lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230626180624.GJZJnToMIWeCuisF7L@fat_crate.local>
Date:   Mon, 26 Jun 2023 20:06:24 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     x86-ml <x86@...nel.org>, lkml <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] x86/cc for 6.5

Hi Linus,

please pull the unaccepted memory support for 6.5. This has been long in
the making but now is good to go.

Thx.

---

The following changes since commit 9561de3a55bed6bdd44a12820ba81ec416e705a7:

  Linux 6.4-rc5 (2023-06-04 14:04:27 -0400)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_cc_for_v6.5

for you to fetch changes up to 84b9b44b99780d35fe72ac63c4724f158771e898:

  virt: sevguest: Add CONFIG_CRYPTO dependency (2023-06-09 15:53:07 +0200)

----------------------------------------------------------------
- Add support for unaccepted memory as specified in the UEFI spec v2.9.
  The gist of it all is that Intel TDX and AMD SEV-SNP confidential
  computing guests define the notion of accepting memory before using it
  and thus preventing a whole set of attacks against such guests like
  memory replay and the like.

  There are a couple of strategies of how memory should be accepted
  - the current implementation does an on-demand way of accepting.

----------------------------------------------------------------
Arnd Bergmann (1):
      virt: sevguest: Add CONFIG_CRYPTO dependency

Dionna Glaze (1):
      x86/efi: Safely enable unaccepted memory in UEFI

Kirill A. Shutemov (9):
      mm: Add support for unaccepted memory
      efi/x86: Get full memory map in allocate_e820()
      efi/libstub: Implement support for unaccepted memory
      x86/boot/compressed: Handle unaccepted memory
      efi: Add unaccepted memory support
      efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory
      x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub
      x86/tdx: Refactor try_accept_one()
      x86/tdx: Add unaccepted memory support

Tom Lendacky (5):
      x86/sev: Fix calculation of end address based on number of pages
      x86/sev: Put PSC struct on the stack in prep for unaccepted memory support
      x86/sev: Allow for use of the early boot GHCB for PSC requests
      x86/sev: Use large PSC requests if applicable
      x86/sev: Add SNP-specific unaccepted memory support

 arch/x86/Kconfig                                 |   4 +
 arch/x86/boot/compressed/Makefile                |   3 +-
 arch/x86/boot/compressed/efi.h                   |  10 +
 arch/x86/boot/compressed/error.c                 |  19 ++
 arch/x86/boot/compressed/error.h                 |   1 +
 arch/x86/boot/compressed/kaslr.c                 |  40 ++--
 arch/x86/boot/compressed/mem.c                   |  86 ++++++++
 arch/x86/boot/compressed/misc.c                  |   6 +
 arch/x86/boot/compressed/misc.h                  |  10 +
 arch/x86/boot/compressed/sev.c                   |  54 ++++-
 arch/x86/boot/compressed/sev.h                   |  23 ++
 arch/x86/boot/compressed/tdx-shared.c            |   2 +
 arch/x86/coco/tdx/Makefile                       |   2 +-
 arch/x86/coco/tdx/tdx-shared.c                   |  71 +++++++
 arch/x86/coco/tdx/tdx.c                          | 102 +--------
 arch/x86/include/asm/efi.h                       |   2 +
 arch/x86/include/asm/sev-common.h                |   9 +-
 arch/x86/include/asm/sev.h                       |  23 +-
 arch/x86/include/asm/shared/tdx.h                |  53 +++++
 arch/x86/include/asm/tdx.h                       |  21 +-
 arch/x86/include/asm/unaccepted_memory.h         |  27 +++
 arch/x86/kernel/sev-shared.c                     | 103 +++++++++
 arch/x86/kernel/sev.c                            | 256 ++++++++++-------------
 arch/x86/platform/efi/efi.c                      |   3 +
 drivers/base/node.c                              |   7 +
 drivers/firmware/efi/Kconfig                     |  14 ++
 drivers/firmware/efi/Makefile                    |   1 +
 drivers/firmware/efi/efi.c                       |  26 +++
 drivers/firmware/efi/libstub/Makefile            |   2 +
 drivers/firmware/efi/libstub/bitmap.c            |  41 ++++
 drivers/firmware/efi/libstub/efistub.h           |   6 +
 drivers/firmware/efi/libstub/find.c              |  43 ++++
 drivers/firmware/efi/libstub/unaccepted_memory.c | 222 ++++++++++++++++++++
 drivers/firmware/efi/libstub/x86-stub.c          |  75 +++++--
 drivers/firmware/efi/unaccepted_memory.c         | 147 +++++++++++++
 drivers/virt/coco/sev-guest/Kconfig              |   1 +
 fs/proc/meminfo.c                                |   5 +
 include/linux/efi.h                              |  16 +-
 include/linux/mm.h                               |  19 ++
 include/linux/mmzone.h                           |   8 +
 mm/memblock.c                                    |   9 +
 mm/mm_init.c                                     |   7 +
 mm/page_alloc.c                                  | 173 +++++++++++++++
 mm/vmstat.c                                      |   3 +
 44 files changed, 1448 insertions(+), 307 deletions(-)
 create mode 100644 arch/x86/boot/compressed/mem.c
 create mode 100644 arch/x86/boot/compressed/sev.h
 create mode 100644 arch/x86/boot/compressed/tdx-shared.c
 create mode 100644 arch/x86/coco/tdx/tdx-shared.c
 create mode 100644 arch/x86/include/asm/unaccepted_memory.h
 create mode 100644 drivers/firmware/efi/libstub/bitmap.c
 create mode 100644 drivers/firmware/efi/libstub/find.c
 create mode 100644 drivers/firmware/efi/libstub/unaccepted_memory.c
 create mode 100644 drivers/firmware/efi/unaccepted_memory.c



-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ