From: Borislav Petkov <bp@alien8.de>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: x86-ml <x86@kernel.org>, lkml <linux-kernel@vger.kernel.org>
Subject: [GIT PULL] x86/cc for 6.5
Date: Mon, 26 Jun 2023 20:06:24 +0200 [thread overview]
Message-ID: <20230626180624.GJZJnToMIWeCuisF7L@fat_crate.local> (raw)
Hi Linus,
please pull the unaccepted memory support for 6.5. This has been long in
the making but now is good to go.
Thx.
---
The following changes since commit 9561de3a55bed6bdd44a12820ba81ec416e705a7:
Linux 6.4-rc5 (2023-06-04 14:04:27 -0400)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_cc_for_v6.5
for you to fetch changes up to 84b9b44b99780d35fe72ac63c4724f158771e898:
virt: sevguest: Add CONFIG_CRYPTO dependency (2023-06-09 15:53:07 +0200)
----------------------------------------------------------------
- Add support for unaccepted memory as specified in the UEFI spec v2.9.
The gist of it all is that Intel TDX and AMD SEV-SNP confidential
computing guests define the notion of accepting memory before using it
and thus preventing a whole set of attacks against such guests like
memory replay and the like.
There are a couple of strategies of how memory should be accepted
- the current implementation does an on-demand way of accepting.
----------------------------------------------------------------
Arnd Bergmann (1):
virt: sevguest: Add CONFIG_CRYPTO dependency
Dionna Glaze (1):
x86/efi: Safely enable unaccepted memory in UEFI
Kirill A. Shutemov (9):
mm: Add support for unaccepted memory
efi/x86: Get full memory map in allocate_e820()
efi/libstub: Implement support for unaccepted memory
x86/boot/compressed: Handle unaccepted memory
efi: Add unaccepted memory support
efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory
x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub
x86/tdx: Refactor try_accept_one()
x86/tdx: Add unaccepted memory support
Tom Lendacky (5):
x86/sev: Fix calculation of end address based on number of pages
x86/sev: Put PSC struct on the stack in prep for unaccepted memory support
x86/sev: Allow for use of the early boot GHCB for PSC requests
x86/sev: Use large PSC requests if applicable
x86/sev: Add SNP-specific unaccepted memory support
arch/x86/Kconfig | 4 +
arch/x86/boot/compressed/Makefile | 3 +-
arch/x86/boot/compressed/efi.h | 10 +
arch/x86/boot/compressed/error.c | 19 ++
arch/x86/boot/compressed/error.h | 1 +
arch/x86/boot/compressed/kaslr.c | 40 ++--
arch/x86/boot/compressed/mem.c | 86 ++++++++
arch/x86/boot/compressed/misc.c | 6 +
arch/x86/boot/compressed/misc.h | 10 +
arch/x86/boot/compressed/sev.c | 54 ++++-
arch/x86/boot/compressed/sev.h | 23 ++
arch/x86/boot/compressed/tdx-shared.c | 2 +
arch/x86/coco/tdx/Makefile | 2 +-
arch/x86/coco/tdx/tdx-shared.c | 71 +++++++
arch/x86/coco/tdx/tdx.c | 102 +--------
arch/x86/include/asm/efi.h | 2 +
arch/x86/include/asm/sev-common.h | 9 +-
arch/x86/include/asm/sev.h | 23 +-
arch/x86/include/asm/shared/tdx.h | 53 +++++
arch/x86/include/asm/tdx.h | 21 +-
arch/x86/include/asm/unaccepted_memory.h | 27 +++
arch/x86/kernel/sev-shared.c | 103 +++++++++
arch/x86/kernel/sev.c | 256 ++++++++++-------------
arch/x86/platform/efi/efi.c | 3 +
drivers/base/node.c | 7 +
drivers/firmware/efi/Kconfig | 14 ++
drivers/firmware/efi/Makefile | 1 +
drivers/firmware/efi/efi.c | 26 +++
drivers/firmware/efi/libstub/Makefile | 2 +
drivers/firmware/efi/libstub/bitmap.c | 41 ++++
drivers/firmware/efi/libstub/efistub.h | 6 +
drivers/firmware/efi/libstub/find.c | 43 ++++
drivers/firmware/efi/libstub/unaccepted_memory.c | 222 ++++++++++++++++++++
drivers/firmware/efi/libstub/x86-stub.c | 75 +++++--
drivers/firmware/efi/unaccepted_memory.c | 147 +++++++++++++
drivers/virt/coco/sev-guest/Kconfig | 1 +
fs/proc/meminfo.c | 5 +
include/linux/efi.h | 16 +-
include/linux/mm.h | 19 ++
include/linux/mmzone.h | 8 +
mm/memblock.c | 9 +
mm/mm_init.c | 7 +
mm/page_alloc.c | 173 +++++++++++++++
mm/vmstat.c | 3 +
44 files changed, 1448 insertions(+), 307 deletions(-)
create mode 100644 arch/x86/boot/compressed/mem.c
create mode 100644 arch/x86/boot/compressed/sev.h
create mode 100644 arch/x86/boot/compressed/tdx-shared.c
create mode 100644 arch/x86/coco/tdx/tdx-shared.c
create mode 100644 arch/x86/include/asm/unaccepted_memory.h
create mode 100644 drivers/firmware/efi/libstub/bitmap.c
create mode 100644 drivers/firmware/efi/libstub/find.c
create mode 100644 drivers/firmware/efi/libstub/unaccepted_memory.c
create mode 100644 drivers/firmware/efi/unaccepted_memory.c
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
next reply other threads:[~2023-06-26 18:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-26 18:06 Borislav Petkov [this message]
2023-06-26 22:54 ` [GIT PULL] x86/cc for 6.5 pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230626180624.GJZJnToMIWeCuisF7L@fat_crate.local \
--to=bp@alien8.de \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).