Hi Linus,
please pull a huuuge pile of x86/sev changes for v6.9-rc1.
If you're merging tip pull requests in the chronological order you've
received them, you'll encounter a couple of simple merge conflicts. I'm
adding how I've resolved them at the end of this message in case you
wanna compare notes.
Thx.
---
The following changes since commit 41bccc98fb7931d63d03f326a746ac4d429c1dd3:
Linux 6.8-rc2 (2024-01-28 17:01:12 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_sev_for_v6.9_rc1
for you to fetch changes up to c0935fca6ba4799e5efc6daeee37887e84707d01:
x86/sev: Disable KMSAN for memory encryption TUs (2024-03-08 08:59:22 +0100)
----------------------------------------------------------------
- Add the x86 part of the SEV-SNP host support. This will allow the
kernel to be used as a KVM hypervisor capable of running SNP (Secure
Nested Paging) guests. Roughly speaking, SEV-SNP is the ultimate goal
of the AMD confidential computing side, providing the most
comprehensive confidential computing environment up to date.
This is the x86 part and there is a KVM part which did not get ready
in time for the merge window so latter will be forthcoming in the next
cycle.
- Rework the early code's position-dependent SEV variable references in
order to allow building the kernel with clang and -fPIE/-fPIC and
-mcmodel=kernel
- The usual set of fixes, cleanups and improvements all over the place
----------------------------------------------------------------
Ard Biesheuvel (2):
x86/sme: Fix memory encryption setting if enabled by default and not overridden
x86/sev: Fix position dependent variable references in startup code
Ashish Kalra (6):
iommu/amd: Don't rely on external callers to enable IOMMU SNP support
x86/mtrr: Don't print errors if MtrrFixDramModEn is set when SNP enabled
x86/sev: Introduce an SNP leaked pages list
iommu/amd: Clean up RMP entries for IOMMU pages during SNP shutdown
crypto: ccp: Add panic notifier for SEV/SNP firmware shutdown on kdump
iommu/amd: Fix failure return from snp_lookup_rmpentry()
Borislav Petkov (AMD) (5):
x86/sev: Harden #VC instruction emulation somewhat
x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
crypto: ccp: Make snp_range_list static
crypto: ccp - Have it depend on AMD_IOMMU
x86/sev: Dump SEV_STATUS
Brijesh Singh (14):
x86/cpufeatures: Add SEV-SNP CPU feature
x86/sev: Add SEV-SNP host initialization support
x86/sev: Add RMP entry lookup helpers
x86/fault: Add helper for dumping RMP entries
x86/traps: Define RMP violation #PF error code
x86/sev: Add helper functions for RMPUPDATE and PSMASH instruction
crypto: ccp: Define the SEV-SNP commands
crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP
crypto: ccp: Provide an API to issue SEV and SNP commands
crypto: ccp: Handle the legacy TMR allocation when SNP is enabled
crypto: ccp: Handle legacy SEV commands when SNP is enabled
KVM: SEV: Make AVIC backing, VMSA and VMCB memory allocation SNP safe
crypto: ccp: Add the SNP_PLATFORM_STATUS command
crypto: ccp: Add the SNP_SET_CONFIG command
Changbin Du (1):
x86/sev: Disable KMSAN for memory encryption TUs
Kim Phillips (1):
x86/speculation: Do not enable Automatic IBRS if SEV-SNP is enabled
Kirill A. Shutemov (1):
x86/mm: Fix memory encryption features advertisement
Michael Roth (4):
x86/fault: Dump RMP table information when RMP page faults occur
x86/sev: Adjust the directmap to avoid inadvertent RMP faults
x86/cpufeatures: Enable/unmask SEV-SNP CPU feature
Documentation: virt: Fix up pre-formatted text block for SEV ioctls
Tom Lendacky (2):
crypto: ccp: Handle non-volatile INIT_EX data when SNP is enabled
crypto: ccp: Add the SNP_COMMIT command
Documentation/admin-guide/kernel-parameters.txt | 4 +-
Documentation/arch/x86/amd-memory-encryption.rst | 16 +-
Documentation/virt/coco/sev-guest.rst | 52 +
arch/x86/Kbuild | 2 +
arch/x86/Kconfig | 13 -
arch/x86/boot/compressed/sev.c | 6 +-
arch/x86/coco/core.c | 7 +-
arch/x86/include/asm/asm.h | 14 +
arch/x86/include/asm/coco.h | 8 +-
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/disabled-features.h | 8 +-
arch/x86/include/asm/iommu.h | 1 +
arch/x86/include/asm/kvm-x86-ops.h | 1 +
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/include/asm/mem_encrypt.h | 15 +-
arch/x86/include/asm/msr-index.h | 66 +-
arch/x86/include/asm/sev.h | 40 +
arch/x86/include/asm/trap_pf.h | 20 +-
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/cpu/amd.c | 21 +-
arch/x86/kernel/cpu/common.c | 7 +-
arch/x86/kernel/cpu/mtrr/generic.c | 3 +
arch/x86/kernel/crash.c | 3 +
arch/x86/kernel/sev-shared.c | 114 +-
arch/x86/kernel/sev.c | 54 +-
arch/x86/kvm/lapic.c | 5 +-
arch/x86/kvm/svm/nested.c | 2 +-
arch/x86/kvm/svm/sev.c | 37 +-
arch/x86/kvm/svm/svm.c | 17 +-
arch/x86/kvm/svm/svm.h | 1 +
arch/x86/mm/Makefile | 1 +
arch/x86/mm/fault.c | 5 +
arch/x86/mm/mem_encrypt.c | 55 +-
arch/x86/mm/mem_encrypt_identity.c | 40 +-
arch/x86/virt/svm/Makefile | 3 +
arch/x86/virt/svm/sev.c | 560 ++++++++++
drivers/crypto/ccp/Kconfig | 2 +-
drivers/crypto/ccp/sev-dev.c | 1260 +++++++++++++++++++---
drivers/crypto/ccp/sev-dev.h | 5 +
drivers/iommu/amd/amd_iommu.h | 1 -
drivers/iommu/amd/init.c | 125 ++-
include/linux/amd-iommu.h | 6 +-
include/linux/psp-sev.h | 321 +++++-
include/uapi/linux/psp-sev.h | 59 +
tools/arch/x86/include/asm/cpufeatures.h | 1 +
45 files changed, 2677 insertions(+), 307 deletions(-)
create mode 100644 arch/x86/virt/svm/Makefile
create mode 100644 arch/x86/virt/svm/sev.c
---
Merge conflicts resolve:
---
commit ad844f23969df842cbbdba40b2d3954a618c96d8 (refs/remotes/amd/merge-test)
Merge: a720c4257e69 c0935fca6ba4
Author: Bob the builder <[email protected]>
Date: Mon Mar 11 14:55:57 2024 +0000
Merge remote-tracking branch 'tip/x86/sev' into merge-test
Conflicts:
arch/x86/include/asm/coco.h
arch/x86/include/asm/disabled-features.h
arch/x86/include/asm/mem_encrypt.h
arch/x86/mm/fault.c
Signed-off-by: Bob the builder <[email protected]>
diff --cc arch/x86/include/asm/coco.h
index 76c310b19b11,21940ef8d290..42871bb262d0
--- a/arch/x86/include/asm/coco.h
+++ b/arch/x86/include/asm/coco.h
@@@ -10,9 -11,15 +11,15 @@@ enum cc_vendor
CC_VENDOR_INTEL,
};
-extern enum cc_vendor cc_vendor;
+ extern u64 cc_mask;
+
#ifdef CONFIG_ARCH_HAS_CC_PLATFORM
+extern enum cc_vendor cc_vendor;
- void cc_set_mask(u64 mask);
+ static inline void cc_set_mask(u64 mask)
+ {
+ RIP_REL_REF(cc_mask) = mask;
+ }
+
u64 cc_mkenc(u64 val);
u64 cc_mkdec(u64 val);
#else
diff --cc arch/x86/include/asm/disabled-features.h
index 1f23960d2b06,3332d2940020..da4054fbf533
--- a/arch/x86/include/asm/disabled-features.h
+++ b/arch/x86/include/asm/disabled-features.h
@@@ -117,12 -117,12 +117,18 @@@
#define DISABLE_IBT (1 << (X86_FEATURE_IBT & 31))
#endif
+#ifdef CONFIG_X86_FRED
+# define DISABLE_FRED 0
+#else
+# define DISABLE_FRED (1 << (X86_FEATURE_FRED & 31))
+#endif
+
+ #ifdef CONFIG_KVM_AMD_SEV
+ #define DISABLE_SEV_SNP 0
+ #else
+ #define DISABLE_SEV_SNP (1 << (X86_FEATURE_SEV_SNP & 31))
+ #endif
+
/*
* Make sure to add features to the correct mask
*/
diff --cc arch/x86/kernel/sev-shared.c
index fcc6d834e2c4,ae79f9505298..a200bd72fadc
--- a/arch/x86/kernel/sev-shared.c
+++ b/arch/x86/kernel/sev-shared.c
@@@ -9,11 -9,11 +9,13 @@@
* and is included directly into both code-bases.
*/
+#include <asm/setup_data.h>
+
#ifndef __BOOT_COMPRESSED
- #define error(v) pr_err(v)
- #define has_cpuflag(f) boot_cpu_has(f)
+ #define error(v) pr_err(v)
+ #define has_cpuflag(f) boot_cpu_has(f)
+ #define sev_printk(fmt, ...) printk(fmt, ##__VA_ARGS__)
+ #define sev_printk_rtl(fmt, ...) printk_ratelimited(fmt, ##__VA_ARGS__)
#else
#undef WARN
#define WARN(condition, format...) (!!(condition))
diff --cc arch/x86/mm/fault.c
index e1ac86396446,859adcd123c9..cdb5045a0428
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@@ -34,7 -34,7 +34,8 @@@
#include <asm/kvm_para.h> /* kvm_handle_async_pf */
#include <asm/vdso.h> /* fixup_vdso_exception() */
#include <asm/irq_stack.h>
+#include <asm/fred.h>
+ #include <asm/sev.h> /* snp_dump_hva_rmpentry() */
#define CREATE_TRACE_POINTS
#include <asm/trace/exceptions.h>
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On Mon, 11 Mar 2024 at 08:19, Borislav Petkov <[email protected]> wrote:
>
> If you're merging tip pull requests in the chronological order you've
> received them, you'll encounter a couple of simple merge conflicts.
It's not exactly chronological - I tend to go by areas and by
submitter, but it tends to approximate chronological most of the
time..
> I'm adding how I've resolved them at the end of this message in case
> you wanna compare notes.
Hmm. I took a slightly different approach:
> diff --cc arch/x86/include/asm/coco.h
> index 76c310b19b11,21940ef8d290..42871bb262d0
> --- a/arch/x86/include/asm/coco.h
> +++ b/arch/x86/include/asm/coco.h
> @@@ -10,9 -11,15 +11,15 @@@ enum cc_vendor
> CC_VENDOR_INTEL,
> };
>
> -extern enum cc_vendor cc_vendor;
> + extern u64 cc_mask;
> +
> #ifdef CONFIG_ARCH_HAS_CC_PLATFORM
> +extern enum cc_vendor cc_vendor;
I put the 'cc_mask' declaration inside the #ifdef too.
Because those two variables are defined together, and without
CONFIG_ARCH_HAS_CC_PLATFORM the whole coco/ subdirectory that defines
them won't even be built, as far as I can tell.
And I don't see any _use_ of 'cc_mask' anywhere outside of that one
'cc_set_mask()' inline function and the coco/core.c file. So declaring
it only when it's all enabled seems to be the right thing.
Let's hope my artistic merge resolution doesn't end up coming back to bite me.
Linus
The pull request you sent on Mon, 11 Mar 2024 16:19:09 +0100:
> git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_sev_for_v6.9_rc1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/38b334fc767e44816be087b3ec5d84b1438b735f
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
On Mon, Mar 11, 2024 at 05:50:48PM -0700, Linus Torvalds wrote:
> Let's hope my artistic merge resolution doesn't end up coming back to bite me.
Makes sense and looks ok to me.
I think this'll start becoming a problem when it gets referenced from
outside, see the respective example with cc_vendor:
e45964771007 ("x86/coco: Define cc_vendor without CONFIG_ARCH_HAS_CC_PLATFORM")
but we'll cross that bridge when we get to it.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
* Linus Torvalds <[email protected]> wrote:
> > diff --cc arch/x86/include/asm/coco.h
> > index 76c310b19b11,21940ef8d290..42871bb262d0
> > --- a/arch/x86/include/asm/coco.h
> > +++ b/arch/x86/include/asm/coco.h
> > @@@ -10,9 -11,15 +11,15 @@@ enum cc_vendor
> > CC_VENDOR_INTEL,
> > };
> >
> > -extern enum cc_vendor cc_vendor;
> > + extern u64 cc_mask;
> > +
> > #ifdef CONFIG_ARCH_HAS_CC_PLATFORM
> > +extern enum cc_vendor cc_vendor;
>
> I put the 'cc_mask' declaration inside the #ifdef too.
>
> Because those two variables are defined together, and without
> CONFIG_ARCH_HAS_CC_PLATFORM the whole coco/ subdirectory that defines
> them won't even be built, as far as I can tell.
>
> And I don't see any _use_ of 'cc_mask' anywhere outside of that one
> 'cc_set_mask()' inline function and the coco/core.c file. So declaring
> it only when it's all enabled seems to be the right thing.
>
> Let's hope my artistic merge resolution doesn't end up coming back to bite me.
So it does come back in a fashion, because the tip:x86/boot tree has an
internal merge of x86/sev, where it dutifully followed the original pattern
of:
1c811d403afd x86/sev: Fix position dependent variable references in startup code
.. instead of merging it smartly like you did. :-/
And because I think it would suck to force you to do the same smart merge
conflict resolution *twice*, I did it myself in x86/boot and documented the
background:
commit 2e2bc42c8381d2c0e9604b59e49264821da29368 (origin/x86/boot, x86/boot)
Merge: 428080c9b19b 855684c7d938
Author: Ingo Molnar <[email protected]>
Date: Tue Mar 12 09:49:52 2024 +0100
Merge branch 'linus' into x86/boot, to resolve conflict
There's a new conflict with Linus's upstream tree, because
in the following merge conflict resolution in <asm/coco.h>:
38b334fc767e Merge tag 'x86_sev_for_v6.9_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Linus has resolved the conflicting placement of 'cc_mask' better
than the original commit:
1c811d403afd x86/sev: Fix position dependent variable references in startup code
... which was also done by an internal merge resolution:
2e5fc4786b7a Merge branch 'x86/sev' into x86/boot, to resolve conflicts and to pick up dependent tree
But Linus is right in 38b334fc767e, the 'cc_mask' declaration is sufficient
within the #ifdef CONFIG_ARCH_HAS_CC_PLATFORM block.
So instead of forcing Linus to do the same resolution again, merge in Linus's
tree and follow his conflict resolution.
Conflicts:
arch/x86/include/asm/coco.h
Signed-off-by: Ingo Molnar <[email protected]>
You'll get the x86/boot pull request later today. If that extra merge
commit is too much, please merge FETCH_HEAD~1 instead to discard my merge
commit.
Thanks,
Ingo