* [GIT PULL] x86/cc for 6.5
@ 2023-06-26 18:06 Borislav Petkov
2023-06-26 22:54 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: Borislav Petkov @ 2023-06-26 18:06 UTC (permalink / raw)
To: Linus Torvalds; +Cc: x86-ml, lkml
Hi Linus,
please pull the unaccepted memory support for 6.5. This has been long in
the making but now is good to go.
Thx.
---
The following changes since commit 9561de3a55bed6bdd44a12820ba81ec416e705a7:
Linux 6.4-rc5 (2023-06-04 14:04:27 -0400)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_cc_for_v6.5
for you to fetch changes up to 84b9b44b99780d35fe72ac63c4724f158771e898:
virt: sevguest: Add CONFIG_CRYPTO dependency (2023-06-09 15:53:07 +0200)
----------------------------------------------------------------
- Add support for unaccepted memory as specified in the UEFI spec v2.9.
The gist of it all is that Intel TDX and AMD SEV-SNP confidential
computing guests define the notion of accepting memory before using it
and thus preventing a whole set of attacks against such guests like
memory replay and the like.
There are a couple of strategies of how memory should be accepted
- the current implementation does an on-demand way of accepting.
----------------------------------------------------------------
Arnd Bergmann (1):
virt: sevguest: Add CONFIG_CRYPTO dependency
Dionna Glaze (1):
x86/efi: Safely enable unaccepted memory in UEFI
Kirill A. Shutemov (9):
mm: Add support for unaccepted memory
efi/x86: Get full memory map in allocate_e820()
efi/libstub: Implement support for unaccepted memory
x86/boot/compressed: Handle unaccepted memory
efi: Add unaccepted memory support
efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory
x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub
x86/tdx: Refactor try_accept_one()
x86/tdx: Add unaccepted memory support
Tom Lendacky (5):
x86/sev: Fix calculation of end address based on number of pages
x86/sev: Put PSC struct on the stack in prep for unaccepted memory support
x86/sev: Allow for use of the early boot GHCB for PSC requests
x86/sev: Use large PSC requests if applicable
x86/sev: Add SNP-specific unaccepted memory support
arch/x86/Kconfig | 4 +
arch/x86/boot/compressed/Makefile | 3 +-
arch/x86/boot/compressed/efi.h | 10 +
arch/x86/boot/compressed/error.c | 19 ++
arch/x86/boot/compressed/error.h | 1 +
arch/x86/boot/compressed/kaslr.c | 40 ++--
arch/x86/boot/compressed/mem.c | 86 ++++++++
arch/x86/boot/compressed/misc.c | 6 +
arch/x86/boot/compressed/misc.h | 10 +
arch/x86/boot/compressed/sev.c | 54 ++++-
arch/x86/boot/compressed/sev.h | 23 ++
arch/x86/boot/compressed/tdx-shared.c | 2 +
arch/x86/coco/tdx/Makefile | 2 +-
arch/x86/coco/tdx/tdx-shared.c | 71 +++++++
arch/x86/coco/tdx/tdx.c | 102 +--------
arch/x86/include/asm/efi.h | 2 +
arch/x86/include/asm/sev-common.h | 9 +-
arch/x86/include/asm/sev.h | 23 +-
arch/x86/include/asm/shared/tdx.h | 53 +++++
arch/x86/include/asm/tdx.h | 21 +-
arch/x86/include/asm/unaccepted_memory.h | 27 +++
arch/x86/kernel/sev-shared.c | 103 +++++++++
arch/x86/kernel/sev.c | 256 ++++++++++-------------
arch/x86/platform/efi/efi.c | 3 +
drivers/base/node.c | 7 +
drivers/firmware/efi/Kconfig | 14 ++
drivers/firmware/efi/Makefile | 1 +
drivers/firmware/efi/efi.c | 26 +++
drivers/firmware/efi/libstub/Makefile | 2 +
drivers/firmware/efi/libstub/bitmap.c | 41 ++++
drivers/firmware/efi/libstub/efistub.h | 6 +
drivers/firmware/efi/libstub/find.c | 43 ++++
drivers/firmware/efi/libstub/unaccepted_memory.c | 222 ++++++++++++++++++++
drivers/firmware/efi/libstub/x86-stub.c | 75 +++++--
drivers/firmware/efi/unaccepted_memory.c | 147 +++++++++++++
drivers/virt/coco/sev-guest/Kconfig | 1 +
fs/proc/meminfo.c | 5 +
include/linux/efi.h | 16 +-
include/linux/mm.h | 19 ++
include/linux/mmzone.h | 8 +
mm/memblock.c | 9 +
mm/mm_init.c | 7 +
mm/page_alloc.c | 173 +++++++++++++++
mm/vmstat.c | 3 +
44 files changed, 1448 insertions(+), 307 deletions(-)
create mode 100644 arch/x86/boot/compressed/mem.c
create mode 100644 arch/x86/boot/compressed/sev.h
create mode 100644 arch/x86/boot/compressed/tdx-shared.c
create mode 100644 arch/x86/coco/tdx/tdx-shared.c
create mode 100644 arch/x86/include/asm/unaccepted_memory.h
create mode 100644 drivers/firmware/efi/libstub/bitmap.c
create mode 100644 drivers/firmware/efi/libstub/find.c
create mode 100644 drivers/firmware/efi/libstub/unaccepted_memory.c
create mode 100644 drivers/firmware/efi/unaccepted_memory.c
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-06-26 22:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-26 18:06 [GIT PULL] x86/cc for 6.5 Borislav Petkov
2023-06-26 22:54 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).