| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jan 2024 13:18:22 -0800
From: Dave Hansen <dave.hansen@...ux.intel.com>
To: torvalds@...ux-foundation.org
Cc: x86@...nel.org,
linux-kernel@...r.kernel.org,
Dave Hansen <dave.hansen@...ux.intel.com>
Subject: [GIT PULL] x86/tdx for 6.8
Hi Linus,
Please pull some x86/tdx changes for 6.8. This contains the initial
support for host-side TDX support so that KVM can run TDX-protected
guests. This does not include the actual KVM-side support which
will come from the KVM folks. The TDX host interactions with kexec
also needs to be ironed out before this is ready for prime time, so
this code is currently Kconfig'd off when kexec is on.
The majority of the code here is the kernel telling the TDX module
which memory to protect and handing some additional memory over to it
to use to store TDX module metadata. That sounds pretty simple, but
the TDX architecture is rather flexible and it takes quite a bit of
back-and-forth to say, "just protect all memory, please."
There is also some code tacked on near the end of the series to handle
a hardware erratum. The erratum can make software bugs such as a
kernel write to TDX-protected memory cause a machine check and
masquerade as a real hardware failure. The erratum handling watches
out for these and tries to provide nicer user errors.
--
The following changes since commit 33cc938e65a98f1d29d0a18403dbbee050dcad9a:
Linux 6.7-rc4 (2023-12-03 18:52:56 +0900)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_tdx_for_6.8
for you to fetch changes up to 83e1bdc94f32dcf52dfcd2025acc7a2b9376b1e8:
x86/virt/tdx: Make TDX host depend on X86_MCE (2023-12-14 14:08:24 -0800)
----------------------------------------------------------------
- Add support managing TDX host hardware
----------------------------------------------------------------
Dave Hansen (1):
x86/virt/tdx: Disable TDX host support when kexec is enabled
Kai Huang (20):
x86/virt/tdx: Detect TDX during kernel boot
x86/virt/tdx: Define TDX supported page sizes as macros
x86/virt/tdx: Make INTEL_TDX_HOST depend on X86_X2APIC
x86/virt/tdx: Handle SEAMCALL no entropy error in common code
x86/virt/tdx: Add SEAMCALL error printing for module initialization
x86/virt/tdx: Add skeleton to enable TDX on demand
x86/virt/tdx: Use all system memory when initializing TDX module as TDX memory
x86/virt/tdx: Get module global metadata for module initialization
x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX memory regions
x86/virt/tdx: Fill out TDMRs to cover all TDX memory regions
x86/virt/tdx: Allocate and set up PAMTs for TDMRs
x86/virt/tdx: Designate reserved areas for all TDMRs
x86/virt/tdx: Configure TDX module with the TDMRs and global KeyID
x86/virt/tdx: Configure global KeyID on all packages
x86/virt/tdx: Initialize all TDMRs
x86/virt/tdx: Handle TDX interaction with sleep and hibernation
x86/cpu: Detect TDX partial write machine check erratum
x86/mce: Differentiate real hardware #MCs from TDX erratum ones
Documentation/x86: Add documentation for TDX host support
x86/virt/tdx: Make TDX host depend on X86_MCE
Documentation/arch/x86/tdx.rst | 207 ++++-
arch/x86/Kconfig | 5 +
arch/x86/coco/tdx/tdx-shared.c | 6 +-
arch/x86/include/asm/cpufeatures.h | 2 +
arch/x86/include/asm/msr-index.h | 3 +
arch/x86/include/asm/shared/tdx.h | 6 +
arch/x86/include/asm/tdx.h | 38 +
arch/x86/kernel/cpu/common.c | 2 +
arch/x86/kernel/cpu/mce/core.c | 15 +
arch/x86/kernel/setup.c | 2 +
arch/x86/virt/vmx/tdx/Makefile | 2 +-
arch/x86/virt/vmx/tdx/tdx.c | 1492 ++++++++++++++++++++++++++++++++++++
arch/x86/virt/vmx/tdx/tdx.h | 121 +++
13 files changed, 1886 insertions(+), 15 deletions(-)
create mode 100644 arch/x86/virt/vmx/tdx/tdx.c
create mode 100644 arch/x86/virt/vmx/tdx/tdx.h
Powered by blists - more mailing lists