[GIT PULL] KVM updates for Linux 4.16-rc1

From: Radim KrÄmÃÅ
Date: Sat Feb 10 2018 - 09:45:47 EST

Next message: Philippe Ombredanne: "Re: [PATCH 5/6] ARM: dts: tegra: apalis-tk1: copyright period, spurious newlines"
Previous message: Nicholas Piggin: "Re: [PATCH v4 1/5] powerpc/mm/slice: Remove intermediate bitmap copy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Linus,

I apologize for complications with this pull request that was delayed
due to a sickness.

While I was bedridden, we've had a conflict with x86/pti that was not
resolved properly in next and it was a tricky one, so I have manually
merged msr-bitmaps topic branch into this pull request to hopefully
simplify the merge.

That merge and the last batch of PPC changes are not in next. I've
included the PPC changes as they are all fixing bugs that we wouldn't
want in 4.16 anyway.

Features planned for the latter part of this merge window eventually
slipped to 4.17, so merge of x86/hyperv for the stable KVM clock on
Hyper-V is only really bringing conflict resolution with final 4.15.

Other conflict are to be resolved as in next and the expected resolution
can be found below a scissors line,

thanks.

The following changes since commit 904e14fb7cb96401a7dc803ca2863fd5ba32ffe6:

KVM: VMX: make MSR bitmaps per-VCPU (2018-01-31 12:40:45 -0500)

are available in the Git repository at:

git://git.kernel.org/pub/scm/virt/kvm/kvm tags/kvm-4.16-1

for you to fetch changes up to 1ab03c072feb579c9fd116de25be2b211e6bff6a:

Merge tag 'kvm-ppc-next-4.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc (2018-02-09 22:03:06 +0100)

----------------------------------------------------------------
KVM changes for 4.16

ARM:
- Include icache invalidation optimizations, improving VM startup time

- Support for forwarded level-triggered interrupts, improving
performance for timers and passthrough platform devices

- A small fix for power-management notifiers, and some cosmetic changes

PPC:
- Add MMIO emulation for vector loads and stores

- Allow HPT guests to run on a radix host on POWER9 v2.2 CPUs without
requiring the complex thread synchronization of older CPU versions

- Improve the handling of escalation interrupts with the XIVE interrupt
controller

- Support decrement register migration

- Various cleanups and bugfixes.

s390:
- Cornelia Huck passed maintainership to Janosch Frank

- Exitless interrupts for emulated devices

- Cleanup of cpuflag handling

- kvm_stat counter improvements

- VSIE improvements

- mm cleanup

x86:
- Hypervisor part of SEV

- UMIP, RDPID, and MSR_SMI_COUNT emulation

- Paravirtualized TLB shootdown using the new KVM_VCPU_PREEMPTED bit

- Allow guests to see TOPOEXT, GFNI, VAES, VPCLMULQDQ, and more AVX512
features

- Show vcpu id in its anonymous inode name

- Many fixes and cleanups

- Per-VCPU MSR bitmaps (already merged through x86/pti branch)

- Stable KVM clock when nesting on Hyper-V (merged through x86/hyperv)

----------------------------------------------------------------
Alexander Graf (3):
KVM: PPC: Book3S HV: Remove vcpu->arch.dec usage
KVM: PPC: Book3S PR: Fix svcpu copying with preemption enabled
KVM: PPC: Book3S HV: Branch inside feature section

Andrew Jones (1):
arm64: KVM: Hide PMU from guests when disabled

Benjamin Herrenschmidt (6):
KVM: PPC: Book3S HV: Add more info about XIVE queues in debugfs
KVM: PPC: Book3S HV: Enable use of the new XIVE "single escalation" feature
KVM: PPC: Book3S HV: Don't use existing "prodded" flag for XIVE escalations
KVM: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs
KVM: PPC: Book3S HV: Make xive_pushed a byte, not a word
KVM: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded

Borislav Petkov (2):
crypto: ccp: Build the AMD secure processor driver only with AMD CPU support
kvm/vmx: Use local vmx variable in vmx_get_msr()

Brijesh Singh (34):
Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV)
KVM: SVM: Prepare to reserve asid for SEV guest
KVM: X86: Extend CPUID range to include new leaf
KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl
KVM: Introduce KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl
crypto: ccp: Define SEV userspace ioctl and command id
crypto: ccp: Define SEV key management command id
crypto: ccp: Add Platform Security Processor (PSP) device support
crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
crypto: ccp: Implement SEV_FACTORY_RESET ioctl command
crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command
crypto: ccp: Implement SEV_PEK_GEN ioctl command
crypto: ccp: Implement SEV_PDH_GEN ioctl command
crypto: ccp: Implement SEV_PEK_CSR ioctl command
crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command
crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command
KVM: X86: Add CONFIG_KVM_AMD_SEV
KVM: SVM: Reserve ASID range for SEV guest
KVM: SVM: Add sev module_param
KVM: Define SEV key management command id
KVM: SVM: Add KVM_SEV_INIT command
KVM: SVM: VMRUN should use associated ASID when SEV is enabled
KVM: SVM: Add support for KVM_SEV_LAUNCH_START command
KVM: SVM: Add support for KVM_SEV_LAUNCH_UPDATE_DATA command
KVM: SVM: Add support for KVM_SEV_LAUNCH_MEASURE command
KVM: SVM: Add support for SEV LAUNCH_FINISH command
KVM: SVM: Add support for SEV GUEST_STATUS command
KVM: SVM: Add support for SEV DEBUG_DECRYPT command
KVM: SVM: Add support for SEV DEBUG_ENCRYPT command
KVM: SVM: Add support for SEV LAUNCH_SECRET command
KVM: SVM: Pin guest memory when SEV is active
KVM: SVM: Clear C-bit from the page fault address
KVM: SVM: Do not install #UD intercept when SEV is enabled
KVM: X86: Restart the guest when insn_len is zero and SEV is enabled

Christian Borntraeger (5):
KVM: s390: use created_vcpus in more places
KVM: s390: add debug tracing for cpu features of CPU model
kvm_config: add CONFIG_S390_GUEST
KVM: s390: diagnoses are instructions as well
KVM: s390: add vcpu stat counters for many instruction

Christoffer Dall (29):
KVM: Take vcpu->mutex outside vcpu_load
KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_sregs
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu
KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl
KVM: arm/arm64: Remove redundant preemptible checks
KVM: arm/arm64: Factor out functionality to get vgic mmio requester_vcpu
KVM: arm/arm64: Don't cache the timer IRQ level
KVM: arm/arm64: vgic: Support level-triggered mapped interrupts
KVM: arm/arm64: Support a vgic interrupt line level sample function
KVM: arm/arm64: Support VGIC dist pend/active changes for mapped IRQs
KVM: arm/arm64: Provide a get_input_level for the arch timer
KVM: arm/arm64: Avoid work when userspace iqchips are not used
KVM: arm/arm64: Delete outdated forwarded irq documentation
Revert "arm64: KVM: Hide PMU from guests when disabled"
arm64: mm: Add additional parameter to uaccess_ttbr0_enable
arm64: mm: Add additional parameter to uaccess_ttbr0_disable
KVM: arm/arm64: Fix incorrect timer_is_pending logic
KVM: arm/arm64: Fix userspace_irqchip_in_use counting
KVM: arm/arm64: Fixup userspace irqchip static key optimization

Colin Ian King (1):
KVM: x86: MMU: make array audit_point_name static

Cornelia Huck (3):
MAINTAINERS: add David as a reviewer for KVM/s390
MAINTAINERS: add Halil as additional vfio-ccw maintainer
MAINTAINERS: update KVM/s390 maintainers

David Gibson (1):
KVM: PPC: Book3S HV: Make HPT resizing work on POWER9

David Hildenbrand (9):
s390x/mm: cleanup gmap_pte_op_walk()
KVM: s390: cleanup struct kvm_s390_float_interrupt
KVM: s390: vsie: use READ_ONCE to access some SCB fields
KVM: s390: vsie: store guest addresses of satellite blocks in vsie_page
s390x/mm: simplify gmap_protect_rmap()
KVM: s390: rename __set_cpuflag() to kvm_s390_set_cpuflags()
KVM: s390: reuse kvm_s390_set_cpuflags()
KVM: s390: introduce and use kvm_s390_clear_cpuflags()
KVM: s390: introduce and use kvm_s390_test_cpuflags()

Eric Biggers (1):
KVM: x86: don't forget vcpu_put() in kvm_arch_vcpu_ioctl_set_sregs()

Gimcuan Hui (1):
x86: kvm: mmu: make kvm_mmu_clear_all_pte_masks static

Haozhong Zhang (2):
x86/mm: add a function to check if a pfn is UC/UC-/WC
KVM: MMU: consider host cache mode in MMIO page check

James Morse (1):
KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED

Janosch Frank (1):
s390/mm: Remove superfluous parameter

Jens Freimann (1):
s390/bitops: add test_and_clear_bit_inv()

Jim Mattson (4):
KVM: nVMX: Eliminate vmcs02 pool
kvm: vmx: Introduce VMCS12_MAX_FIELD_INDEX
kvm: vmx: Change vmcs_field_type to vmcs_field_width
kvm: vmx: Reduce size of vmcs_field_to_offset_table

Jose Ricardo Ziviani (1):
KVM: PPC: Book3S: Add MMIO emulation for VMX instructions

KarimAllah Ahmed (1):
kvm: Map PFN-type memory regions as writable (if possible)

Liran Alon (7):
KVM: x86: Add emulation of MSR_SMI_COUNT
KVM: nVMX: Fix bug of injecting L2 exception into L1
KVM: x86: Optimization: Create SVM stubs for sync_pir_to_irr()
KVM: x86: Change __kvm_apic_update_irr() to also return if max IRR updated
KVM: nVMX: Re-evaluate L1 pending events when running L2 and L1 got posted-interrupt
KVM: nVMX: Fix injection to L2 when L1 don't intercept external-interrupts
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2

Longpeng(Mike) (1):
kvm: x86: remove efer_reload entry in kvm_vcpu_stat

Luis de Bethencourt (1):
KVM: arm/arm64: Fix trailing semicolon

Marc Zyngier (9):
KVM: arm/arm64: Detangle kvm_mmu.h from kvm_hyp.h
KVM: arm/arm64: Split dcache/icache flushing
arm64: KVM: Add invalidate_icache_range helper
arm: KVM: Add optimized PIPT icache flushing
arm64: KVM: PTE/PMD S2 XN bit definition
KVM: arm/arm64: Limit icache invalidation to prefetch aborts
KVM: arm/arm64: Only clean the dcache on translation fault
KVM: arm/arm64: Preserve Exec permission across R/W permission faults
KVM: arm/arm64: Drop vcpu parameter from guest cache maintenance operartions

Mark Kanda (1):
KVM: nVMX: Add a WARN for freeing a loaded VMCS02

Markus Elfring (2):
kvm_main: Use common error handling code in kvm_dev_ioctl_create_vm()
KVM: PPC: Use seq_puts() in kvmppc_exit_timing_show()

Masatake YAMATO (1):
kvm: embed vcpu id to dentry of vcpu anon inode

Michael Mueller (12):
KVM: s390: drop use of spin lock in __floating_irq_kick
KVM: s390: reverse bit ordering of irqs in pending mask
KVM: s390: define GISA format-0 data structure
KVM: s390: implement GISA IPM related primitives
s390/css: indicate the availability of the AIV facility
KVM: s390: exploit GISA and AIV for emulated interrupts
KVM: s390: abstract adapter interruption word generation from ISC
KVM: s390: add GISA interrupts to FLIC ioctl interface
KVM: s390: make kvm_s390_get_io_int() aware of GISA
KVM: s390: activate GISA for emulated interrupts
s390/sclp: expose the GISA format facility
KVM: s390: introduce the format-1 GISA

Paolo Bonzini (20):
KVM: x86: add support for UMIP
KVM: x86: emulate sldt and str
KVM: x86: add support for emulating UMIP
KVM: vmx: add support for emulating UMIP
KVM: x86: emulate RDPID
KVM: introduce kvm_arch_vcpu_async_ioctl
KVM: x86: avoid unnecessary XSETBV on guest entry
Merge branch 'sev-v9-p2' of https://github.com/codomania/kvm
KVM: x86: prefer "depends on" to "select" for SEV
Merge branch 'kvm-insert-lfence'
KVM: vmx: shadow more fields that are read/written on every vmexits
KVM: VMX: optimize shadow VMCS copying
KVM: VMX: split list of shadowed VMCS field to a separate file
KVM: nVMX: track dirty state of non-shadowed VMCS fields
KVM: nVMX: initialize descriptor cache fields in prepare_vmcs02_full
KVM: nVMX: initialize more non-shadowed fields in prepare_vmcs02_full
KVM: nVMX: remove unnecessary vmwrite from L2->L1 vmexit
KVM: vmx: simplify MSR bitmap setup
KVM: vmx: speed up MSR bitmap merge
KVM: VMX: introduce X2APIC_MSR macro

Paul Mackerras (12):
KVM: PPC: Book3S HV: Avoid shifts by negative amounts
KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix()
KVM: PPC: Book3S HV: Remove useless statement
KVM: PPC: Book3S HV: Fix conditions for starting vcpu
KVM: PPC: Book3S: Eliminate some unnecessary checks
KVM: PPC: Book3S HV: Enable migration of decrementer register
KVM: PPC: Book3S HV: Make sure we don't re-enter guest without XIVE loaded
KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded
KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2
Merge remote-tracking branch 'remotes/powerpc/topic/ppc-kvm' into kvm-ppc-next
KVM: PPC: Book3S HV: Drop locks before reading guest memory
KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code

Quan Xu (1):
KVM: VMX: drop I/O permission bitmaps

Radim KrÄmÃÅ (11):
KVM: x86: prevent MWAIT in guest with buggy MONITOR
KVM: x86: drop bogus MWAIT check
KVM: x86: simplify kvm_mwait_in_guest()
Merge tag 'kvm-s390-next-4.16-1' of git://git.kernel.org/.../kvms390/linux
Merge tag 'kvm-s390-next-4.16-2' of git://git.kernel.org/.../kvms390/linux
Merge tag 'kvm-s390-next-4.16-3' of git://git.kernel.org/.../kvms390/linux
Merge tag 'kvm-arm-for-v4.16' of git://git.kernel.org/.../kvmarm/kvmarm
Merge branch 'x86/hyperv' of git://git.kernel.org/.../tip/tip
Merge tag 'kvm-ppc-next-4.16-1' of git://git.kernel.org/.../paulus/powerpc
Merge branch 'msr-bitmaps' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Merge tag 'kvm-ppc-next-4.16-2' of git://git.kernel.org/.../paulus/powerpc

Stanislav Lanci (1):
KVM: x86: AMD Processor Topology Information

Thomas Gleixner (1):
x86/kvm: Make it compile on 32bit and with HYPYERVISOR_GUEST=n

Tom Lendacky (3):
x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature
kvm: svm: prepare for new bit definition in nested_ctl
kvm: svm: Add SEV feature definitions to KVM

Ulf Magnusson (1):
KVM: PPC: Book3S PR: Fix broken select due to misspelling

Vasyl Gomonovych (1):
KVM: arm: Use PTR_ERR_OR_ZERO()

Vitaly Kuznetsov (8):
x86/hyperv: Check for required priviliges in hyperv_init()
x86/hyperv: Add a function to read both TSC and TSC page value simulateneously
x86/hyperv: Reenlightenment notifications support
x86/hyperv: Redirect reenlightment notifications on CPU offlining
x86/irq: Count Hyper-V reenlightenment interrupts
x86/kvm: Pass stable clocksource to guests when running nested on Hyper-V
x86/kvm: Support Hyper-V reenlightenment
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested

Wanpeng Li (7):
KVM: VMX: Cache IA32_DEBUGCTL in memory
KVM: X86: Reduce the overhead when lapic_timer_advance is disabled
KVM: X86: Add KVM_VCPU_PREEMPTED
KVM: X86: use paravirtualized TLB Shootdown
KVM: X86: introduce invalidate_gpa argument to tlb flush
KVM: X86: support paravirtualized help for TLB shootdowns
KVM: x86: fix escape of guest dr6 to the host

Yang Zhong (1):
KVM: Expose new cpu features to guest

Documentation/virtual/kvm/00-INDEX | 3 +
.../virtual/kvm/amd-memory-encryption.rst | 247 ++++
Documentation/virtual/kvm/api.txt | 54 +-
Documentation/virtual/kvm/arm/vgic-mapped-irqs.txt | 187 ---
Documentation/virtual/kvm/cpuid.txt | 4 +
MAINTAINERS | 5 +-
arch/arm/include/asm/kvm_emulate.h | 2 +-
arch/arm/include/asm/kvm_host.h | 2 +
arch/arm/include/asm/kvm_hyp.h | 3 +-
arch/arm/include/asm/kvm_mmu.h | 99 +-
arch/arm/include/asm/pgtable.h | 4 +-
arch/arm/kvm/hyp/switch.c | 1 +
arch/arm/kvm/hyp/tlb.c | 1 +
arch/arm64/include/asm/assembler.h | 21 +
arch/arm64/include/asm/cacheflush.h | 7 +
arch/arm64/include/asm/kvm_host.h | 2 +
arch/arm64/include/asm/kvm_hyp.h | 1 -
arch/arm64/include/asm/kvm_mmu.h | 36 +-
arch/arm64/include/asm/pgtable-hwdef.h | 2 +
arch/arm64/include/asm/pgtable-prot.h | 4 +-
arch/arm64/kvm/guest.c | 15 +-
arch/arm64/kvm/hyp/debug-sr.c | 1 +
arch/arm64/kvm/hyp/switch.c | 1 +
arch/arm64/kvm/hyp/tlb.c | 1 +
arch/arm64/mm/cache.S | 32 +-
arch/mips/kvm/Kconfig | 1 +
arch/mips/kvm/mips.c | 67 +-
arch/powerpc/include/asm/kvm_book3s.h | 6 +-
arch/powerpc/include/asm/kvm_book3s_64.h | 14 +-
arch/powerpc/include/asm/kvm_host.h | 8 +-
arch/powerpc/include/asm/kvm_ppc.h | 4 +
arch/powerpc/include/asm/opal-api.h | 1 +
arch/powerpc/include/asm/ppc-opcode.h | 6 +
arch/powerpc/include/asm/xive.h | 3 +-
arch/powerpc/include/uapi/asm/kvm.h | 2 +
arch/powerpc/kernel/asm-offsets.c | 4 +
arch/powerpc/kvm/Kconfig | 3 +-
arch/powerpc/kvm/book3s.c | 24 +-
arch/powerpc/kvm/book3s_64_mmu_hv.c | 38 +-
arch/powerpc/kvm/book3s_64_mmu_radix.c | 2 +-
arch/powerpc/kvm/book3s_hv.c | 70 +-
arch/powerpc/kvm/book3s_hv_rmhandlers.S | 231 ++--
arch/powerpc/kvm/book3s_interrupts.S | 4 +-
arch/powerpc/kvm/book3s_pr.c | 20 +-
arch/powerpc/kvm/book3s_xive.c | 109 +-
arch/powerpc/kvm/book3s_xive.h | 15 +-
arch/powerpc/kvm/booke.c | 51 +-
arch/powerpc/kvm/emulate_loadstore.c | 36 +
arch/powerpc/kvm/powerpc.c | 200 +++-
arch/powerpc/kvm/timing.c | 3 +-
arch/powerpc/sysdev/xive/native.c | 18 +-
arch/s390/include/asm/bitops.h | 5 +
arch/s390/include/asm/css_chars.h | 4 +-
arch/s390/include/asm/kvm_host.h | 126 +-
arch/s390/include/asm/sclp.h | 1 +
arch/s390/kvm/Kconfig | 1 +
arch/s390/kvm/diag.c | 1 +
arch/s390/kvm/interrupt.c | 288 ++++-
arch/s390/kvm/kvm-s390.c | 209 +++-
arch/s390/kvm/kvm-s390.h | 22 +-
arch/s390/kvm/priv.c | 38 +-
arch/s390/kvm/sigp.c | 18 +-
arch/s390/kvm/vsie.c | 91 +-
arch/s390/mm/gmap.c | 44 +-
arch/x86/entry/entry_32.S | 3 +
arch/x86/entry/entry_64.S | 3 +
arch/x86/hyperv/hv_init.c | 123 +-
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/hardirq.h | 3 +
arch/x86/include/asm/irq_vectors.h | 7 +-
arch/x86/include/asm/kvm_host.h | 22 +-
arch/x86/include/asm/mshyperv.h | 32 +-
arch/x86/include/asm/msr-index.h | 2 +
arch/x86/include/asm/pat.h | 2 +
arch/x86/include/asm/svm.h | 3 +
arch/x86/include/uapi/asm/hyperv.h | 27 +
arch/x86/include/uapi/asm/kvm_para.h | 4 +
arch/x86/kernel/cpu/amd.c | 66 +-
arch/x86/kernel/cpu/mshyperv.c | 6 +
arch/x86/kernel/cpu/scattered.c | 1 +
arch/x86/kernel/irq.c | 9 +
arch/x86/kernel/kvm.c | 49 +-
arch/x86/kvm/Kconfig | 8 +
arch/x86/kvm/cpuid.c | 22 +-
arch/x86/kvm/emulate.c | 62 +-
arch/x86/kvm/irq.c | 2 +-
arch/x86/kvm/lapic.c | 25 +-
arch/x86/kvm/lapic.h | 4 +-
arch/x86/kvm/mmu.c | 26 +-
arch/x86/kvm/mmu_audit.c | 2 +-
arch/x86/kvm/svm.c | 1199 +++++++++++++++++++-
arch/x86/kvm/vmx.c | 758 +++++++------
arch/x86/kvm/vmx_shadow_fields.h | 77 ++
arch/x86/kvm/x86.c | 338 ++++--
arch/x86/kvm/x86.h | 33 +-
arch/x86/mm/pat.c | 19 +
drivers/crypto/ccp/Kconfig | 12 +
drivers/crypto/ccp/Makefile | 1 +
drivers/crypto/ccp/psp-dev.c | 805 +++++++++++++
drivers/crypto/ccp/psp-dev.h | 83 ++
drivers/crypto/ccp/sp-dev.c | 35 +
drivers/crypto/ccp/sp-dev.h | 28 +-
drivers/crypto/ccp/sp-pci.c | 52 +
drivers/s390/char/sclp_early.c | 3 +-
include/kvm/arm_arch_timer.h | 2 +
include/kvm/arm_vgic.h | 13 +-
include/linux/kvm_host.h | 14 +-
include/linux/psp-sev.h | 606 ++++++++++
include/uapi/linux/kvm.h | 90 ++
include/uapi/linux/psp-sev.h | 142 +++
kernel/configs/kvm_guest.config | 1 +
virt/kvm/Kconfig | 3 +
virt/kvm/arm/arch_timer.c | 138 ++-
virt/kvm/arm/arm.c | 153 ++-
virt/kvm/arm/hyp/vgic-v2-sr.c | 1 +
virt/kvm/arm/mmu.c | 64 +-
virt/kvm/arm/vgic/vgic-its.c | 4 +-
virt/kvm/arm/vgic/vgic-mmio.c | 115 +-
virt/kvm/arm/vgic/vgic-v2.c | 29 +
virt/kvm/arm/vgic/vgic-v3.c | 29 +
virt/kvm/arm/vgic/vgic.c | 41 +-
virt/kvm/arm/vgic/vgic.h | 8 +
virt/kvm/kvm_main.c | 62 +-
123 files changed, 6579 insertions(+), 1416 deletions(-)

---8<---
Sample merge resolution.
---
diff --cc arch/arm64/include/asm/pgtable-prot.h
index 2db84df5eb42,4e12dabd342b..108ecad7acc5
--- a/arch/arm64/include/asm/pgtable-prot.h
+++ b/arch/arm64/include/asm/pgtable-prot.h
@@@ -53,24 -47,23 +53,24 @@@
#define PROT_SECT_NORMAL (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL))
#define PROT_SECT_NORMAL_EXEC (PROT_SECT_DEFAULT | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL))

-#define _PAGE_DEFAULT (PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL))
+#define _PAGE_DEFAULT (_PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL))
+#define _HYP_PAGE_DEFAULT _PAGE_DEFAULT

-#define PAGE_KERNEL __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE)
-#define PAGE_KERNEL_RO __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_RDONLY)
-#define PAGE_KERNEL_ROX __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_RDONLY)
-#define PAGE_KERNEL_EXEC __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE)
-#define PAGE_KERNEL_EXEC_CONT __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_CONT)
+#define PAGE_KERNEL __pgprot(PROT_NORMAL)
+#define PAGE_KERNEL_RO __pgprot((PROT_NORMAL & ~PTE_WRITE) | PTE_RDONLY)
+#define PAGE_KERNEL_ROX __pgprot((PROT_NORMAL & ~(PTE_WRITE | PTE_PXN)) | PTE_RDONLY)
+#define PAGE_KERNEL_EXEC __pgprot(PROT_NORMAL & ~PTE_PXN)
+#define PAGE_KERNEL_EXEC_CONT __pgprot((PROT_NORMAL & ~PTE_PXN) | PTE_CONT)

-#define PAGE_HYP __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN)
-#define PAGE_HYP_EXEC __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY)
-#define PAGE_HYP_RO __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN)
+#define PAGE_HYP __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN)
+#define PAGE_HYP_EXEC __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY)
+#define PAGE_HYP_RO __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN)
#define PAGE_HYP_DEVICE __pgprot(PROT_DEVICE_nGnRE | PTE_HYP)

- #define PAGE_S2 __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY)
- #define PAGE_S2_DEVICE __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN)
-#define PAGE_S2 __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY | PTE_S2_XN)
-#define PAGE_S2_DEVICE __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_S2_XN)
++#define PAGE_S2 __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY | PTE_S2_XN)
++#define PAGE_S2_DEVICE __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_S2_XN)

-#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_PXN | PTE_UXN)
+#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN)
#define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE)
#define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_WRITE)
#define PAGE_READONLY __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN)
diff --cc arch/x86/include/asm/mshyperv.h
index b52af150cbd8,1790002a2052..25283f7eb299
--- a/arch/x86/include/asm/mshyperv.h
+++ b/arch/x86/include/asm/mshyperv.h
@@@ -314,13 -315,21 +315,21 @@@ void hyperv_init(void)
void hyperv_setup_mmu_ops(void);
void hyper_alloc_mmu(void);
void hyperv_report_panic(struct pt_regs *regs, long err);
-bool hv_is_hypercall_page_setup(void);
+bool hv_is_hyperv_initialized(void);
void hyperv_cleanup(void);
+
+ void hyperv_reenlightenment_intr(struct pt_regs *regs);
+ void set_hv_tscchange_cb(void (*cb)(void));
+ void clear_hv_tscchange_cb(void);
+ void hyperv_stop_tsc_emulation(void);
#else /* CONFIG_HYPERV */
static inline void hyperv_init(void) {}
-static inline bool hv_is_hypercall_page_setup(void) { return false; }
+static inline bool hv_is_hyperv_initialized(void) { return false; }
static inline void hyperv_cleanup(void) {}
static inline void hyperv_setup_mmu_ops(void) {}
+ static inline void set_hv_tscchange_cb(void (*cb)(void)) {}
+ static inline void clear_hv_tscchange_cb(void) {}
+ static inline void hyperv_stop_tsc_emulation(void) {};
#endif /* CONFIG_HYPERV */

#ifdef CONFIG_HYPERV_TSCPAGE
diff --cc arch/x86/kvm/cpuid.c
index 13f5d4217e4f,20e491b94f44..a0c5a69bc7c4
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@@ -363,12 -371,9 +369,13 @@@ static inline int __do_cpuid_ent(struc
F(LAHF_LM) | F(CMP_LEGACY) | 0 /*SVM*/ | 0 /* ExtApicSpace */ |
F(CR8_LEGACY) | F(ABM) | F(SSE4A) | F(MISALIGNSSE) |
F(3DNOWPREFETCH) | F(OSVW) | 0 /* IBS */ | F(XOP) |
- 0 /* SKINIT, WDT, LWP */ | F(FMA4) | F(TBM);
+ 0 /* SKINIT, WDT, LWP */ | F(FMA4) | F(TBM) |
+ F(TOPOEXT);

+ /* cpuid 0x80000008.ebx */
+ const u32 kvm_cpuid_8000_0008_ebx_x86_features =
+ F(IBPB) | F(IBRS);
+
/* cpuid 0xC0000001.edx */
const u32 kvm_cpuid_C000_0001_edx_x86_features =
F(XSTORE) | F(XSTORE_EN) | F(XCRYPT) | F(XCRYPT_EN) |
diff --cc arch/x86/kvm/svm.c
index 4e3c79530526,1bf20e9160bd..b3e488a74828
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@@ -533,7 -573,9 +577,10 @@@ struct svm_cpu_data
struct kvm_ldttss_desc *tss_desc;

struct page *save_area;
+ struct vmcb *current_vmcb;
+
+ /* index = sev_asid, value = vmcb pointer */
+ struct vmcb **sev_vmcbs;
};

static DEFINE_PER_CPU(struct svm_cpu_data *, svm_data);
diff --cc arch/x86/kvm/vmx.c
index bee4c49f6dd0,9973a301364e..9d95957be4e8
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@@ -903,18 -864,25 +869,23 @@@ static const unsigned short vmcs_field_

static inline short vmcs_field_to_offset(unsigned long field)
{
+ const size_t size = ARRAY_SIZE(vmcs_field_to_offset_table);
+ unsigned short offset;
+ unsigned index;

- BUILD_BUG_ON(size > SHRT_MAX);
- if (field >= size)
+ if (field >> 15)
return -ENOENT;

- field = array_index_nospec(field, size);
- offset = vmcs_field_to_offset_table[field];
+ index = ROL16(field, 6);
- if (index >= ARRAY_SIZE(vmcs_field_to_offset_table))
++ if (index >= size)
+ return -ENOENT;
+
- /*
- * FIXME: Mitigation for CVE-2017-5753. To be replaced with a
- * generic mechanism.
- */
- asm("lfence");
-
- if (vmcs_field_to_offset_table[index] == 0)
++ index = array_index_nospec(index, size);
++ offset = vmcs_field_to_offset_table[index];
+ if (offset == 0)
return -ENOENT;
+
- return vmcs_field_to_offset_table[index];
+ return offset;
}

static inline struct vmcs12 *get_vmcs12(struct kvm_vcpu *vcpu)
@@@ -10206,69 -10049,55 +10212,84 @@@ static inline bool nested_vmx_prepare_m
struct page *page;
unsigned long *msr_bitmap_l1;
unsigned long *msr_bitmap_l0 = to_vmx(vcpu)->nested.vmcs02.msr_bitmap;
+ /*
+ * pred_cmd & spec_ctrl are trying to verify two things:
+ *
+ * 1. L0 gave a permission to L1 to actually passthrough the MSR. This
+ * ensures that we do not accidentally generate an L02 MSR bitmap
+ * from the L12 MSR bitmap that is too permissive.
+ * 2. That L1 or L2s have actually used the MSR. This avoids
+ * unnecessarily merging of the bitmap if the MSR is unused. This
+ * works properly because we only update the L01 MSR bitmap lazily.
+ * So even if L0 should pass L1 these MSRs, the L01 bitmap is only
+ * updated to reflect this when L1 (or its L2s) actually write to
+ * the MSR.
+ */
+ bool pred_cmd = msr_write_intercepted_l01(vcpu, MSR_IA32_PRED_CMD);
+ bool spec_ctrl = msr_write_intercepted_l01(vcpu, MSR_IA32_SPEC_CTRL);

+ /* Nothing to do if the MSR bitmap is not in use. */
+ if (!cpu_has_vmx_msr_bitmap() ||
+ !nested_cpu_has(vmcs12, CPU_BASED_USE_MSR_BITMAPS))
+ return false;
+
+ /* This shortcut is ok because we support only x2APIC MSRs so far. */
- if (!nested_cpu_has_virt_x2apic_mode(vmcs12))
+ if (!nested_cpu_has_virt_x2apic_mode(vmcs12) &&
+ !pred_cmd && !spec_ctrl)
return false;

page = kvm_vcpu_gpa_to_page(vcpu, vmcs12->msr_bitmap);
if (is_error_page(page))
return false;
+
msr_bitmap_l1 = (unsigned long *)kmap(page);
-
- memset(msr_bitmap_l0, 0xff, PAGE_SIZE);
-
- if (nested_cpu_has_virt_x2apic_mode(vmcs12)) {
- if (nested_cpu_has_apic_reg_virt(vmcs12))
- for (msr = 0x800; msr <= 0x8ff; msr++)
- nested_vmx_disable_intercept_for_msr(
- msr_bitmap_l1, msr_bitmap_l0,
- msr, MSR_TYPE_R);
-
- nested_vmx_disable_intercept_for_msr(
- msr_bitmap_l1, msr_bitmap_l0,
- APIC_BASE_MSR + (APIC_TASKPRI >> 4),
- MSR_TYPE_R | MSR_TYPE_W);
-
- if (nested_cpu_has_vid(vmcs12)) {
- nested_vmx_disable_intercept_for_msr(
- msr_bitmap_l1, msr_bitmap_l0,
- APIC_BASE_MSR + (APIC_EOI >> 4),
- MSR_TYPE_W);
- nested_vmx_disable_intercept_for_msr(
- msr_bitmap_l1, msr_bitmap_l0,
- APIC_BASE_MSR + (APIC_SELF_IPI >> 4),
- MSR_TYPE_W);
+ if (nested_cpu_has_apic_reg_virt(vmcs12)) {
+ /*
+ * L0 need not intercept reads for MSRs between 0x800 and 0x8ff, it
+ * just lets the processor take the value from the virtual-APIC page;
+ * take those 256 bits directly from the L1 bitmap.
+ */
+ for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) {
+ unsigned word = msr / BITS_PER_LONG;
+ msr_bitmap_l0[word] = msr_bitmap_l1[word];
+ msr_bitmap_l0[word + (0x800 / sizeof(long))] = ~0;
}
+ } else {
+ for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) {
+ unsigned word = msr / BITS_PER_LONG;
+ msr_bitmap_l0[word] = ~0;
+ msr_bitmap_l0[word + (0x800 / sizeof(long))] = ~0;
+ }
+ }
+
+ nested_vmx_disable_intercept_for_msr(
+ msr_bitmap_l1, msr_bitmap_l0,
+ X2APIC_MSR(APIC_TASKPRI),
+ MSR_TYPE_W);
+
+ if (nested_cpu_has_vid(vmcs12)) {
+ nested_vmx_disable_intercept_for_msr(
+ msr_bitmap_l1, msr_bitmap_l0,
+ X2APIC_MSR(APIC_EOI),
+ MSR_TYPE_W);
+ nested_vmx_disable_intercept_for_msr(
+ msr_bitmap_l1, msr_bitmap_l0,
+ X2APIC_MSR(APIC_SELF_IPI),
+ MSR_TYPE_W);
}
+
+ if (spec_ctrl)
+ nested_vmx_disable_intercept_for_msr(
+ msr_bitmap_l1, msr_bitmap_l0,
+ MSR_IA32_SPEC_CTRL,
+ MSR_TYPE_R | MSR_TYPE_W);
+
+ if (pred_cmd)
+ nested_vmx_disable_intercept_for_msr(
+ msr_bitmap_l1, msr_bitmap_l0,
+ MSR_IA32_PRED_CMD,
+ MSR_TYPE_W);
+
kunmap(page);
kvm_release_page_clean(page);

Next message: Philippe Ombredanne: "Re: [PATCH 5/6] ARM: dts: tegra: apalis-tk1: copyright period, spurious newlines"
Previous message: Nicholas Piggin: "Re: [PATCH v4 1/5] powerpc/mm/slice: Remove intermediate bitmap copy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]