Commit fd0aa1a4 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm 

Pull kvm fixes from Paolo Bonzini:
 "Miscellaneous bugfixes.

  The main interesting one is a NULL pointer dereference reported by
  syzkaller ("KVM: x86: Immediately reset the MMU context when the SMM
  flag is cleared")"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: selftests: Fix kvm_check_cap() assertion
  KVM: x86/mmu: Calculate and check "full" mmu_role for nested MMU
  KVM: X86: Fix x86_emulator slab cache leak
  KVM: SVM: Call SEV Guest Decommission if ASID binding fails
  KVM: x86: Immediately reset the MMU context when the SMM flag is cleared
  KVM: x86: Fix fall-through warnings for Clang
  KVM: SVM: fix doc warnings
  KVM: selftests: Fix compiling errors when initializing the static structure
  kvm: LAPIC: Restore guard to prevent illegal APIC register access
parents 39519f6a d8ac05ea

arch/x86/kvm/cpuid.c

+1 −0
Original line number Diff line number Diff line
@@ -655,6 +655,7 @@ static int __do_cpuid_func_emulated(struct kvm_cpuid_array *array, u32 func) 
		if (kvm_cpu_cap_has(X86_FEATURE_RDTSCP))

			entry->ecx = F(RDPID);

		++array->nent;

		break;

	default:

		break;

	}

arch/x86/kvm/lapic.c

+3 −0
Original line number Diff line number Diff line
@@ -1410,6 +1410,9 @@ int kvm_lapic_reg_read(struct kvm_lapic *apic, u32 offset, int len, 
	if (!apic_x2apic_mode(apic))

		valid_reg_mask |= APIC_REG_MASK(APIC_ARBPRI);



	if (alignment + len > 4)

		return 1;



	if (offset > 0x3f0 || !(valid_reg_mask & APIC_REG_MASK(offset)))

		return 1;

arch/x86/kvm/mmu/mmu.c

+25 −1
Original line number Diff line number Diff line
@@ -4739,9 +4739,33 @@ static void init_kvm_softmmu(struct kvm_vcpu *vcpu) 
	context->inject_page_fault = kvm_inject_page_fault;

}



static union kvm_mmu_role kvm_calc_nested_mmu_role(struct kvm_vcpu *vcpu)

{

	union kvm_mmu_role role = kvm_calc_shadow_root_page_role_common(vcpu, false);



	/*

	 * Nested MMUs are used only for walking L2's gva->gpa, they never have

	 * shadow pages of their own and so "direct" has no meaning.   Set it

	 * to "true" to try to detect bogus usage of the nested MMU.

	 */

	role.base.direct = true;



	if (!is_paging(vcpu))

		role.base.level = 0;

	else if (is_long_mode(vcpu))

		role.base.level = is_la57_mode(vcpu) ? PT64_ROOT_5LEVEL :

						       PT64_ROOT_4LEVEL;

	else if (is_pae(vcpu))

		role.base.level = PT32E_ROOT_LEVEL;

	else

		role.base.level = PT32_ROOT_LEVEL;



	return role;

}



static void init_kvm_nested_mmu(struct kvm_vcpu *vcpu)

{

	union kvm_mmu_role new_role = kvm_calc_mmu_role_common(vcpu, false);

	union kvm_mmu_role new_role = kvm_calc_nested_mmu_role(vcpu);

	struct kvm_mmu *g_context = &vcpu->arch.nested_mmu;



	if (new_role.as_u64 == g_context->mmu_role.as_u64)

arch/x86/kvm/svm/avic.c

+3 −3
Original line number Diff line number Diff line
@@ -221,7 +221,7 @@ static u64 *avic_get_physical_id_entry(struct kvm_vcpu *vcpu, 
	return &avic_physical_id_table[index];

}



/**

/*

 * Note:

 * AVIC hardware walks the nested page table to check permissions,

 * but does not use the SPA address specified in the leaf page
@@ -764,7 +764,7 @@ static int svm_ir_list_add(struct vcpu_svm *svm, struct amd_iommu_pi_data *pi) 
	return ret;

}



/**

/*

 * Note:

 * The HW cannot support posting multicast/broadcast

 * interrupts to a vCPU. So, we still use legacy interrupt
@@ -1005,7 +1005,7 @@ void avic_vcpu_put(struct kvm_vcpu *vcpu) 
	WRITE_ONCE(*(svm->avic_physical_id_cache), entry);

}



/**

/*

 * This function is called during VCPU halt/unhalt.

 */

static void avic_set_running(struct kvm_vcpu *vcpu, bool is_run)

arch/x86/kvm/svm/sev.c

+15 −5
Original line number Diff line number Diff line
@@ -199,9 +199,19 @@ static void sev_asid_free(struct kvm_sev_info *sev) 
	sev->misc_cg = NULL;

}



static void sev_unbind_asid(struct kvm *kvm, unsigned int handle)

static void sev_decommission(unsigned int handle)

{

	struct sev_data_decommission decommission;



	if (!handle)

		return;



	decommission.handle = handle;

	sev_guest_decommission(&decommission, NULL);

}



static void sev_unbind_asid(struct kvm *kvm, unsigned int handle)

{

	struct sev_data_deactivate deactivate;



	if (!handle)
@@ -214,9 +224,7 @@ static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) 
	sev_guest_deactivate(&deactivate, NULL);

	up_read(&sev_deactivate_lock);



	/* decommission handle */

	decommission.handle = handle;

	sev_guest_decommission(&decommission, NULL);

	sev_decommission(handle);

}



static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
@@ -341,8 +349,10 @@ static int sev_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) 


	/* Bind ASID to this guest */

	ret = sev_bind_asid(kvm, start.handle, error);

	if (ret)

	if (ret) {

		sev_decommission(start.handle);

		goto e_free_session;

	}



	/* return handle to userspace */

	params.handle = start.handle;