Linus, The following changes since commit c48617fbbe831d4c80fe84056033f17b70a31136: Merge tag 'kvmarm-fixes-6.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD (2024-02-21 05:18:56 -0500) are available in the Git repository at: https://git.kernel.org/pub/scm/virt/kvm/kvm.git tags/for-linus for you to fetch changes up to 5abf6dceb066f2b02b225fd561440c98a8062681: SEV: disable SEV-ES DebugSwap by default (2024-03-09 11:42:25 -0500) Sorry that this comes in a bit late. It's a bunch of fixes mostly involving confidential VMs; in particular, many of the commits constrain the new guest_memfd API a bit more, so that we're not stuck supporting more than it's necessary. However, there's also a rare failure to mark a guest page as dirty and a fix for awful startup performance with preemptible kernels (including CONFIG_PREEMPT_DYNAMIC in non-preemptible mode) of guests with many vCPUs. ---------------------------------------------------------------- KVM GUEST_MEMFD fixes for 6.8: - Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY to avoid creating an inconsistent ABI (KVM_MEM_GUEST_MEMFD is not writable from userspace, so there would be no way to write to a read-only guest_memfd). - Update documentation for KVM_SW_PROTECTED_VM to make it abundantly clear that such VMs are purely for development and testing. - Limit KVM_SW_PROTECTED_VM guests to the TDP MMU, as the long term plan is to support confidential VMs with deterministic private memory (SNP and TDX) only in the TDP MMU. - Fix a bug in a GUEST_MEMFD dirty logging test that caused false passes. x86 fixes: - Fix missing marking of a guest page as dirty when emulating an atomic access. - Check for mmu_notifier invalidation events before faulting in the pfn, and before acquiring mmu_lock, to avoid unnecessary work and lock contention with preemptible kernels (including CONFIG_PREEMPT_DYNAMIC in non-preemptible mode). - Disable AMD DebugSwap by default, it breaks VMSA signing and will be re-enabled with a better VM creation API in 6.10. - Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock, to avoid a race with unregistering of the same region and the consequent use-after-free issue. ---------------------------------------------------------------- Paolo Bonzini (3): Merge tag 'kvm-x86-fixes-6.8-2' of https://github.com/kvm-x86/linux into HEAD Merge tag 'kvm-x86-guest_memfd_fixes-6.8' of https://github.com/kvm-x86/linux into HEAD SEV: disable SEV-ES DebugSwap by default Sean Christopherson (8): KVM: x86: Mark target gfn of emulated atomic instruction as dirty KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY KVM: x86: Update KVM_SW_PROTECTED_VM docs to make it clear they're a WIP KVM: x86/mmu: Restrict KVM_SW_PROTECTED_VM to the TDP MMU KVM: selftests: Create GUEST_MEMFD for relevant invalid flags testcases KVM: selftests: Add a testcase to verify GUEST_MEMFD and READONLY are exclusive KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing Documentation/virt/kvm/api.rst | 5 +++ arch/x86/kvm/Kconfig | 7 ++-- arch/x86/kvm/mmu/mmu.c | 42 ++++++++++++++++++++++ arch/x86/kvm/svm/sev.c | 25 +++++++------ arch/x86/kvm/x86.c | 12 ++++++- include/linux/kvm_host.h | 26 ++++++++++++++ .../testing/selftests/kvm/set_memory_region_test.c | 12 ++++++- virt/kvm/kvm_main.c | 8 ++++- 8 files changed, 121 insertions(+), 16 deletions(-)
