[GIT PULL] KVM fixes for Linux 6.10-rc3

From: Paolo Bonzini
Date: Wed Jun 05 2024 - 08:25:39 EST


Linus,

The following changes since commit c3f38fa61af77b49866b006939479069cd451173:

Linux 6.10-rc2 (2024-06-02 15:44:56 -0700)

are available in the Git repository at:

https://git.kernel.org/pub/scm/virt/kvm/kvm.git tags/for-linus

for you to fetch changes up to db574f2f96d0c9a245a9e787e3d9ec288fb2b445:

KVM: x86/mmu: Don't save mmu_invalidate_seq after checking private attr (2024-06-05 06:45:06 -0400)

The pull request is dominated by a couple large series for ARM
and x86 respectively, but apart from that things are calm.

----------------------------------------------------------------
ARM:

* Large set of FP/SVE fixes for pKVM, addressing the fallout
from the per-CPU data rework and making sure that the host
is not involved in the FP/SVE switching any more

* Allow FEAT_BTI to be enabled with NV now that FEAT_PAUTH
is completely supported

* Fix for the respective priorities of Failed PAC, Illegal
Execution state and Instruction Abort exceptions

* Fix the handling of AArch32 instruction traps failing their
condition code, which was broken by the introduction of
ESR_EL2.ISS2

* Allow vcpus running in AArch32 state to be restored in
System mode

* Fix AArch32 GPR restore that would lose the 64 bit state
under some conditions

RISC-V:

* No need to use mask when hart-index-bits is 0

* Fix incorrect reg_subtype labels in kvm_riscv_vcpu_set_reg_isa_ext()

x86:

* Fixes and debugging help for the #VE sanity check. Also disable
it by default, even for CONFIG_DEBUG_KERNEL, because it was found
to trigger spuriously (most likely a processor erratum as the
exact symptoms vary by generation).

* Avoid WARN() when two NMIs arrive simultaneously during an NMI-disabled
situation (GIF=0 or interrupt shadow) when the processor supports
virtual NMI. While generally KVM will not request an NMI window
when virtual NMIs are supported, in this case it *does* have to
single-step over the interrupt shadow or enable the STGI intercept,
in order to deliver the latched second NMI.

* Drop support for hand tuning APIC timer advancement from userspace.
Since we have adaptive tuning, and it has proved to work well,
drop the module parameter for manual configuration and with it a
few stupid bugs that it had.

----------------------------------------------------------------
Fuad Tabba (9):
KVM: arm64: Reintroduce __sve_save_state
KVM: arm64: Fix prototype for __sve_save_state/__sve_restore_state
KVM: arm64: Abstract set/clear of CPTR_EL2 bits behind helper
KVM: arm64: Specialize handling of host fpsimd state on trap
KVM: arm64: Allocate memory mapped at hyp for host sve state in pKVM
KVM: arm64: Eagerly restore host fpsimd/sve state in pKVM
KVM: arm64: Consolidate initializing the host data's fpsimd_state/sve in pKVM
KVM: arm64: Refactor CPACR trap bit setting/clearing to use ELx format
KVM: arm64: Ensure that SME controls are disabled in protected mode

Isaku Yamahata (1):
KVM: x86/mmu: Use SHADOW_NONPRESENT_VALUE for atomic zap in TDP MMU

Marc Zyngier (5):
KVM: arm64: Fix AArch32 register narrowing on userspace write
KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
KVM: arm64: AArch32: Fix spurious trapping of conditional instructions
KVM: arm64: nv: Fix relative priorities of exceptions generated by ERETAx
KVM: arm64: nv: Expose BTI and CSV_frac to a guest hypervisor

Nikunj A Dadhania (1):
KVM: SEV-ES: Prevent MSR access post VMSA encryption

Paolo Bonzini (3):
Merge branch 'kvm-fixes-6.10-1' into HEAD
Merge tag 'kvm-riscv-fixes-6.10-1' of https://github.com/kvm-riscv/linux into HEAD
Merge tag 'kvmarm-fixes-6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD

Quan Zhou (1):
RISC-V: KVM: Fix incorrect reg_subtype labels in kvm_riscv_vcpu_set_reg_isa_ext function

Ravi Bangoria (2):
KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent
KVM: SEV-ES: Delegate LBR virtualization to the processor

Sean Christopherson (11):
KVM: VMX: Don't kill the VM on an unexpected #VE
KVM: nVMX: Initialize #VE info page for vmcs02 when proving #VE support
KVM: nVMX: Always handle #VEs in L0 (never forward #VEs from L2 to L1)
KVM: x86/mmu: Add sanity checks that KVM doesn't create EPT #VE SPTEs
KVM: VMX: Dump VMCS on unexpected #VE
KVM: x86/mmu: Print SPTEs on unexpected #VE
KVM: VMX: Enumerate EPT Violation #VE support in /proc/cpuinfo
KVM: x86: Disable KVM_INTEL_PROVE_VE by default
KVM: x86: Force KVM_WERROR if the global WERROR is enabled
KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked
KVM: x86: Drop support for hand tuning APIC timer advancement from userspace

Tao Su (1):
KVM: x86/mmu: Don't save mmu_invalidate_seq after checking private attr

Yong-Xuan Wang (1):
RISC-V: KVM: No need to use mask when hart-index-bit is 0

arch/arm64/include/asm/el2_setup.h | 6 +--
arch/arm64/include/asm/kvm_arm.h | 6 +++
arch/arm64/include/asm/kvm_emulate.h | 71 ++++++++++++++++++++++++++--
arch/arm64/include/asm/kvm_host.h | 25 +++++++++-
arch/arm64/include/asm/kvm_hyp.h | 4 +-
arch/arm64/include/asm/kvm_pkvm.h | 9 ++++
arch/arm64/kvm/arm.c | 76 +++++++++++++++++++++++++++++
arch/arm64/kvm/emulate-nested.c | 21 +++++----
arch/arm64/kvm/fpsimd.c | 11 +++--
arch/arm64/kvm/guest.c | 3 +-
arch/arm64/kvm/hyp/aarch32.c | 18 ++++++-
arch/arm64/kvm/hyp/fpsimd.S | 6 +++
arch/arm64/kvm/hyp/include/hyp/switch.h | 36 +++++++-------
arch/arm64/kvm/hyp/include/nvhe/pkvm.h | 1 -
arch/arm64/kvm/hyp/nvhe/hyp-main.c | 84 +++++++++++++++++++++++++++++----
arch/arm64/kvm/hyp/nvhe/pkvm.c | 17 ++-----
arch/arm64/kvm/hyp/nvhe/setup.c | 25 +++++++++-
arch/arm64/kvm/hyp/nvhe/switch.c | 24 ++++++++--
arch/arm64/kvm/hyp/vhe/switch.c | 12 +++--
arch/arm64/kvm/nested.c | 6 ++-
arch/arm64/kvm/reset.c | 3 ++
arch/riscv/kvm/aia_device.c | 7 +--
arch/riscv/kvm/vcpu_onereg.c | 4 +-
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/include/asm/vmxfeatures.h | 2 +-
arch/x86/kvm/Kconfig | 11 +++--
arch/x86/kvm/lapic.c | 39 ++++++++-------
arch/x86/kvm/lapic.h | 2 +-
arch/x86/kvm/mmu/mmu.c | 48 ++++++++++++++-----
arch/x86/kvm/mmu/spte.h | 9 ++++
arch/x86/kvm/mmu/tdp_iter.h | 2 +
arch/x86/kvm/mmu/tdp_mmu.c | 2 +-
arch/x86/kvm/svm/sev.c | 19 ++++++--
arch/x86/kvm/svm/svm.c | 69 ++++++++++++++++++++-------
arch/x86/kvm/svm/svm.h | 4 +-
arch/x86/kvm/vmx/nested.c | 5 ++
arch/x86/kvm/vmx/vmx.c | 11 ++++-
arch/x86/kvm/x86.c | 11 +----
38 files changed, 559 insertions(+), 151 deletions(-)