The highlight is a fix for nested posted interrupts that shows up on CPUs with IPI virtualization. If KVM ends up handling an L1 virtual IRQ for L2's posted interrupt notification vector, KVM will incorrectly synthesize a VM-Exit to L1 instead of processing pending posted interrupts. I am very confident in the fix itself. The refactorings to land the fix without creating a TOCTOU bug on the other hand... I did my best to test that I didn't botch anything, but my first attempt went poorly, and as a result the changes haven't been in -next for as long as I'd normally prefer. The following changes since commit 47ac09b91befbb6a235ab620c32af719f8208399: Linux 6.11-rc4 (2024-08-18 13:17:27 -0700) are available in the Git repository at: https://github.com/kvm-x86/linux.git tags/kvm-x86-vmx-6.12 for you to fetch changes up to f3009482512eb057e7161214a068c6bd7bae83a4: KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (2024-09-09 20:33:22 -0700) ---------------------------------------------------------------- KVM VMX changes for 6.12: - Set FINAL/PAGE in the page fault error code for EPT Violations if and only if the GVA is valid. If the GVA is NOT valid, there is no guest-side page table walk and so stuffing paging related metadata is nonsensical. - Fix a bug where KVM would incorrectly synthesize a nested VM-Exit instead of emulating posted interrupt delivery to L2. - Add a lockdep assertion to detect unsafe accesses of vmcs12 structures. - Harden eVMCS loading against an impossible NULL pointer deref (really truly should be impossible). - Minor SGX fix and a cleanup. ---------------------------------------------------------------- Kai Huang (2): KVM: VMX: Do not account for temporary memory allocation in ECREATE emulation KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled Maxim Levitsky (1): KVM: nVMX: Use vmx_segment_cache_clear() instead of open coded equivalent Qiang Liu (1): KVM: VMX: Modify the BUILD_BUG_ON_MSG of the 32-bit field in the vmcs_check16 function Sean Christopherson (9): KVM: nVMX: Honor userspace MSR filter lists for nested VM-Enter/VM-Exit KVM: x86: Move "ack" phase of local APIC IRQ delivery to separate API KVM: nVMX: Get to-be-acknowledge IRQ for nested VM-Exit at injection site KVM: nVMX: Suppress external interrupt VM-Exit injection if there's no IRQ KVM: nVMX: Detect nested posted interrupt NV at nested VM-Exit injection KVM: x86: Fold kvm_get_apic_interrupt() into kvm_cpu_get_interrupt() KVM: nVMX: Explicitly invalidate posted_intr_nv if PI is disabled at VM-Enter KVM: nVMX: Assert that vcpu->mutex is held when accessing secondary VMCSes KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid Vitaly Kuznetsov (1): KVM: VMX: hyper-v: Prevent impossible NULL pointer dereference in evmcs_load() Documentation/virt/kvm/api.rst | 23 ++++++++++--- arch/x86/include/asm/kvm_host.h | 3 ++ arch/x86/kvm/irq.c | 10 ++++-- arch/x86/kvm/lapic.c | 9 +++--- arch/x86/kvm/lapic.h | 2 +- arch/x86/kvm/vmx/nested.c | 72 ++++++++++++++++++++++++++++++----------- arch/x86/kvm/vmx/nested.h | 6 ++++ arch/x86/kvm/vmx/sgx.c | 2 +- arch/x86/kvm/vmx/vmx.c | 17 ++++++---- arch/x86/kvm/vmx/vmx.h | 5 +++ arch/x86/kvm/vmx/vmx_onhyperv.h | 8 +++++ arch/x86/kvm/vmx/vmx_ops.h | 2 +- arch/x86/kvm/x86.c | 6 ++-- 13 files changed, 124 insertions(+), 41 deletions(-)