure nested capabilities after CPU capabilities
      KVM: nSVM: Save/load CET Shadow Stack state to/from vmcb12/vmcb02
      KVM: SEV: Synchronize MSR_IA32_XSS from the GHCB when it's valid
      KVM: x86: Add human friendly formatting for #XM, and #VE
      KVM: x86: Define Control Protection Exception (#CP) vector
      KVM: x86: Define AMD's #HV, #VC, and #SX exception vectors
      KVM: selftests: Add an MSR test to exercise guest/host and read/write
      KVM: selftests: Add support for MSR_IA32_{S,U}_CET to MSRs test
      KVM: selftests: Extend MSRs test to validate vCPUs without supported features
      KVM: selftests: Add KVM_{G,S}ET_ONE_REG coverage to MSRs test
      KVM: selftests: Add coverage for KVM-defined registers in MSRs test
      KVM: selftests: Verify MSRs are (not) in save/restore list when (un)supported

Yang Weijiang (16):
      KVM: x86: Introduce KVM_{G,S}ET_ONE_REG uAPIs support
      KVM: x86: Refresh CPUID on write to guest MSR_IA32_XSS
      KVM: x86: Initialize kvm_caps.supported_xss
      KVM: x86: Add fault checks for guest CR4.CET setting
      KVM: x86: Report KVM supported CET MSRs as to-be-saved
      KVM: VMX: Introduce CET VMCS fields and control bits
      KVM: x86: Enable guest SSP read/write interface with new uAPIs
      KVM: VMX: Emulate read and write to CET MSRs
      KVM: x86: Save and reload SSP to/from SMRAM
      KVM: VMX: Set up interception for CET MSRs
      KVM: VMX: Set host constant supervisor states to VMCS fields
      KVM: x86: Allow setting CR4.CET if IBT or SHSTK is supported
      KVM: x86: Add XSS support for CET_KERNEL and CET_USER
      KVM: x86: Enable CET virtualization for VMX and advertise to userspace
      KVM: nVMX: Virtualize NO_HW_ERROR_CODE_CC for L1 event injection to L2
      KVM: nVMX: Prepare for enabling CET support for nested guest

 Documentation/virt/kvm/api.rst                      |  14 +++-
 arch/x86/include/asm/kvm_host.h                     |   6 +-
 arch/x86/include/asm/vmx.h                          |   9 +++
 arch/x86/include/uapi/asm/kvm.h                     |  34 ++++++++
 arch/x86/kvm/cpuid.c                                |  35 ++++++++-
 arch/x86/kvm/emulate.c                              | 150 ++++++++++++++++++++++++++++++++---
 arch/x86/kvm/kvm_cache_regs.h                       |   3 +-
 arch/x86/kvm/mmu.h                                  |   2 +-
 arch/x86/kvm/mmu/mmutrace.h                         |   3 +
 arch/x86/kvm/smm.c                                  |   8 ++
 arch/x86/kvm/smm.h                                  |   2 +-
 arch/x86/kvm/svm/nested.c                           |  20 +++++
 arch/x86/kvm/svm/sev.c                              |   3 +
 arch/x86/kvm/svm/svm.c                              |  80 ++++++++++++++-----
 arch/x86/kvm/svm/svm.h                              |   4 +-
 arch/x86/kvm/trace.h                                |   5 +-
 arch/x86/kvm/vmx/capabilities.h                     |   9 +++
 arch/x86/kvm/vmx/nested.c                           | 186 +++++++++++++++++++++++++++++++++++++++----
 arch/x86/kvm/vmx/nested.h                           |   5 ++
 arch/x86/kvm/vmx/vmcs12.c                           |   6 ++
 arch/x86/kvm/vmx/vmcs12.h                           |  14 +++-
 arch/x86/kvm/vmx/vmx.c                              | 109 ++++++++++++++++++++++---
 arch/x86/kvm/vmx/vmx.h                              |   9 ++-
 arch/x86/kvm/x86.c                                  | 410 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------
 arch/x86/kvm/x86.h                                  |  37 +++++++++
 tools/testing/selftests/kvm/Makefile.kvm            |   1 +
 tools/testing/selftests/kvm/include/x86/processor.h |   5 ++
 tools/testing/selftests/kvm/x86/msrs_test.c         | 489 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 28 files changed, 1563 insertions(+), 95 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86/msrs_test.c

[GIT PULL] KVM: Symbol export restrictions for 6.18

[Sean Christopherson]

Note!  If possible, and you're feeling generous, please merge this dead last
and manually convert any new KVM exports to EXPORT_SYMBOL_FOR_KVM_INTERNAL so
that there are no unwanted exports.

Three new exports are coming in via other kvm-x86 pull requests; I've been
"fixing" them as part of the merge into kvm-x86/next (see diff below), so those
at least have gotten coverage in -next.

Note #2, this is based on the "misc" branch/pull, but includes a backmerge of
v6.17-rc3.  I posted the patches against kvm-x86/next to avoid an annoying
conflict (which I can't even remember at this point), and then didn't realize
I needed v6.17-rc3 to pick up the EXPORT_SYMBOL_GPL_FOR_MODULES =>
EXPORT_SYMBOL_FOR_MODULES rename that snuck in until the 0-day bot yelled
because the branch didn't compile (I only tested when merged on top of
kvm/next, doh).

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index e96080cba540..3d4ec1806d3e 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -695,7 +695,7 @@ u64 kvm_get_user_return_msr(unsigned int slot)
 {
        return this_cpu_ptr(user_return_msrs)->values[slot].curr;
 }
-EXPORT_SYMBOL_GPL(kvm_get_user_return_msr);
+EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_get_user_return_msr);
 
 static void drop_user_return_notifiers(void)
 {
@@ -1304,7 +1304,7 @@ int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
                vcpu->arch.cpuid_dynamic_bits_dirty = true;
        return 0;
 }
-EXPORT_SYMBOL_GPL(__kvm_set_xcr);
+EXPORT_SYMBOL_FOR_KVM_INTERNAL(__kvm_set_xcr);
 
 int kvm_emulate_xsetbv(struct kvm_vcpu *vcpu)
 {
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index b99eb34174af..83a1b4dbbbd8 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2661,7 +2661,7 @@ struct kvm_memory_slot *kvm_vcpu_gfn_to_memslot(struct kvm_vcpu *vcpu, gfn_t gfn
 
        return NULL;
 }
-EXPORT_SYMBOL_GPL(kvm_vcpu_gfn_to_memslot);
+EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_vcpu_gfn_to_memslot);
 
 bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn)
 {

The following changes since commit 1b237f190eb3d36f52dffe07a40b5eb210280e00:

  Linux 6.17-rc3 (2025-08-24 12:04:12 -0400)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-exports-6.18

for you to fetch changes up to aca2a0fa7796cf026a39a49ef9325755a9ead932:

  KVM: x86: Export KVM-internal symbols for sub-modules only (2025-09-24 07:01:30 -0700)

----------------------------------------------------------------
KVM symbol export restrictions for 6.18

Use the newfangled EXPORT_SYMBOL_FOR_MODULES() along with some macro
shenanigans to export KVM-internal symbols if and only if KVM has one or
more sub-modules, and only for those sub-modules, e.g. x86's kvm-amd.ko
and/or kvm-intel.ko, and PPC's many varieties of sub-modules.

Define the macros in the kvm_types.h so that the core logic is visible outside
of KVM, so that the logic can be reused in the future to further restrict
kernel exports that exist purely for KVM (x86 in particular has a _lot_ of
exports that are used only by KVM).

----------------------------------------------------------------
Sean Christopherson (6):
      Merge 'v6.17-rc3' into 'exports' to EXPORT_SYMBOL_FOR_MODULES rename
      KVM: s390/vfio-ap: Use kvm_is_gpa_in_memslot() instead of open coded equivalent
      KVM: Export KVM-internal symbols for sub-modules only
      KVM: x86: Move kvm_intr_is_single_vcpu() to lapic.c
      KVM: x86: Drop pointless exports of kvm_arch_xxx() hooks
      KVM: x86: Export KVM-internal symbols for sub-modules only

 arch/powerpc/include/asm/Kbuild      |   1 -
 arch/powerpc/include/asm/kvm_types.h |  15 +++++++++
 arch/s390/include/asm/kvm_host.h     |   2 ++
 arch/s390/kvm/priv.c                 |   8 +++++
 arch/x86/include/asm/kvm_host.h      |   3 --
 arch/x86/include/asm/kvm_types.h     |  10 ++++++
 arch/x86/kvm/cpuid.c                 |  10 +++---
 arch/x86/kvm/hyperv.c                |   4 +--
 arch/x86/kvm/irq.c                   |  34 ++------------------
 arch/x86/kvm/kvm_onhyperv.c          |   6 ++--
 arch/x86/kvm/lapic.c                 |  71 +++++++++++++++++++++++++++++-------------
 arch/x86/kvm/lapic.h                 |   4 +--
 arch/x86/kvm/mmu/mmu.c               |  36 ++++++++++-----------
 arch/x86/kvm/mmu/spte.c              |  10 +++---
 arch/x86/kvm/mmu/tdp_mmu.c           |   2 +-
 arch/x86/kvm/pmu.c                   |  10 +++---
 arch/x86/kvm/smm.c                   |   2 +-
 arch/x86/kvm/x86.c                   | 219 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------------------------------------------------------
 drivers/s390/crypto/vfio_ap_ops.c    |   2 +-
 include/linux/kvm_types.h            |  25 ++++++++++-----
 virt/kvm/eventfd.c                   |   2 +-
 virt/kvm/guest_memfd.c               |   4 +--
 virt/kvm/kvm_main.c                  | 126 +++++++++++++++++++++++++++++++++++++-------------------------------------
 23 files changed, 323 insertions(+), 283 deletions(-)
 create mode 100644 arch/powerpc/include/asm/kvm_types.h

Re: [GIT PULL] KVM: Selftests changes for 6.18

[Paolo Bonzini]

On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@google.com> wrote:
>
> A mix of fixes, cleanups and new coverage.  Note, there's also a large-ish new
> MSR selftest coming in through the "cet" pull request.
>
> The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:
>
>   Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-selftests-6.18
>
> for you to fetch changes up to df1f294013da715f32521b3d0a69773e660a1af5:
>
>   KVM: selftests: Add ex_str() to print human friendly name of exception vectors (2025-09-23 08:39:02 -0700)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> KVM selftests changes for 6.18
>
>  - Add #DE coverage in the fastops test (the only exception that's guest-
>    triggerable in fastop-emulated instructions).
>
>  - Fix PMU selftests errors encountered on Granite Rapids (GNR), Sierra
>    Forest (SRF) and Clearwater Forest (CWF).
>
>  - Minor cleanups and improvements
>
> ----------------------------------------------------------------
> Alok Tiwari (1):
>       KVM: selftests: Fix typo in hyperv cpuid test message
>
> Dapeng Mi (2):
>       KVM: selftests: Add timing_info bit support in vmx_pmu_caps_test
>       KVM: selftests: Validate more arch-events in pmu_counters_test
>
> Gopi Krishna Menon (1):
>       KVM: selftests: fix minor typo in cpumodel_subfuncs
>
> James Houghton (1):
>       KVM: selftests: Fix signedness issue with vCPU mmap size check
>
> Sean Christopherson (8):
>       KVM: selftests: Move Intel and AMD module param helpers to x86/processor.h
>       KVM: selftests: Add support for #DE exception fixup
>       KVM: selftests: Add coverage for 'b' (byte) sized fastops emulation
>       KVM: selftests: Dedup the gnarly constraints of the fastops tests (more macros!)
>       KVM: selftests: Add support for DIV and IDIV in the fastops test
>       KVM: selftests: Track unavailable_mask for PMU events as 32-bit value
>       KVM: selftests: Reduce number of "unavailable PMU events" combos tested
>       KVM: selftests: Add ex_str() to print human friendly name of exception vectors
>
> Sukrut Heroorkar (1):
>       selftests/kvm: remove stale TODO in xapic_state_test
>
> dongsheng (1):
>       KVM: selftests: Handle Intel Atom errata that leads to PMU event overcount
>
>  tools/testing/selftests/kvm/include/kvm_util.h     | 17 +++--
>  tools/testing/selftests/kvm/include/x86/pmu.h      | 26 +++++++
>  .../testing/selftests/kvm/include/x86/processor.h  | 35 ++++++++-
>  tools/testing/selftests/kvm/lib/kvm_util.c         | 42 ++---------
>  tools/testing/selftests/kvm/lib/x86/pmu.c          | 49 +++++++++++++
>  tools/testing/selftests/kvm/lib/x86/processor.c    | 39 +++++++++-
>  .../selftests/kvm/s390/cpumodel_subfuncs_test.c    |  2 +-
>  tools/testing/selftests/kvm/x86/fastops_test.c     | 82 +++++++++++++++++-----
>  tools/testing/selftests/kvm/x86/hyperv_cpuid.c     |  2 +-
>  tools/testing/selftests/kvm/x86/hyperv_features.c  | 16 ++---
>  .../testing/selftests/kvm/x86/monitor_mwait_test.c |  8 +--
>  .../testing/selftests/kvm/x86/pmu_counters_test.c  | 67 ++++++++++++------
>  .../selftests/kvm/x86/pmu_event_filter_test.c      |  4 +-
>  .../testing/selftests/kvm/x86/vmx_pmu_caps_test.c  |  7 +-
>  tools/testing/selftests/kvm/x86/xapic_state_test.c |  4 +-
>  tools/testing/selftests/kvm/x86/xcr0_cpuid_test.c  | 12 ++--
>  16 files changed, 303 insertions(+), 109 deletions(-)
>

Re: [GIT PULL] KVM: One lone common change for 6.18

[Paolo Bonzini]

On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@google.com> wrote:
>
> Tag says it all...
>
> The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:
>
>   Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-generic-6.18
>
> for you to fetch changes up to cf6a8401b6a12c3bdd54c7414af28625ec6450da:
>
>   KVM: remove redundant __GFP_NOWARN (2025-08-19 11:51:13 -0700)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> KVM common changes for 6.18
>
> Remove a redundant __GFP_NOWARN from kvm_setup_async_pf() as __GFP_NOWARN is
> now included in GFP_NOWAIT.
>
> ----------------------------------------------------------------
> Qianfeng Rong (1):
>       KVM: remove redundant __GFP_NOWARN
>
>  virt/kvm/async_pf.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>

Re: [GIT PULL] x86/kvm: Guest side changes for 6.18

[Paolo Bonzini]

On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@google.com> wrote:
>
> A few smallish guest-side changes.
>
> The following changes since commit a6ad54137af92535cfe32e19e5f3bc1bb7dbd383:
>
>   Merge branch 'guest-memfd-mmap' into HEAD (2025-08-27 04:41:35 -0400)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-guest-6.18
>
> for you to fetch changes up to 960550503965094b0babd7e8c83ec66c8a763b0b:
>
>   x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT (2025-09-11 08:58:37 -0700)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> x86/kvm guest side changes for 6.18
>
>  - For the legacy PCI hole (memory between TOLUD and 4GiB) to UC when
>    overriding guest MTRR for TDX/SNP to fix an issue where ACPI auto-mapping
>    could map devices as WB and prevent the device drivers from mapping their
>    devices with UC/UC-.
>
>  - Make kvm_async_pf_task_wake() a local static helper and remove its
>    export.
>
>  - Use native qspinlocks when running in a VM with dedicated vCPU=>pCPU
>    bindings even when PV_UNHALT is unsupported.
>
> ----------------------------------------------------------------
> Li RongQing (1):
>       x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT
>
> Sean Christopherson (2):
>       x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP
>       x86/kvm: Make kvm_async_pf_task_wake() a local static helper
>
>  arch/x86/include/asm/kvm_para.h |  2 --
>  arch/x86/kernel/kvm.c           | 44 ++++++++++++++++++++++++++++-------------
>  2 files changed, 30 insertions(+), 16 deletions(-)
>

Re: [GIT PULL] KVM: x86: VMX changes for 6.18

[Paolo Bonzini]

On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@google.com> wrote:
>
> Fix a TDX bug detected by Smatch where KVM would return '0' on failure, do a
> bit of early prep for FRED virtualization, and tidy up.
>
> The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:
>
>   Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-6.18
>
> for you to fetch changes up to 510c47f165f0c1f0b57329a30a9a797795519831:
>
>   KVM: TDX: Fix uninitialized error code for __tdx_bringup() (2025-09-19 15:25:34 -0700)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> KVM VMX changes for 6.18
>
>  - Add read/write helpers for MSRs that need to be accessed with preemption
>    disable to prepare for virtualizing FRED RSP0.
>
>  - Fix a bug where KVM would return 0/success from __tdx_bringup() on error,
>    i.e. where KVM would load with enable_tdx=true despite TDX not being usable.
>
>  - Minor cleanups.
>
> ----------------------------------------------------------------
> Qianfeng Rong (1):
>       KVM: TDX: Remove redundant __GFP_ZERO
>
> Sean Christopherson (1):
>       KVM: VMX: Add host MSR read/write helpers to consolidate preemption handling
>
> Tony Lindgren (1):
>       KVM: TDX: Fix uninitialized error code for __tdx_bringup()
>
> Xin Li (1):
>       KVM: VMX: Fix an indentation
>
>  arch/x86/kvm/vmx/tdx.c | 12 ++++--------
>  arch/x86/kvm/vmx/vmx.c | 37 ++++++++++++++++++++++++++-----------
>  2 files changed, 30 insertions(+), 19 deletions(-)
>

Re: [GIT PULL] KVM: x86: MMU changes for 6.18

[Paolo Bonzini]

On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@google.com> wrote:
>
> Recover TDP MMU NX huge pages under read lock, and fix two (interruptible)
> deadlocks in prefaulting and in the TDX anti-zero-step code (there's a
> selftest from Yan for the prefaulting case that I'll send along later).
>
> The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:
>
>   Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-mmu-6.18
>
> for you to fetch changes up to 2bc2694fe20bf06eb73524426e3f4581d7b28923:
>
>   KVM: TDX: Do not retry locally when the retry is caused by invalid memslot (2025-09-10 12:06:35 -0700)

Pulled, thanks.

> ----------------------------------------------------------------
> KVM x86 MMU changes for 6.18
>
>  - Recover possible NX huge pages within the TDP MMU under read lock to
>    reduce guest jitter when restoring NX huge pages.
>
>  - Return -EAGAIN during prefault if userspace concurrently deletes/moves the
>    relevant memslot to fix an issue where prefaulting could deadlock with the
>    memslot update.
>
>  - Don't retry in TDX's anti-zero-step mitigation if the target memslot is
>    invalid, i.e. is being deleted or moved, to fix a deadlock scenario similar
>    to the aforementioned prefaulting case.
>
> ----------------------------------------------------------------
> Sean Christopherson (2):
>       KVM: x86/mmu: Return -EAGAIN if userspace deletes/moves memslot during prefault
>       KVM: TDX: Do not retry locally when the retry is caused by invalid memslot
>
> Vipin Sharma (3):
>       KVM: x86/mmu: Track possible NX huge pages separately for TDP vs. Shadow MMU
>       KVM: x86/mmu: Rename kvm_tdp_mmu_zap_sp() to better indicate its purpose
>       KVM: x86/mmu: Recover TDP MMU NX huge pages using MMU read lock
>
>  arch/x86/include/asm/kvm_host.h |  39 ++++++----
>  arch/x86/kvm/mmu/mmu.c          | 165 ++++++++++++++++++++++++++--------------
>  arch/x86/kvm/mmu/mmu_internal.h |   6 +-
>  arch/x86/kvm/mmu/tdp_mmu.c      |  49 +++++++++---
>  arch/x86/kvm/mmu/tdp_mmu.h      |   3 +-
>  arch/x86/kvm/vmx/tdx.c          |  11 +++
>  virt/kvm/kvm_main.c             |   1 +
>  7 files changed, 192 insertions(+), 82 deletions(-)
>

Re: [GIT PULL] KVM: x86: SVM changes for 6.18

[Paolo Bonzini]

On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@google.com> wrote:
>
> The headliner here is to enable AVIC by deafult for Zen4+ if x2AVIC is
> supported.  The other highlight is support for Secure TSC (support for
> CiphertextHiding is coming in a separate pull request).
>
> The "lowlight" is a bug fix for an issue where KVM could clobber TSC_AUX if an
> SEV-ES+ vCPU runs on the same pCPU as a non-SEV-ES CPU.
>
> Regarding enabling AVIC by default, despite there still being at least one
> known wart (the IRQ window inhibit mess), I think AVIC is stable enough to
> enable by default.  More importantly, I think that getting it enabled in 6.18
> in particular, i.e. in the next LTS, will be a net positive in the sense that
> we'll hopefully get more "free" testing, and thus help fix any lurking bugs
> for the folks that are explicitly enabling AVIC.
>
> The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:
>
>   Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)

Pulled, thanks.

Paolo

> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.18
>
> for you to fetch changes up to ca2967de5a5b098b43c5ad665672945ce7e7d4f7:
>
>   KVM: SVM: Enable AVIC by default for Zen4+ if x2AVIC is support (2025-09-23 08:56:49 -0700)
>
> ----------------------------------------------------------------
> KVM SVM changes for 6.18
>
>  - Require a minimum GHCB version of 2 when starting SEV-SNP guests via
>    KVM_SEV_INIT2 so that invalid GHCB versions result in immediate errors
>    instead of latent guest failures.
>
>  - Add support for Secure TSC for SEV-SNP guests, which prevents the untrusted
>    host from tampering with the guest's TSC frequency, while still allowing the
>    the VMM to configure the guest's TSC frequency prior to launch.
>
>  - Mitigate the potential for TOCTOU bugs when accessing GHCB fields by
>    wrapping all accesses via READ_ONCE().
>
>  - Validate the XCR0 provided by the guest (via the GHCB) to avoid tracking a
>    bogous XCR0 value in KVM's software model.
>
>  - Save an SEV guest's policy if and only if LAUNCH_START fully succeeds to
>    avoid leaving behind stale state (thankfully not consumed in KVM).
>
>  - Explicitly reject non-positive effective lengths during SNP's LAUNCH_UPDATE
>    instead of subtly relying on guest_memfd to do the "heavy" lifting.
>
>  - Reload the pre-VMRUN TSC_AUX on #VMEXIT for SEV-ES guests, not the host's
>    desired TSC_AUX, to fix a bug where KVM could clobber a different vCPU's
>    TSC_AUX due to hardware not matching the value cached in the user-return MSR
>    infrastructure.
>
>  - Enable AVIC by default for Zen4+ if x2AVIC (and other prereqs) is supported,
>    and clean up the AVIC initialization code along the way.
>
> ----------------------------------------------------------------
> Hou Wenlong (2):
>       KVM: x86: Add helper to retrieve current value of user return MSR
>       KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest
>
> Naveen N Rao (1):
>       KVM: SVM: Enable AVIC by default for Zen4+ if x2AVIC is support
>
> Nikunj A Dadhania (4):
>       KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it
>       KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests
>       x86/cpufeatures: Add SNP Secure TSC
>       KVM: SVM: Enable Secure TSC for SNP guests
>
> Sean Christopherson (15):
>       KVM: SVM: Move SEV-ES VMSA allocation to a dedicated sev_vcpu_create() helper
>       KVM: SEV: Move init of SNP guest state into sev_init_vmcb()
>       KVM: SEV: Set RESET GHCB MSR value during sev_es_init_vmcb()
>       KVM: SEV: Fold sev_es_vcpu_reset() into sev_vcpu_create()
>       KVM: SEV: Save the SEV policy if and only if LAUNCH_START succeeds
>       KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code()
>       KVM: SEV: Read save fields from GHCB exactly once
>       KVM: SEV: Validate XCR0 provided by guest in GHCB
>       KVM: SEV: Reject non-positive effective lengths during LAUNCH_UPDATE
>       KVM: SVM: Make svm_x86_ops globally visible, clean up on-HyperV usage
>       KVM: SVM: Move x2AVIC MSR interception helper to avic.c
>       KVM: SVM: Update "APICv in x2APIC without x2AVIC" in avic.c, not svm.c
>       KVM: SVM: Always print "AVIC enabled" separately, even when force enabled
>       KVM: SVM: Don't advise the user to do force_avic=y (when x2AVIC is detected)
>       KVM: SVM: Move global "avic" variable to avic.c
>
> Thorsten Blum (1):
>       KVM: nSVM: Replace kzalloc() + copy_from_user() with memdup_user()
>
>  arch/x86/include/asm/cpufeatures.h |   1 +
>  arch/x86/include/asm/kvm_host.h    |   2 +
>  arch/x86/include/asm/svm.h         |   1 +
>  arch/x86/kvm/svm/avic.c            | 151 ++++++++++++++++++++++++++++------
>  arch/x86/kvm/svm/nested.c          |  18 ++---
>  arch/x86/kvm/svm/sev.c             | 160 +++++++++++++++++++++++++------------
>  arch/x86/kvm/svm/svm.c             | 126 +++++------------------------
>  arch/x86/kvm/svm/svm.h             |  40 ++++++----
>  arch/x86/kvm/svm/svm_onhyperv.c    |  28 ++++++-
>  arch/x86/kvm/svm/svm_onhyperv.h    |  31 +------
>  arch/x86/kvm/x86.c                 |   9 ++-
>  virt/kvm/guest_memfd.c             |   3 +-
>  12 files changed, 323 insertions(+), 247 deletions(-)
>

Re: [GIT PULL] KVM: x86: SNP CipherTextHiding for 6.18

[Paolo Bonzini]

On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@google.com> wrote:
>
> The tag has all the details of the feature.  Note that this is based directly
> on the v6.18-ccp tag from the cryptodev tree.  I included all of the ccp
> commits in the shortlog just in case the KVM pull request lands before the
> crypto pull request.
>
> The following changes since commit 8f5ae30d69d7543eee0d70083daf4de8fe15d585:
>
>   Linux 6.17-rc1 (2025-08-10 19:41:16 +0300)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-ciphertext-6.18

Pulled, thanks.

Paolo

> for you to fetch changes up to 6c7c620585c6537dd5dcc75f972b875caf00f773:
>
>   KVM: SEV: Add SEV-SNP CipherTextHiding support (2025-09-15 10:14:11 -0700)
>
> ----------------------------------------------------------------
> KVM SEV-SNP CipherText Hiding support for 6.18
>
> Add support for SEV-SNP's CipherText Hiding, an opt-in feature that prevents
> unauthorized CPU accesses from reading the ciphertext of SNP guest private
> memory, e.g. to attempt an offline attack.  Instead of ciphertext, the CPU
> will always read back all FFs when CipherText Hiding is enabled.
>
> Add new module parameter to the KVM module to enable CipherText Hiding and
> control the number of ASIDs that can be used for VMs with CipherText Hiding,
> which is in effect the number of SNP VMs.  When CipherText Hiding is enabled,
> the hared SEV-ES/SEV-SNP ASID space is split into separate ranges for SEV-ES
> and SEV-SNP guests, i.e. ASIDs that can be used for CipherText Hiding cannot
> be used to run SEV-ES guests.
>
> ----------------------------------------------------------------
> Ashish Kalra (7):
>       crypto: ccp - New bit-field definitions for SNP_PLATFORM_STATUS command
>       crypto: ccp - Cache SEV platform status and platform state
>       crypto: ccp - Add support for SNP_FEATURE_INFO command
>       crypto: ccp - Introduce new API interface to indicate SEV-SNP Ciphertext hiding feature
>       crypto: ccp - Add support to enable CipherTextHiding on SNP_INIT_EX
>       KVM: SEV: Introduce new min,max sev_es and sev_snp asid variables
>       KVM: SEV: Add SEV-SNP CipherTextHiding support
>
>  Documentation/admin-guide/kernel-parameters.txt |  21 ++++
>  arch/x86/kvm/svm/sev.c                          |  68 +++++++++++--
>  drivers/crypto/ccp/sev-dev.c                    | 127 +++++++++++++++++++++---
>  drivers/crypto/ccp/sev-dev.h                    |   6 +-
>  include/linux/psp-sev.h                         |  44 +++++++-
>  include/uapi/linux/psp-sev.h                    |  10 +-
>  6 files changed, 249 insertions(+), 27 deletions(-)
>

Re: [GIT PULL] KVM: Symbol export restrictions for 6.18

[Paolo Bonzini]

On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@google.com> wrote:
>
> Note!  If possible, and you're feeling generous, please merge this dead last
> and manually convert any new KVM exports to EXPORT_SYMBOL_FOR_KVM_INTERNAL so
> that there are no unwanted exports.
>
> Three new exports are coming in via other kvm-x86 pull requests; I've been
> "fixing" them as part of the merge into kvm-x86/next (see diff below), so those
> at least have gotten coverage in -next.
>
> Note #2, this is based on the "misc" branch/pull, but includes a backmerge of
> v6.17-rc3.  I posted the patches against kvm-x86/next to avoid an annoying
> conflict (which I can't even remember at this point), and then didn't realize
> I needed v6.17-rc3 to pick up the EXPORT_SYMBOL_GPL_FOR_MODULES =>
> EXPORT_SYMBOL_FOR_MODULES rename that snuck in until the 0-day bot yelled
> because the branch didn't compile (I only tested when merged on top of
> kvm/next, doh).

I've cherry picked instead of merging it, seems to be the simplest way
to clean up the backmerge.

Paolo

> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index e96080cba540..3d4ec1806d3e 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -695,7 +695,7 @@ u64 kvm_get_user_return_msr(unsigned int slot)
>  {
>         return this_cpu_ptr(user_return_msrs)->values[slot].curr;
>  }
> -EXPORT_SYMBOL_GPL(kvm_get_user_return_msr);
> +EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_get_user_return_msr);
>
>  static void drop_user_return_notifiers(void)
>  {
> @@ -1304,7 +1304,7 @@ int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr)
>                 vcpu->arch.cpuid_dynamic_bits_dirty = true;
>         return 0;
>  }
> -EXPORT_SYMBOL_GPL(__kvm_set_xcr);
> +EXPORT_SYMBOL_FOR_KVM_INTERNAL(__kvm_set_xcr);
>
>  int kvm_emulate_xsetbv(struct kvm_vcpu *vcpu)
>  {
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index b99eb34174af..83a1b4dbbbd8 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -2661,7 +2661,7 @@ struct kvm_memory_slot *kvm_vcpu_gfn_to_memslot(struct kvm_vcpu *vcpu, gfn_t gfn
>
>         return NULL;
>  }
> -EXPORT_SYMBOL_GPL(kvm_vcpu_gfn_to_memslot);
> +EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_vcpu_gfn_to_memslot);
>
>  bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn)
>  {
>
> The following changes since commit 1b237f190eb3d36f52dffe07a40b5eb210280e00:
>
>   Linux 6.17-rc3 (2025-08-24 12:04:12 -0400)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-exports-6.18
>
> for you to fetch changes up to aca2a0fa7796cf026a39a49ef9325755a9ead932:
>
>   KVM: x86: Export KVM-internal symbols for sub-modules only (2025-09-24 07:01:30 -0700)
>
> ----------------------------------------------------------------
> KVM symbol export restrictions for 6.18
>
> Use the newfangled EXPORT_SYMBOL_FOR_MODULES() along with some macro
> shenanigans to export KVM-internal symbols if and only if KVM has one or
> more sub-modules, and only for those sub-modules, e.g. x86's kvm-amd.ko
> and/or kvm-intel.ko, and PPC's many varieties of sub-modules.
>
> Define the macros in the kvm_types.h so that the core logic is visible outside
> of KVM, so that the logic can be reused in the future to further restrict
> kernel exports that exist purely for KVM (x86 in particular has a _lot_ of
> exports that are used only by KVM).
>
> ----------------------------------------------------------------
> Sean Christopherson (6):
>       Merge 'v6.17-rc3' into 'exports' to EXPORT_SYMBOL_FOR_MODULES rename
>       KVM: s390/vfio-ap: Use kvm_is_gpa_in_memslot() instead of open coded equivalent
>       KVM: Export KVM-internal symbols for sub-modules only
>       KVM: x86: Move kvm_intr_is_single_vcpu() to lapic.c
>       KVM: x86: Drop pointless exports of kvm_arch_xxx() hooks
>       KVM: x86: Export KVM-internal symbols for sub-modules only
>
>  arch/powerpc/include/asm/Kbuild      |   1 -
>  arch/powerpc/include/asm/kvm_types.h |  15 +++++++++
>  arch/s390/include/asm/kvm_host.h     |   2 ++
>  arch/s390/kvm/priv.c                 |   8 +++++
>  arch/x86/include/asm/kvm_host.h      |   3 --
>  arch/x86/include/asm/kvm_types.h     |  10 ++++++
>  arch/x86/kvm/cpuid.c                 |  10 +++---
>  arch/x86/kvm/hyperv.c                |   4 +--
>  arch/x86/kvm/irq.c                   |  34 ++------------------
>  arch/x86/kvm/kvm_onhyperv.c          |   6 ++--
>  arch/x86/kvm/lapic.c                 |  71 +++++++++++++++++++++++++++++-------------
>  arch/x86/kvm/lapic.h                 |   4 +--
>  arch/x86/kvm/mmu/mmu.c               |  36 ++++++++++-----------
>  arch/x86/kvm/mmu/spte.c              |  10 +++---
>  arch/x86/kvm/mmu/tdp_mmu.c           |   2 +-
>  arch/x86/kvm/pmu.c                   |  10 +++---
>  arch/x86/kvm/smm.c                   |   2 +-
>  arch/x86/kvm/x86.c                   | 219 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------------------------------------------------------
>  drivers/s390/crypto/vfio_ap_ops.c    |   2 +-
>  include/linux/kvm_types.h            |  25 ++++++++++-----
>  virt/kvm/eventfd.c                   |   2 +-
>  virt/kvm/guest_memfd.c               |   4 +--
>  virt/kvm/kvm_main.c                  | 126 +++++++++++++++++++++++++++++++++++++-------------------------------------
>  23 files changed, 323 insertions(+), 283 deletions(-)
>  create mode 100644 arch/powerpc/include/asm/kvm_types.h
>

Re: [GIT PULL] KVM: x86: Misc changes for 6.18

[Paolo Bonzini]

On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@google.com> wrote:
>
> Lots and lots (and lots) of prep work for CET and FRED virtualization, and for
> mediated vPMU support (about 1/3 of that series is in here, as it didn't make
> the cut this time around, and the cleanups are worthwhile on their own).
>
> Buried in here is also support for immediate forms of RDMSR/WRMSRNS, and
> fastpath exit handling for TSC_DEADLINE writes on AMD.
>
> The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:
>
>   Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-misc-6.18
>
> for you to fetch changes up to 86bcd23df9cec9c2df520ae0982033e301d3c184:
>
>   KVM: x86: Fix hypercalls docs section number order (2025-09-22 07:51:36 -0700)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> KVM x86 changes for 6.18
>
>  - Don't (re)check L1 intercepts when completing userspace I/O to fix a flaw
>    where a misbehaving usersepace (a.k.a. syzkaller) could swizzle L1's
>    intercepts and trigger a variety of WARNs in KVM.
>
>  - Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 guests, as the MSR is
>    supposed to exist for v2 PMUs.
>
>  - Allow Centaur CPU leaves (base 0xC000_0000) for Zhaoxin CPUs.
>
>  - Clean up KVM's vector hashing code for delivering lowest priority IRQs.
>
>  - Clean up the fastpath handler code to only handle IPIs and WRMSRs that are
>    actually "fast", as opposed to handling those that KVM _hopes_ are fast, and
>    in the process of doing so add fastpath support for TSC_DEADLINE writes on
>    AMD CPUs.
>
>  - Clean up a pile of PMU code in anticipation of adding support for mediated
>    vPMUs.
>
>  - Add support for the immediate forms of RDMSR and WRMSRNS, sans full
>    emulator support (KVM should never need to emulate the MSRs outside of
>    forced emulation and other contrived testing scenarios).
>
>  - Clean up the MSR APIs in preparation for CET and FRED virtualization, as
>    well as mediated vPMU support.
>
>  - Rejecting a fully in-kernel IRQCHIP if EOIs are protected, i.e. for TDX VMs,
>    as KVM can't faithfully emulate an I/O APIC for such guests.
>
>  - KVM_REQ_MSR_FILTER_CHANGED into a generic RECALC_INTERCEPTS in preparation
>    for mediated vPMU support, as KVM will need to recalculate MSR intercepts in
>    response to PMU refreshes for guests with mediated vPMUs.
>
>  - Misc cleanups and minor fixes.
>
> ----------------------------------------------------------------
> Bagas Sanjaya (1):
>       KVM: x86: Fix hypercalls docs section number order
>
> Chao Gao (1):
>       KVM: x86: Zero XSTATE components on INIT by iterating over supported features
>
> Dapeng Mi (5):
>       KVM: x86/pmu: Correct typo "_COUTNERS" to "_COUNTERS"
>       KVM: x86: Rename vmx_vmentry/vmexit_ctrl() helpers
>       KVM: x86/pmu: Move PMU_CAP_{FW_WRITES,LBR_FMT} into msr-index.h header
>       KVM: VMX: Add helpers to toggle/change a bit in VMCS execution controls
>       KVM: x86/pmu: Use BIT_ULL() instead of open coded equivalents
>
> Ewan Hai (1):
>       KVM: x86: allow CPUID 0xC000_0000 to proceed on Zhaoxin CPUs
>
> Jiaming Zhang (1):
>       Documentation: KVM: Call out that KVM strictly follows the 8254 PIT spec
>
> Liao Yuanhong (2):
>       KVM: x86: Use guard() instead of mutex_lock() to simplify code
>       KVM: x86: hyper-v: Use guard() instead of mutex_lock() to simplify code
>
> Sagi Shahar (1):
>       KVM: TDX: Reject fully in-kernel irqchip if EOIs are protected, i.e. for TDX VMs
>
> Sean Christopherson (34):
>       KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
>       KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2
>       KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid
>       KVM: x86: Add kvm_icr_to_lapic_irq() helper to allow for fastpath IPIs
>       KVM: x86: Only allow "fast" IPIs in fastpath WRMSR(X2APIC_ICR) handler
>       KVM: x86: Drop semi-arbitrary restrictions on IPI type in fastpath
>       KVM: x86: Unconditionally handle MSR_IA32_TSC_DEADLINE in fastpath exits
>       KVM: x86: Acquire SRCU in WRMSR fastpath iff instruction needs to be skipped
>       KVM: x86: Unconditionally grab data from EDX:EAX in WRMSR fastpath
>       KVM: x86: Fold WRMSR fastpath helpers into the main handler
>       KVM: x86/pmu: Move kvm_init_pmu_capability() to pmu.c
>       KVM: x86/pmu: Add wrappers for counting emulated instructions/branches
>       KVM: x86/pmu: Calculate set of to-be-emulated PMCs at time of WRMSRs
>       KVM: x86/pmu: Rename pmc_speculative_in_use() to pmc_is_locally_enabled()
>       KVM: x86/pmu: Open code pmc_event_is_allowed() in its callers
>       KVM: x86/pmu: Drop redundant check on PMC being globally enabled for emulation
>       KVM: x86/pmu: Drop redundant check on PMC being locally enabled for emulation
>       KVM: x86/pmu: Rename check_pmu_event_filter() to pmc_is_event_allowed()
>       KVM: x86: Push acquisition of SRCU in fastpath into kvm_pmu_trigger_event()
>       KVM: x86: Add a fastpath handler for INVD
>       KVM: x86: Rename local "ecx" variables to "msr" and "pmc" as appropriate
>       KVM: x86: Use double-underscore read/write MSR helpers as appropriate
>       KVM: x86: Manually clear MPX state only on INIT
>       KVM: x86: Move kvm_irq_delivery_to_apic() from irq.c to lapic.c
>       KVM: x86: Make "lowest priority" helpers local to lapic.c
>       KVM: x86: Move vector_hashing into lapic.c
>       KVM: VMX: Setup canonical VMCS config prior to kvm_x86_vendor_init()
>       KVM: SVM: Check pmu->version, not enable_pmu, when getting PMC MSRs
>       KVM: x86/pmu: Snapshot host (i.e. perf's) reported PMU capabilities
>       KVM: x86: Rework KVM_REQ_MSR_FILTER_CHANGED into a generic RECALC_INTERCEPTS
>       KVM: x86: Use KVM_REQ_RECALC_INTERCEPTS to react to CPUID updates
>       KVM: x86/pmu: Move initialization of valid PMCs bitmask to common x86
>       KVM: x86/pmu: Restrict GLOBAL_{CTRL,STATUS}, fixed PMCs, and PEBS to PMU v2+
>       KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't
>
> Thomas Huth (1):
>       arch/x86/kvm/ioapic: Remove license boilerplate with bad FSF address
>
> Xin Li (5):
>       x86/cpufeatures: Add a CPU feature bit for MSR immediate form instructions
>       KVM: x86: Rename handle_fastpath_set_msr_irqoff() to handle_fastpath_wrmsr()
>       KVM: x86: Add support for RDMSR/WRMSRNS w/ immediate on Intel
>       KVM: VMX: Support the immediate form of WRMSRNS in the VM-Exit fastpath
>       KVM: x86: Advertise support for the immediate form of MSR instructions
>
> Yang Weijiang (2):
>       KVM: x86: Rename kvm_{g,s}et_msr()* to show that they emulate guest accesses
>       KVM: x86: Add kvm_msr_{read,write}() helpers
>
> Yury Norov (1):
>       kvm: x86: simplify kvm_vector_to_index()
>
>  Documentation/virt/kvm/api.rst                     |   6 +
>  Documentation/virt/kvm/x86/hypercalls.rst          |   6 +-
>  arch/x86/include/asm/cpufeatures.h                 |   1 +
>  arch/x86/include/asm/kvm-x86-ops.h                 |   2 +-
>  arch/x86/include/asm/kvm_host.h                    |  31 +-
>  arch/x86/include/asm/msr-index.h                   |  16 +-
>  arch/x86/include/uapi/asm/vmx.h                    |   6 +-
>  arch/x86/kernel/cpu/scattered.c                    |   1 +
>  arch/x86/kvm/cpuid.c                               |  13 +-
>  arch/x86/kvm/emulate.c                             |  13 +-
>  arch/x86/kvm/hyperv.c                              |  12 +-
>  arch/x86/kvm/ioapic.c                              |  15 +-
>  arch/x86/kvm/irq.c                                 |  57 ----
>  arch/x86/kvm/irq.h                                 |   4 -
>  arch/x86/kvm/kvm_emulate.h                         |   3 +-
>  arch/x86/kvm/lapic.c                               | 169 ++++++++---
>  arch/x86/kvm/lapic.h                               |  15 +-
>  arch/x86/kvm/pmu.c                                 | 169 +++++++++--
>  arch/x86/kvm/pmu.h                                 |  60 +---
>  arch/x86/kvm/reverse_cpuid.h                       |   5 +
>  arch/x86/kvm/smm.c                                 |   4 +-
>  arch/x86/kvm/svm/pmu.c                             |   8 +-
>  arch/x86/kvm/svm/svm.c                             |  30 +-
>  arch/x86/kvm/vmx/capabilities.h                    |   3 -
>  arch/x86/kvm/vmx/main.c                            |  14 +-
>  arch/x86/kvm/vmx/nested.c                          |  29 +-
>  arch/x86/kvm/vmx/pmu_intel.c                       |  85 +++---
>  arch/x86/kvm/vmx/tdx.c                             |   5 +
>  arch/x86/kvm/vmx/vmx.c                             |  91 ++++--
>  arch/x86/kvm/vmx/vmx.h                             |  13 +
>  arch/x86/kvm/vmx/x86_ops.h                         |   2 +-
>  arch/x86/kvm/x86.c                                 | 334 ++++++++++++---------
>  arch/x86/kvm/x86.h                                 |   5 +-
>  .../testing/selftests/kvm/x86/pmu_counters_test.c  |   8 +-
>  34 files changed, 715 insertions(+), 520 deletions(-)
>

Re: [GIT PULL] KVM: x86 pull requests 6.18

[Paolo Bonzini]

On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@google.com> wrote:
>
> Sorry this is coming in late, it's been a long week.
>
> Similar to 6.17, a few anomolies in the form of external and cross-branch
> dependencies, but thankfully only one conflict that I know of (details in
> CET pull request).  Oh, and one "big" anomoly: there's a pull request for
> guest-side x86/kvm changes (but it's small, hence the quotes).
>
> I tried my best to document anything unusual in the individual pull requests,
> so hopefully nothing is too surprising.

Quite big with CET and the FRED preparations, but no surprises indeed.

Because of the conflict, I'll delay the bulk of these to a separate
pull request, probably on Friday.

I have already included (and tested on top of 6.17) the selftests,
guest and generic pull request. Everything else in kvm/next. As I
mentioned in the reply to the individual PR, I ended up cherry-picking
the module patches. There were a couple preparatory patches that I
guess could have been in misc, but certainly nothing worth another
round trip to the west coast...

Thanks again for your help with kvm-x86.

Paolo

Re: [GIT PULL] KVM: x86 pull requests 6.18

[Sean Christopherson]

On Tue, Sep 30, 2025, Paolo Bonzini wrote:
> On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@google.com> wrote:
> >
> > Sorry this is coming in late, it's been a long week.
> >
> > Similar to 6.17, a few anomolies in the form of external and cross-branch
> > dependencies, but thankfully only one conflict that I know of (details in
> > CET pull request).  Oh, and one "big" anomoly: there's a pull request for
> > guest-side x86/kvm changes (but it's small, hence the quotes).
> >
> > I tried my best to document anything unusual in the individual pull requests,
> > so hopefully nothing is too surprising.
> 
> Quite big with CET and the FRED preparations, but no surprises indeed.
> 
> Because of the conflict, I'll delay the bulk of these to a separate
> pull request, probably on Friday.
> 
> I have already included (and tested on top of 6.17) the selftests,
> guest and generic pull request. Everything else in kvm/next. As I
> mentioned in the reply to the individual PR, I ended up cherry-picking
> the module patches.

Roger that.  I updated kvm-x86/next to kvm/next, so we shouldn't get yelled at
for having duplicate commits.

> There were a couple preparatory patches that I guess could have been in misc,

Oh, yeah, that's super obvious in hindsight.

Thanks!