Commit 6c3f5bec authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm 

Pull kvm fixes from Paolo Bonzini:
 "ARM:

   - Correctly expose GICv3 support even if no irqchip is created so
     that userspace doesn't observe it changing pointlessly (fixing a
     regression with QEMU)

   - Don't issue a hypercall to set the id-mapped vectors when protected
     mode is enabled (fix for pKVM in combination with CPUs affected by
     Spectre-v3a)

  x86 (five oneliners, of which the most interesting two are):

   - a NULL pointer dereference on INVPCID executed with paging
     disabled, but only if KVM is using shadow paging

   - an incorrect bsearch comparison function which could truncate the
     result and apply PMU event filtering incorrectly. This one comes
     with a selftests update too"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
  KVM: x86: hyper-v: fix type of valid_bank_mask
  KVM: Free new dirty bitmap if creating a new memslot fails
  KVM: eventfd: Fix false positive RCU usage warning
  selftests: kvm/x86: Verify the pmu event filter matches the correct event
  selftests: kvm/x86: Add the helper function create_pmu_event_filter
  kvm: x86/pmu: Fix the compare function used by the pmu event filter
  KVM: arm64: Don't hypercall before EL2 init
  KVM: arm64: vgic-v3: Consistently populate ID_AA64PFR0_EL1.GIC
  KVM: x86/mmu: Update number of zapped pages even if page list is stable
parents b3454ce0 9f46c187

arch/arm64/kvm/arm.c

+2 −1
Original line number Diff line number Diff line
@@ -1436,7 +1436,8 @@ static int kvm_init_vector_slots(void) 
	base = kern_hyp_va(kvm_ksym_ref(__bp_harden_hyp_vecs));

	kvm_init_vector_slot(base, HYP_VECTOR_SPECTRE_DIRECT);



	if (kvm_system_needs_idmapped_vectors() && !has_vhe()) {

	if (kvm_system_needs_idmapped_vectors() &&

	    !is_protected_kvm_enabled()) {

		err = create_hyp_exec_mappings(__pa_symbol(__bp_harden_hyp_vecs),

					       __BP_HARDEN_HYP_VECS_SZ, &base);

		if (err)

arch/arm64/kvm/sys_regs.c

+1 −2
Original line number Diff line number Diff line
@@ -1123,8 +1123,7 @@ static u64 read_id_reg(const struct kvm_vcpu *vcpu, 
		val |= FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_CSV2), (u64)vcpu->kvm->arch.pfr0_csv2);

		val &= ~ARM64_FEATURE_MASK(ID_AA64PFR0_CSV3);

		val |= FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_CSV3), (u64)vcpu->kvm->arch.pfr0_csv3);

		if (irqchip_in_kernel(vcpu->kvm) &&

		    vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3) {

		if (kvm_vgic_global_state.type == VGIC_V3) {

			val &= ~ARM64_FEATURE_MASK(ID_AA64PFR0_GIC);

			val |= FIELD_PREP(ARM64_FEATURE_MASK(ID_AA64PFR0_GIC), 1);

		}

arch/x86/kvm/hyperv.c

+2 −2
Original line number Diff line number Diff line
@@ -1914,7 +1914,7 @@ static u64 kvm_hv_send_ipi(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc) 
	struct hv_send_ipi_ex send_ipi_ex;

	struct hv_send_ipi send_ipi;

	DECLARE_BITMAP(vcpu_mask, KVM_MAX_VCPUS);

	unsigned long valid_bank_mask;

	u64 valid_bank_mask;

	u64 sparse_banks[KVM_HV_MAX_SPARSE_VCPU_SET_BITS];

	u32 vector;

	bool all_cpus;
@@ -1956,7 +1956,7 @@ static u64 kvm_hv_send_ipi(struct kvm_vcpu *vcpu, struct kvm_hv_hcall *hc) 
		valid_bank_mask = send_ipi_ex.vp_set.valid_bank_mask;

		all_cpus = send_ipi_ex.vp_set.format == HV_GENERIC_SET_ALL;



		if (hc->var_cnt != bitmap_weight(&valid_bank_mask, 64))

		if (hc->var_cnt != bitmap_weight((unsigned long *)&valid_bank_mask, 64))

			return HV_STATUS_INVALID_HYPERCALL_INPUT;



		if (all_cpus)

arch/x86/kvm/mmu/mmu.c

+10 −6
Original line number Diff line number Diff line
@@ -5470,6 +5470,7 @@ void kvm_mmu_invpcid_gva(struct kvm_vcpu *vcpu, gva_t gva, unsigned long pcid) 
	uint i;



	if (pcid == kvm_get_active_pcid(vcpu)) {

		if (mmu->invlpg)

			mmu->invlpg(vcpu, gva, mmu->root.hpa);

		tlb_flush = true;

	}
@@ -5477,6 +5478,7 @@ void kvm_mmu_invpcid_gva(struct kvm_vcpu *vcpu, gva_t gva, unsigned long pcid) 
	for (i = 0; i < KVM_MMU_NUM_PREV_ROOTS; i++) {

		if (VALID_PAGE(mmu->prev_roots[i].hpa) &&

		    pcid == kvm_get_pcid(vcpu, mmu->prev_roots[i].pgd)) {

			if (mmu->invlpg)

				mmu->invlpg(vcpu, gva, mmu->prev_roots[i].hpa);

			tlb_flush = true;

		}
@@ -5665,6 +5667,7 @@ static void kvm_zap_obsolete_pages(struct kvm *kvm) 
{

	struct kvm_mmu_page *sp, *node;

	int nr_zapped, batch = 0;

	bool unstable;



restart:

	list_for_each_entry_safe_reverse(sp, node,
@@ -5696,12 +5699,13 @@ static void kvm_zap_obsolete_pages(struct kvm *kvm) 
			goto restart;

		}



		if (__kvm_mmu_prepare_zap_page(kvm, sp,

				&kvm->arch.zapped_obsolete_pages, &nr_zapped)) {

		unstable = __kvm_mmu_prepare_zap_page(kvm, sp,

				&kvm->arch.zapped_obsolete_pages, &nr_zapped);

		batch += nr_zapped;



		if (unstable)

			goto restart;

	}

	}



	/*

	 * Kick all vCPUs (via remote TLB flush) before freeing the page tables

arch/x86/kvm/pmu.c

+5 −2
Original line number Diff line number Diff line
@@ -171,9 +171,12 @@ static bool pmc_resume_counter(struct kvm_pmc *pmc) 
	return true;

}



static int cmp_u64(const void *a, const void *b)

static int cmp_u64(const void *pa, const void *pb)

{

	return *(__u64 *)a - *(__u64 *)b;

	u64 a = *(u64 *)pa;

	u64 b = *(u64 *)pb;



	return (a > b) - (a < b);

}



void reprogram_gp_counter(struct kvm_pmc *pmc, u64 eventsel)