[GIT PULL] Final set of KVM fixes for Linux 6.8

[Paolo Bonzini <pbonzini@redhat.com>]

Linus,

The following changes since commit c48617fbbe831d4c80fe84056033f17b70a31136:

  Merge tag 'kvmarm-fixes-6.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD (2024-02-21 05:18:56 -0500)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/virt/kvm/kvm.git tags/for-linus

for you to fetch changes up to 5abf6dceb066f2b02b225fd561440c98a8062681:

  SEV: disable SEV-ES DebugSwap by default (2024-03-09 11:42:25 -0500)

Sorry that this comes in a bit late.

It's a bunch of fixes mostly involving confidential VMs; in particular,
many of the commits constrain the new guest_memfd API a bit more, so
that we're not stuck supporting more than it's necessary.  However,
there's also a rare failure to mark a guest page as dirty and a fix
for awful startup performance with preemptible kernels (including
CONFIG_PREEMPT_DYNAMIC in non-preemptible mode) of guests with many vCPUs.

----------------------------------------------------------------
KVM GUEST_MEMFD fixes for 6.8:

- Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY to
  avoid creating an inconsistent ABI (KVM_MEM_GUEST_MEMFD is not writable
  from userspace, so there would be no way to write to a read-only
  guest_memfd).

- Update documentation for KVM_SW_PROTECTED_VM to make it abundantly
  clear that such VMs are purely for development and testing.

- Limit KVM_SW_PROTECTED_VM guests to the TDP MMU, as the long term plan
  is to support confidential VMs with deterministic private memory (SNP
  and TDX) only in the TDP MMU.

- Fix a bug in a GUEST_MEMFD dirty logging test that caused false passes.

x86 fixes:

- Fix missing marking of a guest page as dirty when emulating an atomic access.

- Check for mmu_notifier invalidation events before faulting in the pfn,
  and before acquiring mmu_lock, to avoid unnecessary work and lock
  contention with preemptible kernels (including CONFIG_PREEMPT_DYNAMIC
  in non-preemptible mode).

- Disable AMD DebugSwap by default, it breaks VMSA signing and will be
  re-enabled with a better VM creation API in 6.10.

- Do the cache flush of converted pages in svm_register_enc_region() before
  dropping kvm->lock, to avoid a race with unregistering of the same region
  and the consequent use-after-free issue.

----------------------------------------------------------------
Paolo Bonzini (3):
      Merge tag 'kvm-x86-fixes-6.8-2' of https://github.com/kvm-x86/linux into HEAD
      Merge tag 'kvm-x86-guest_memfd_fixes-6.8' of https://github.com/kvm-x86/linux into HEAD
      SEV: disable SEV-ES DebugSwap by default

Sean Christopherson (8):
      KVM: x86: Mark target gfn of emulated atomic instruction as dirty
      KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY
      KVM: x86: Update KVM_SW_PROTECTED_VM docs to make it clear they're a WIP
      KVM: x86/mmu: Restrict KVM_SW_PROTECTED_VM to the TDP MMU
      KVM: selftests: Create GUEST_MEMFD for relevant invalid flags testcases
      KVM: selftests: Add a testcase to verify GUEST_MEMFD and READONLY are exclusive
      KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
      KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing

 Documentation/virt/kvm/api.rst                     |  5 +++
 arch/x86/kvm/Kconfig                               |  7 ++--
 arch/x86/kvm/mmu/mmu.c                             | 42 ++++++++++++++++++++++
 arch/x86/kvm/svm/sev.c                             | 25 +++++++------
 arch/x86/kvm/x86.c                                 | 12 ++++++-
 include/linux/kvm_host.h                           | 26 ++++++++++++++
 .../testing/selftests/kvm/set_memory_region_test.c | 12 ++++++-
 virt/kvm/kvm_main.c                                |  8 ++++-
 8 files changed, 121 insertions(+), 16 deletions(-)