Commit c465fc11 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm 

Pull KVM fixes from Radim Krčmář:
 "ARM:
   - A number of issues in the vgic discovered using SMATCH
   - A bit one-off calculation in out stage base address mask (32-bit
     and 64-bit)
   - Fixes to single-step debugging instructions that trap for other
     reasons such as MMMIO aborts
   - Printing unavailable hyp mode as error
   - Potential spinlock deadlock in the vgic
   - Avoid calling vgic vcpu free more than once
   - Broken bit calculation for big endian systems

 s390:
   - SPDX tags
   - Fence storage key accesses from problem state
   - Make sure that irq_state.flags is not used in the future

  x86:
   - Intercept port 0x80 accesses to prevent host instability (CVE)
   - Use userspace FPU context for guest FPU (mainly an optimization
     that fixes a double use of kernel FPU)
   - Do not leak one page per module load
   - Flush APIC page address cache from MMU invalidation notifiers"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (28 commits)
  KVM: x86: fix APIC page invalidation
  KVM: s390: Fix skey emulation permission check
  KVM: s390: mark irq_state.flags as non-usable
  KVM: s390: Remove redundant license text
  KVM: s390: add SPDX identifiers to the remaining files
  KVM: VMX: fix page leak in hardware_setup()
  KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
  x86,kvm: remove KVM emulator get_fpu / put_fpu
  x86,kvm: move qemu/guest FPU switching out to vcpu_run
  KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion
  KVM: arm/arm64: kvm_arch_destroy_vm cleanups
  KVM: arm/arm64: Fix spinlock acquisition in vgic_set_owner
  kvm: arm: don't treat unavailable HYP mode as an error
  KVM: arm/arm64: Avoid attempting to load timer vgic state without a vgic
  kvm: arm64: handle single-step of hyp emulated mmio instructions
  kvm: arm64: handle single-step during SError exceptions
  kvm: arm64: handle single-step of userspace mmio instructions
  kvm: arm64: handle single-stepping trapped instructions
  KVM: arm/arm64: debug: Introduce helper for single-step
  arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
  ...
parents 4ded3bec b1394e74

Documentation/virtual/kvm/api.txt

+12 −3
Original line number Original line Diff line number Diff line
@@ -2901,14 +2901,19 @@ userspace buffer and its length: 




struct kvm_s390_irq_state {

struct kvm_s390_irq_state {

	__u64 buf;

	__u64 buf;

	__u32 flags;

	__u32 flags;        /* will stay unused for compatibility reasons */

	__u32 len;

	__u32 len;

	__u32 reserved[4];

	__u32 reserved[4];  /* will stay unused for compatibility reasons */

};

};





Userspace passes in the above struct and for each pending interrupt a

Userspace passes in the above struct and for each pending interrupt a

struct kvm_s390_irq is copied to the provided buffer.

struct kvm_s390_irq is copied to the provided buffer.





The structure contains a flags and a reserved field for future extensions. As

the kernel never checked for flags == 0 and QEMU never pre-zeroed flags and

reserved, these fields can not be used in the future without breaking

compatibility.



If -ENOBUFS is returned the buffer provided was too small and userspace

If -ENOBUFS is returned the buffer provided was too small and userspace

may retry with a bigger buffer.

may retry with a bigger buffer.
@@ -2932,10 +2937,14 @@ containing a struct kvm_s390_irq_state: 




struct kvm_s390_irq_state {

struct kvm_s390_irq_state {

	__u64 buf;

	__u64 buf;

	__u32 flags;        /* will stay unused for compatibility reasons */

	__u32 len;

	__u32 len;

	__u32 pad;

	__u32 reserved[4];  /* will stay unused for compatibility reasons */

};

};





The restrictions for flags and reserved apply as well.

(see KVM_S390_GET_IRQ_STATE)



The userspace memory referenced by buf contains a struct kvm_s390_irq

The userspace memory referenced by buf contains a struct kvm_s390_irq

for each interrupt to be injected into the guest.

for each interrupt to be injected into the guest.

If one of the interrupts could not be injected for some reason the

If one of the interrupts could not be injected for some reason the

arch/arm/include/asm/kvm_arm.h

+1 −2
Original line number Original line Diff line number Diff line
@@ -161,8 +161,7 @@ 
#else

#else

#define VTTBR_X		(5 - KVM_T0SZ)

#define VTTBR_X		(5 - KVM_T0SZ)

#endif

#endif

#define VTTBR_BADDR_SHIFT (VTTBR_X - 1)

#define VTTBR_BADDR_MASK  (((_AC(1, ULL) << (40 - VTTBR_X)) - 1) << VTTBR_X)

#define VTTBR_BADDR_MASK  (((_AC(1, ULL) << (40 - VTTBR_X)) - 1) << VTTBR_BADDR_SHIFT)

#define VTTBR_VMID_SHIFT  _AC(48, ULL)

#define VTTBR_VMID_SHIFT  _AC(48, ULL)

#define VTTBR_VMID_MASK(size)	(_AT(u64, (1 << size) - 1) << VTTBR_VMID_SHIFT)

#define VTTBR_VMID_MASK(size)	(_AT(u64, (1 << size) - 1) << VTTBR_VMID_SHIFT)

arch/arm/include/asm/kvm_host.h

+5 −0
Original line number Original line Diff line number Diff line
@@ -285,6 +285,11 @@ static inline void kvm_arm_init_debug(void) {} 
static inline void kvm_arm_setup_debug(struct kvm_vcpu *vcpu) {}

static inline void kvm_arm_setup_debug(struct kvm_vcpu *vcpu) {}

static inline void kvm_arm_clear_debug(struct kvm_vcpu *vcpu) {}

static inline void kvm_arm_clear_debug(struct kvm_vcpu *vcpu) {}

static inline void kvm_arm_reset_debug_ptr(struct kvm_vcpu *vcpu) {}

static inline void kvm_arm_reset_debug_ptr(struct kvm_vcpu *vcpu) {}

static inline bool kvm_arm_handle_step_debug(struct kvm_vcpu *vcpu,

					     struct kvm_run *run)

{

	return false;

}





int kvm_arm_vcpu_arch_set_attr(struct kvm_vcpu *vcpu,

int kvm_arm_vcpu_arch_set_attr(struct kvm_vcpu *vcpu,

			       struct kvm_device_attr *attr);

			       struct kvm_device_attr *attr);

arch/arm64/include/asm/kvm_arm.h

+1 −2
Original line number Original line Diff line number Diff line
@@ -170,8 +170,7 @@ 
#define VTCR_EL2_FLAGS			(VTCR_EL2_COMMON_BITS | VTCR_EL2_TGRAN_FLAGS)

#define VTCR_EL2_FLAGS			(VTCR_EL2_COMMON_BITS | VTCR_EL2_TGRAN_FLAGS)

#define VTTBR_X				(VTTBR_X_TGRAN_MAGIC - VTCR_EL2_T0SZ_IPA)

#define VTTBR_X				(VTTBR_X_TGRAN_MAGIC - VTCR_EL2_T0SZ_IPA)





#define VTTBR_BADDR_SHIFT (VTTBR_X - 1)

#define VTTBR_BADDR_MASK  (((UL(1) << (PHYS_MASK_SHIFT - VTTBR_X)) - 1) << VTTBR_X)

#define VTTBR_BADDR_MASK  (((UL(1) << (PHYS_MASK_SHIFT - VTTBR_X)) - 1) << VTTBR_BADDR_SHIFT)

#define VTTBR_VMID_SHIFT  (UL(48))

#define VTTBR_VMID_SHIFT  (UL(48))

#define VTTBR_VMID_MASK(size) (_AT(u64, (1 << size) - 1) << VTTBR_VMID_SHIFT)

#define VTTBR_VMID_MASK(size) (_AT(u64, (1 << size) - 1) << VTTBR_VMID_SHIFT)

arch/arm64/include/asm/kvm_host.h

+1 −0
Original line number Original line Diff line number Diff line
@@ -370,6 +370,7 @@ void kvm_arm_init_debug(void); 
void kvm_arm_setup_debug(struct kvm_vcpu *vcpu);

void kvm_arm_setup_debug(struct kvm_vcpu *vcpu);

void kvm_arm_clear_debug(struct kvm_vcpu *vcpu);

void kvm_arm_clear_debug(struct kvm_vcpu *vcpu);

void kvm_arm_reset_debug_ptr(struct kvm_vcpu *vcpu);

void kvm_arm_reset_debug_ptr(struct kvm_vcpu *vcpu);

bool kvm_arm_handle_step_debug(struct kvm_vcpu *vcpu, struct kvm_run *run);

int kvm_arm_vcpu_arch_set_attr(struct kvm_vcpu *vcpu,

int kvm_arm_vcpu_arch_set_attr(struct kvm_vcpu *vcpu,

			       struct kvm_device_attr *attr);

			       struct kvm_device_attr *attr);

int kvm_arm_vcpu_arch_get_attr(struct kvm_vcpu *vcpu,

int kvm_arm_vcpu_arch_get_attr(struct kvm_vcpu *vcpu,