The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 95bb7c42ac8a94ce3d0eb059ad64430390351ccb
Gitweb:
https://git.kernel.org/tip/95bb7c42ac8a94ce3d0eb059ad64430390351ccb
Author:Sean Christopherson
AuthorDate:Fri, 13 Nov 2020 00:01:21 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 224ab3527f89f69ae57dc53555826667ac46a3cc
Gitweb:
https://git.kernel.org/tip/224ab3527f89f69ae57dc53555826667ac46a3cc
Author:Sean Christopherson
AuthorDate:Fri, 13 Nov 2020 00:01:18 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 74faeee06db81a06add0def6a394210c8fef0ab7
Gitweb:
https://git.kernel.org/tip/74faeee06db81a06add0def6a394210c8fef0ab7
Author:Sean Christopherson
AuthorDate:Fri, 13 Nov 2020 00:01:17 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: d205e0f1426e0f99e2b4f387c49f2d8b66e129dd
Gitweb:
https://git.kernel.org/tip/d205e0f1426e0f99e2b4f387c49f2d8b66e129dd
Author:Sean Christopherson
AuthorDate:Fri, 13 Nov 2020 00:01:15 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: e7b6385b01d8e9fb7a97887c3ea649abb95bb8c8
Gitweb:
https://git.kernel.org/tip/e7b6385b01d8e9fb7a97887c3ea649abb95bb8c8
Author:Sean Christopherson
AuthorDate:Fri, 13 Nov 2020 00:01:14 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: e7e0545299d8cb0fd6fe3ba50401b7f5c3937362
Gitweb:
https://git.kernel.org/tip/e7e0545299d8cb0fd6fe3ba50401b7f5c3937362
Author:Sean Christopherson
AuthorDate:Fri, 13 Nov 2020 00:01:16 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: cd072dab453a9b4a9f7927f9eddca5a156fbd87d
Gitweb:
https://git.kernel.org/tip/cd072dab453a9b4a9f7927f9eddca5a156fbd87d
Author:Sean Christopherson
AuthorDate:Fri, 13 Nov 2020 00:01:28 +02:00
The following commit has been merged into the x86/sgx branch of tip:
Commit-ID: 334872a0919890a70cccd00b8e11931020a819be
Gitweb:
https://git.kernel.org/tip/334872a0919890a70cccd00b8e11931020a819be
Author:Sean Christopherson
AuthorDate:Fri, 13 Nov 2020 00:01:29 +02:00
On Thu, Oct 29, 2020 at 08:08:48AM +0100, Paolo Bonzini wrote:
> On 28/10/20 16:29, Sean Christopherson wrote:
> > The naming and usage also aligns with the kernel, which defines PAGE, PMD
> > and
> > PUD masks, and has near identical usage patterns.
> &g
On Tue, Nov 03, 2020 at 08:39:12AM -0800, James Bottomley wrote:
> On Mon, 2020-09-21 at 18:22 -0700, Sean Christopherson wrote:
> > ASIDs too. I'd also love to see more info in the docs and/or cover
> > letter to explain why ASID management on SEV requires a cgroup. I
>
On Fri, Oct 02, 2020 at 01:48:10PM -0700, Vipin Sharma wrote:
> On Fri, Sep 25, 2020 at 03:22:20PM -0700, Vipin Sharma wrote:
> > I agree with you that the abstract name is better than the concrete
> > name, I also feel that we must provide HW extensions. Here is one
> > approach:
> >
> > Cgroup n
On Mon, Nov 02, 2020 at 10:01:16AM -0800, Andy Lutomirski wrote:
> On Mon, Nov 2, 2020 at 9:31 AM Sean Christopherson
> wrote:
> >
> > On Mon, Nov 02, 2020 at 08:43:30AM -0800, Andy Lutomirski wrote:
> > > On Sun, Nov 1, 2020 at 10:14 PM Tao Xu wrote:
> >
On Mon, Nov 02, 2020 at 02:14:45PM +0800, Tao Xu wrote:
> There are some cases that malicious virtual machines can cause CPU stuck
> (event windows don't open up), e.g., infinite loop in microcode when
> nested #AC (CVE-2015-5307). No event window obviously means no events,
> e.g. NMIs, SMIs, and I
On Mon, Nov 02, 2020 at 08:43:30AM -0800, Andy Lutomirski wrote:
> On Sun, Nov 1, 2020 at 10:14 PM Tao Xu wrote:
> > 2. Another patch to disable interception of #DB and #AC when notify
> > VM-Exiting is enabled.
>
> Whoa there.
>
> A VM control that says "hey, CPU, if you messed up and livelocke
On Mon, Oct 26, 2020 at 05:14:39PM +0100, Arnd Bergmann wrote:
> From: Arnd Bergmann
>
> There are hundreds of warnings in a W=2 build about a local
> variable shadowing the global 'apic' definition:
>
> arch/x86/kvm/lapic.h:149:65: warning: declaration of 'apic' shadows a global
> declaration
On Tue, Oct 27, 2020 at 03:17:40PM -0700, Ben Gardon wrote:
> On Tue, Oct 27, 2020 at 2:43 PM Sean Christopherson
> wrote:
> >
> > Add a helper to compute the GFN mask given a hugepage level, KVM is
> > accumulating quite a few users with the addition of the TDP MMU.
>
On Tue, Oct 27, 2020 at 03:09:11PM -0700, Ben Gardon wrote:
> On Tue, Oct 27, 2020 at 2:43 PM Sean Christopherson
> wrote:
> >
> > Use the logical NOT of KVM_HPAGE_GFN_MASK() to compute the GFN offset
> > mask instead of open coding the equivalent in a variety of locations
Capture kvm_vmx in a local variable instead of polluting
hv_remote_flush_tlb_with_range() with to_kvm_vmx(kvm).
No functional change intended.
Reviewed-by: Vitaly Kuznetsov
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 13 +++--
1 file changed, 7 insertions(+), 6
ce.
See commit 6a3ea3e68b8a ("x86/entry/64: Do not use RDPID in paranoid
entry to accomodate KVM") for details.
Signed-off-by: Sean Christopherson
---
arch/x86/include/asm/inst.h | 15 ---
1 file changed, 15 deletions(-)
diff --git a/arch/x86/include/asm/inst.h b/arch/x86
Use the logical NOT of KVM_HPAGE_GFN_MASK() to compute the GFN offset
mask instead of open coding the equivalent in a variety of locations.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/mmu/mmu.c | 2 +-
arch/x86/kvm/mmu/mmutrace.h | 2 +-
arch/x86/kvm/mmu/tdp_mmu.c | 2 +-
arch/x86
_level()'s direct two's complement trickery.
Signed-off-by: Sean Christopherson
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/mmu/mmu.c | 2 +-
arch/x86/kvm/mmu/paging_tmpl.h | 4 ++--
arch/x86/kvm/mmu/tdp_iter.c | 2 +-
4 files changed, 5 insertions(+), 4 deleti
ad the open coded
version without thinking too hard.
No functional change intended.
Cc: Ben Gardon
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/mmu/tdp_iter.c | 11 +++
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/x86/kvm/mmu/tdp_iter.c b/arch/x86/kvm/mmu/tdp_
cc uses NEG
for both). The use of '-(...)' made me do a double take (more like a
quadrupal take) when reading the TDP MMU code as my eyes/brain have been
heavily trained to look for the more common '~(... - 1)'.
Sean Christopherson (3):
KVM: x86/mmu: Add helper macro for co
Combine the for-loops for Hyper-V TLB EPTP checking and flushing, and in
doing so skip flushes for vCPUs whose EPTP matches the target EPTP.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 23 ---
1 file changed, 8 insertions(+), 15 deletions(-)
diff --git a
_t/u64 instead of an
unsigned long. The EPTP holds a 64-bit value, even in 32-bit mode, so
in theory EPT could support HIGHMEM for 32-bit KVM. Never mind that
doing so would require changing the MMU page allocators and reworking
the MMU to use kmap().
Signed-off-by: Sean Christopherson
---
arch/x86/in
ready detected,
e.g. to handle the case where the first flush fails and there is a
yet-to-be-detected mismatch.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
, the explicit check makes it more obvious why a non-NULL
tlb_remote_flush() triggers EPTP shenanigans. Long term, this will
allow TDX to define its own implementation of tlb_remote_flush() without
running afoul of Hyper-V.
Reviewed-by: Vitaly Kuznetsov
Signed-off-by: Sean Christopherson
---
arch/x8
as invalid.
This also technically fixes a bug where KVM could theoretically flush an
invalid GPA if all vCPUs have an invalid root. In practice, it's likely
impossible to trigger a remote TLB flush in such a scenario. In any
case, the superfluous flush is completely benign.
Sign
ly if Hyper-v is active, i.e. non-Hyper-V code cannot rely on it
to actually track the current EPTP (without additional code changes).
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 5 -
arch/x86/kvm/vmx/vmx.h | 4
2 files changed, 8 insertions(+), 1 deletion(-)
diff --
Fold check_ept_pointer_match() into hv_remote_flush_tlb_with_range() in
preparation for combining the kvm_for_each_vcpu loops of the ==CHECK and
!=MATCH statements.
No functional change intended.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 44
italy]
- Explicitly invalidate hv_tlb_eptp instead of leaving it valid when
the mismatch tracker "knows" it's invalid. [Vitaly]
- Change the last patch to use "hv_root_ept" instead of "hv_tlb_pgd"
to better reflect what is actually being tracked.
v2: Rewri
ed to skip redundant flushes.
No functional change intended.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 35 +++
arch/x86/kvm/vmx/vmx.h | 7 ---
2 files changed, 23 insertions(+), 19 deletions(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/ar
paravirt TLB flushing.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 83 --
arch/x86/kvm/vmx/vmx.h | 6 +--
2 files changed, 42 insertions(+), 47 deletions(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 40a67dd45
igned-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 25a714cda662..4d9bc0d3a929 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -3072,7 +3
On Tue, Oct 27, 2020 at 09:49:50AM -0700, Ben Gardon wrote:
> Rescheduling while holding a spin lock is essential for keeping long
> running kernel operations running smoothly. Add the facility to
> cond_resched rwlocks.
This adds two new exports and two new macros without any in-tree users, which
On Mon, Oct 26, 2020 at 03:59:35PM -0700, Andy Lutomirski wrote:
> > On Oct 26, 2020, at 3:51 AM, Dr. Greg wrote:
> > The open question in all of this is that the EDMM paper, as well as
> > the SDM, indicate the effects of an ENCLU[EMODPE] are immediate inside
> > of a running enclave. I'm assumi
SPTEs")
Reported-by: Daniel Díaz
Signed-off-by: Sean Christopherson
---
Linus, do you want to take this directly so that it's in rc1? I don't
know whether Paolo will be checking mail before then.
arch/x86/kvm/mmu/tdp_mmu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -
On Fri, Oct 23, 2020 at 07:17:54PM -0700, Sean Christopherson wrote:
> On Fri, Oct 23, 2020 at 09:13:21PM -0500, Daniel Díaz wrote:
> > Hello!
> >
> > We found the following problem building torvalds/master, which
> > recently merged the for-linus tag from the KVM tree,
On Fri, Oct 23, 2020 at 09:13:21PM -0500, Daniel Díaz wrote:
> Hello!
>
> We found the following problem building torvalds/master, which
> recently merged the for-linus tag from the KVM tree, when building
> with gcc 7.3.0 and glibc 2.27 for x86 32-bits under OpenEmbedded:
>
> | LD vmlinux
On Fri, Oct 23, 2020 at 03:37:12PM +0300, Mike Rapoport wrote:
> On Tue, Oct 20, 2020 at 09:18:58AM +0300, Kirill A. Shutemov wrote:
> > If the protected memory feature enabled, unmap guest memory from
> > kernel's direct mappings.
> >
> > Migration and KSM is disabled for protected memory as it w
On Thu, Oct 22, 2020 at 08:05:05PM -0700, Linus Torvalds wrote:
> On Thu, Oct 22, 2020 at 6:36 PM Daniel Díaz wrote:
> >
> > The kernel Naresh originally referred to is here:
> > https://builds.tuxbuild.com/SCI7Xyjb7V2NbfQ2lbKBZw/
>
> Thanks.
>
> And when I started looking at it, I realized th
On Wed, Oct 14, 2020 at 04:44:57PM -0700, Jim Mattson wrote:
> On Fri, Oct 9, 2020 at 9:17 AM Jim Mattson wrote:
> >
> > On Fri, Jul 10, 2020 at 8:48 AM Mohammed Gamal wrote:
> > > @@ -5308,6 +5314,18 @@ static int handle_ept_violation(struct kvm_vcpu
> > > *vcpu)
> > >PFERR_GUES
On Wed, Oct 21, 2020 at 04:39:28PM +0200, Vitaly Kuznetsov wrote:
> Sean Christopherson writes:
> > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> > index e0fea09a6e42..89019e6476b3 100644
> > --- a/arch/x86/kvm/vmx/vmx.c
> > +++ b/arch/x86/kvm/vmx/v
On Wed, Oct 21, 2020 at 04:18:04PM +0200, Vitaly Kuznetsov wrote:
> Sean Christopherson writes:
>
> > Explicitly check that kvm_x86_ops.tlb_remote_flush() points at Hyper-V's
> > implementation for PV flushing instead of assuming that a non-NULL
> > implementation me
On Wed, Oct 21, 2020 at 02:39:20PM +0200, Vitaly Kuznetsov wrote:
> Sean Christopherson writes:
>
> > Drop the dedicated 'ept_pointers_match' field in favor of stuffing
> > 'hv_tlb_eptp' with INVALID_PAGE to mark it as invalid, i.e. to denote
> > that
On Mon, Oct 12, 2020 at 11:35:42AM +0800, Chenyi Qiang wrote:
> @@ -6138,6 +6149,26 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu,
> fastpath_t exit_fastpath)
> return 0;
> }
>
> +static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
> +{
> + int ret = __vm
On Mon, Oct 12, 2020 at 11:35:41AM +0800, Chenyi Qiang wrote:
> From: Sean Christopherson
>
> Convert vcpu_vmx.exit_reason from a u32 to a union (of size u32). The
> full VM_EXIT_REASON field is comprised of a 16-bit basic exit reason in
> bits 15:0, and single-bit modifier
, the explicit check makes it more obvious why a non-NULL
tlb_remote_flush() triggers EPTP shenanigans. Long term, this will
allow TDX to define its own implementation of tlb_remote_flush() without
running afoul of Hyper-V.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c
Combine the for-loops for Hyper-V TLB EPTP checking and flushing, and in
doing so skip flushes for vCPUs whose EPTP matches the target EPTP.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 20 ++--
1 file changed, 6 insertions(+), 14 deletions(-)
diff --git a
Capture kvm_vmx in a local variable instead of polluting
hv_remote_flush_tlb_with_range() with to_kvm_vmx(kvm).
No functional change intended.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/arch
Fold check_ept_pointer_match() into hv_remote_flush_tlb_with_range() in
preparation for combining the kvm_for_each_vcpu loops of the ==CHECK and
!=MATCH statements.
No functional change intended.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 42
ready detected,
e.g. to handle the case where the first flush fails and there is a
yet-to-be-detected mismatch.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
o not. In practice, such a mismatch is extremely unlikely, if not
flat out impossible, given how KVM generates the EPTP.
Opportunistically rename the related fields to use the 'pgd'
nomenclature, and to prefix them with 'hv_tlb' to connect them to
Hyper-V's paravirt TLB
Don't invalidate the common EPTP, and thus trigger rechecking of EPTPs
across all vCPUs, if the new EPTP matches the old/common EPTP. In all
likelihood this is a meaningless optimization, but there are (uncommon)
scenarios where KVM can reload the same EPTP.
Signed-off-by: Sean Christoph
ed to skip redundant flushes.
No functional change intended.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 16
arch/x86/kvm/vmx/vmx.h | 7 ---
2 files changed, 8 insertions(+), 15 deletions(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.
ly if Hyper-v is active, i.e. non-Hyper-V code cannot rely on it
to actually track the current EPTP (without additional code changes).
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 5 -
arch/x86/kvm/vmx/vmx.h | 4
2 files changed, 8 insertions(+), 1 deletion(-)
diff --
per-V KVM unit tests (if those are even relevant?), but haven't
actually tested on top of Hyper-V.
v2: Rewrite everything.
Sean Christopherson (10):
KVM: VMX: Track common EPTP for Hyper-V's paravirt TLB flush
KVM: VMX: Stash kvm_vmx in a local variable for Hyper-V paravirt TLB
f
as invalid.
This also technically fixes a bug where KVM could theoretically flush an
invalid GPA if all vCPUs have an invalid root. In practice, it's likely
impossible to trigger a remote TLB flush in such a scenario. In any
case, the superfluous flush is completely benign.
Sign
On Tue, Oct 20, 2020 at 05:01:18AM -0500, Dr. Greg wrote:
> On Mon, Oct 19, 2020 at 02:31:05PM -0700, Sean Christopherson wrote:
>
> Good morning, I hope the day is starting well for everyone.
>
> > On Sun, Oct 18, 2020 at 03:49:20AM -0500, Dr. Greg wrote:
> > > Is t
On Mon, Oct 19, 2020 at 05:59:25PM -0700, Sean Christopherson wrote:
> On Mon, Oct 19, 2020 at 05:11:17PM +0200, Joerg Roedel wrote:
> > From: Joerg Roedel
> >
> > Introduce sev_status and initialize it together with sme_me_mask to have
> > an indicator whi
On Mon, Oct 19, 2020 at 05:11:17PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel
>
> Introduce sev_status and initialize it together with sme_me_mask to have
> an indicator which SEV features are enabled.
>
> Signed-off-by: Joerg Roedel
> ---
> arch/x86/boot/compressed/mem_encrypt.S | 14 +++
On Sun, Oct 18, 2020 at 03:49:20AM -0500, Dr. Greg wrote:
> Is this even a relevant control if we cede the notion of dynamically
> loadable enclave code, which is the objective of SGX2 hardware, which
> will in all likelihood be the only relevant hardware implementation in
> the future?
Yes, it's
On Mon, Oct 19, 2020 at 01:48:32PM -0700, Dave Hansen wrote:
> On 10/17/20 10:03 PM, Jarkko Sakkinen wrote:
> >>> + if (ret) {
> >>> + if (encls_failed(ret))
> >>> + ENCLS_WARN(ret, "EEXTEND");
> >>> + return -EIO;
> >>
> >> How freque
On Mon, Oct 19, 2020 at 01:21:09PM -0700, Dave Hansen wrote:
> On 10/17/20 9:26 PM, Jarkko Sakkinen wrote:
> >>> +long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg)
> >>> +{
> >>> + struct sgx_encl *encl = filep->private_data;
> >>> + int ret, encl_flags;
> >>> +
> >>> + encl_f
On Mon, Oct 19, 2020 at 10:48:35AM -0700, Dave Hansen wrote:
> On 10/19/20 10:38 AM, Sean Christopherson wrote:
> >>> +static inline bool encls_failed(int ret)
> >>> +{
> >>> + int epcm_trapnr;
> >>> +
> >>> + if (boot_cpu_h
On Mon, Oct 19, 2020 at 07:10:58AM -0700, Dave Hansen wrote:
> On 10/2/20 9:50 PM, Jarkko Sakkinen wrote:
> >
> > Add X86_FEATURE_SGX1 and X86_FEATURE_SGX2 from CPUID.(EAX=12H, ECX=0),
> > which describe the level of SGX support available [1].
>
> The SDM says there are 6 leaf functions added wit
On Mon, Oct 19, 2020 at 07:30:32AM -0700, Dave Hansen wrote:
> On 10/2/20 9:50 PM, Jarkko Sakkinen wrote:
> > +/**
> > + * encls_failed() - Check if an ENCLS leaf function failed
> > + * @ret: the return value of an ENCLS leaf function call
> > + *
> > + * Check if an ENCLS leaf function failed.
On Sun, Oct 11, 2020 at 02:48:18PM -0400, Cathy Avery wrote:
> @@ -628,8 +620,10 @@ int nested_svm_vmexit(struct vcpu_svm *svm)
> nested_vmcb->control.pause_filter_thresh =
> svm->vmcb->control.pause_filter_thresh;
>
> - /* Restore the original control entries */
> - c
On Sun, Oct 11, 2020 at 02:48:17PM -0400, Cathy Avery wrote:
> Move asid to svm->asid to allow for vmcb assignment
This is misleading. The asid isn't being moved, it's being copied/tracked.
The "to allow" wording also confused me; I though this was just a prep patch
and the actual assignment was
Heads up, you may get this multiple times, our mail servers got "upgraded"
recently and are giving me troubles...
On Mon, Oct 12, 2020 at 03:59:35PM -0700, Ben Gardon wrote:
> On Tue, Sep 29, 2020 at 11:06 PM Sean Christopherson
> wrote:
> > > @@ -3691
On Fri, Oct 09, 2020 at 06:48:21PM +0300, stsp wrote:
> 09.10.2020 18:30, Sean Christopherson пишет:
> >On Fri, Oct 09, 2020 at 05:11:51PM +0300, stsp wrote:
> >>09.10.2020 07:04, Sean Christopherson пишет:
> >>>>Hmm. But at least it was lying
> >>>&g
On Fri, Oct 09, 2020 at 05:11:51PM +0300, stsp wrote:
> 09.10.2020 07:04, Sean Christopherson пишет:
> >>Hmm. But at least it was lying
> >>similarly on AMD and Intel CPUs. :)
> >>So I was able to reproduce the problems
> >>myself.
> >>Do you mea
On Thu, Oct 08, 2020 at 09:18:18PM +0300, stsp wrote:
> 08.10.2020 20:59, Sean Christopherson пишет:
> >On Thu, Oct 08, 2020 at 07:00:13PM +0300, stsp wrote:
> >>07.10.2020 04:44, Sean Christopherson пишет:
> >>>Two bug fixes to handle KVM_SET_SREGS without a precedi
On Thu, Oct 08, 2020 at 03:54:12PM +0800, yulei.ker...@gmail.com wrote:
> From: Yulei Zhang
>
> Dmem page is pfn invalid but not mmio. Support cacheable
> dmem page for kvm.
>
> Signed-off-by: Chen Zhuo
> Signed-off-by: Yulei Zhang
> ---
> arch/x86/kvm/mmu/mmu.c | 5 +++--
> include/linux/dme
On Thu, Oct 08, 2020 at 07:00:13PM +0300, stsp wrote:
> 07.10.2020 04:44, Sean Christopherson пишет:
> >Two bug fixes to handle KVM_SET_SREGS without a preceding KVM_SET_CPUID2.
> Hi Sean & KVM devs.
>
> I tested the patches, and wherever I
> set VMXE in CR4, I now
On Tue, Oct 06, 2020 at 03:33:21PM -0700, Ben Gardon wrote:
> On Wed, Sep 30, 2020 at 9:37 AM Sean Christopherson
> wrote:
> >
> > On Fri, Sep 25, 2020 at 02:22:50PM -0700, Ben Gardon wrote:
> > > @@ -4113,8 +4088,9 @@ static int direct_page_fault(struct kvm_vcpu *
On Wed, Oct 07, 2020 at 10:39:23AM +0300, Jarkko Sakkinen wrote:
> On Tue, Oct 06, 2020 at 09:34:19PM -0700, Sean Christopherson wrote:
> > > Even if that was in place, you'd need to separate normal and interrupt.
> > > Tristate is useless here.
> >
On Wed, Oct 07, 2020 at 06:14:02AM +0300, Jarkko Sakkinen wrote:
> On Tue, Oct 06, 2020 at 06:17:38PM -0700, Sean Christopherson wrote:
> > On Wed, Oct 07, 2020 at 03:22:36AM +0300, Jarkko Sakkinen wrote:
> > > > And then a third flavor comes along, e.g. Jethro's reque
ted
before KVM_SET_CPUID{,2}.
Fixes: 5e1746d6205d ("KVM: nVMX: Allow setting the VMXE bit in CR4")
Reported-by: Stas Sergeev
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86
ue.
No functional change intended.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 19 +++
1 file changed, 7 insertions(+), 12 deletions(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 99ea57ba2a84..dac93346aca9 100644
--- a/arch/x86/kvm/vmx/vmx
R4")
Signed-off-by: Sean Christopherson
---
arch/x86/include/asm/kvm_host.h | 3 ++-
arch/x86/kvm/svm/svm.c | 9 +++--
arch/x86/kvm/svm/svm.h | 2 +-
arch/x86/kvm/vmx/nested.c | 2 +-
arch/x86/kvm/vmx/vmx.c | 31 ++-
ar
another.
I intentionally omitted a Cc to stable. The first bug fix in particular
may break stable trees as it simply removes a check, and I don't know that
stable trees have the generic CR4 reserved bit check that is needed to
prevent the guest from setting VMXE when nVMX is not allowed.
KVM rejects KVM_SET_REGS if CR4
has one or more unsupported bits set.
Signed-off-by: Sean Christopherson
---
.../selftests/kvm/include/x86_64/processor.h | 17
.../selftests/kvm/include/x86_64/vmx.h| 4 -
.../selftests/kvm/x86_64/set_sregs_test.c | 92 ++-
3 files
Rework the common CR4 and SREGS checks to return a bool instead of an
int, i.e. true/false instead of 0/-EINVAL, and add "is" to the name to
clarify the polarity of the return value (which is effectively inverted
by this change).
No functional changed intended.
Signed-off-by: Sean Chri
Drop svm_set_cr4()'s explicit check CR4.VMXE now that common x86 handles
the check by incorporating VMXE into the CR4 reserved bits, via
kvm_cpu_caps. SVM obviously does not set X86_FEATURE_VMX.
No functional change intended.
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/svm/svm.
On Wed, Oct 07, 2020 at 03:22:36AM +0300, Jarkko Sakkinen wrote:
> On Tue, Oct 06, 2020 at 04:21:29PM -0700, Sean Christopherson wrote:
> > On Tue, Oct 06, 2020 at 08:28:19PM +0300, Jarkko Sakkinen wrote:
> > > On Tue, Oct 06, 2020 at 08:15:32AM -0700, Sean Christopherson wro
On Tue, Oct 06, 2020 at 01:35:27PM -0400, Vivek Goyal wrote:
> On Tue, Oct 06, 2020 at 10:17:04AM -0700, Sean Christopherson wrote:
>
> [..]
> > > > Note, TDX doesn't allow injection exceptions, so reflecting a #PF back
> > > > into the guest is not an optio
On Tue, Oct 06, 2020 at 08:28:19PM +0300, Jarkko Sakkinen wrote:
> On Tue, Oct 06, 2020 at 08:15:32AM -0700, Sean Christopherson wrote:
> > On Tue, Oct 06, 2020 at 10:30:16AM +0200, Jethro Beekman wrote:
> > > On 2020-10-06 04:57, Sean Christopherson wrote:
> > > >
On Tue, Oct 06, 2020 at 10:36:09AM -0700, Jim Mattson wrote:
> On Wed, Aug 12, 2020 at 10:51 AM Sean Christopherson
> wrote:
> >
> > On successful nested VM-Enter, check for pending interrupts and convert
> > the highest priority interrupt to a pending posted interrup
On Tue, Oct 06, 2020 at 06:39:56PM +0200, Vitaly Kuznetsov wrote:
> Sean Christopherson writes:
>
> > On Tue, Oct 06, 2020 at 05:24:54PM +0200, Vitaly Kuznetsov wrote:
> >> Vivek Goyal writes:
> >> > So you will have to report token (along with -EFAULT) to user
On Tue, Oct 06, 2020 at 05:24:54PM +0200, Vitaly Kuznetsov wrote:
> Vivek Goyal writes:
> > So you will have to report token (along with -EFAULT) to user space. So this
> > is basically the 3rd proposal which is extension of kvm API and will
> > report say HVA/GFN also to user space along with -EF
On Tue, Oct 06, 2020 at 10:30:16AM +0200, Jethro Beekman wrote:
> On 2020-10-06 04:57, Sean Christopherson wrote:
> > On Sat, Oct 03, 2020 at 07:50:56AM +0300, Jarkko Sakkinen wrote:
> >> +struct sgx_enclave_run {
> >> + __u64 tcs;
> >> + __u64 u
On Sat, Oct 03, 2020 at 07:50:56AM +0300, Jarkko Sakkinen wrote:
> From: Sean Christopherson
> + /* Validate that the reserved area contains only zeros. */
> + push%rax
> + push%rbx
> + mov $SGX_ENCLAVE_RUN_RESERVED_START, %rbx
> +1:
> + mov
On Mon, Oct 05, 2020 at 12:30:03PM -0700, Andy Lutomirski wrote:
> On 32-bit kernels, the stackprotector canary is quite nasty -- it is
> stored at %gs:(20), which is nasty because 32-bit kernels use %fs for
> percpu storage. It's even nastier because it means that whether %gs
> contains userspace
On Mon, Oct 05, 2020 at 03:48:09PM -0700, Ben Gardon wrote:
> On Fri, Sep 25, 2020 at 6:25 PM Paolo Bonzini wrote:
> >
> > On 25/09/20 23:23, Ben Gardon wrote:
> > > diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c
> > > index 42dde27decd75..c07831b0c73e1 100644
> > > --- a/arc
On Sat, Oct 03, 2020 at 04:04:22PM -0700, Andy Lutomirski wrote:
> On Fri, Oct 2, 2020 at 5:15 PM Andy Lutomirski wrote:
> > But it's also more subtly wrong -- this corrupts all the segment attributes
> > in the case where a segment points to the GDT and the GDT attributes are
> > non-default.
Pa
sters, though it is still silly.
Cc: Alexander Graf
Cc: Aaron Lewis
Cc: Peter Xu
Signed-off-by: Sean Christopherson
---
arch/x86/kvm/vmx/vmx.c | 46 +++---
1 file changed, 30 insertions(+), 16 deletions(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kv
From: Peter Xu
Fix an inverted flag for intercepting x2APIC MSRs and intercept writes
by default, even when APICV is enabled.
Fixes: 3eb900173c71 ("KVM: x86: VMX: Prevent MSR passthrough when MSR access is
denied")
Not-signed-off-by: Peter Xu
[sean: added changelog]
Signed-of
o kick it.
Peter Xu (1):
KVM: VMX: Fix x2APIC MSR intercept handling on !APICV platforms
Sean Christopherson (1):
KVM: VMX: Ignore userspace MSR filters for x2APIC when APICV is
enabled
arch/x86/kvm/vmx/vmx.c | 45 --
1 file changed, 30 inserti
On Thu, Oct 01, 2020 at 09:11:39PM -0400, Peter Xu wrote:
> Hi,
>
> I reported in the v13 cover letter of kvm dirty ring series that this patch
> seems to have been broken. Today I tried to reproduce with a simplest vm, and
> after a closer look...
>
> On Fri, Sep 25, 2020 at 04:34:20PM +0200, A
901 - 1000 of 1710 matches
Mail list logo
