NAK: ACK/Cmnt: [SRU v2][J/gcp] Support for SEV-SNP
Tim Gardner
tim.gardner at canonical.com
Mon Jan 16 15:35:13 UTC 2023
On 1/10/23 7:28 AM, Tim Gardner wrote:
> On 1/10/23 12:32 AM, Khaled Elmously wrote:
>> BugLink: http://bugs.launchpad.net/bugs/2001605
>>
>> This patchset adds support for the SEV-SNP feature on AMD EPYC CPUs.
>>
>>
>> v2:
>> - Added missing provenance to first patch
>>
>>
>>
>>
>>
>> The following changes since commit
>> 0fd605e02a5dc0a9f8282234f1f517729784b6b5:
>>
>> UBUNTU: Ubuntu-gcp-5.15.0-1026.33 (2022-12-01 10:06:59 -0300)
>>
>> are available in the Git repository at:
>>
>>
>> git+ssh://git.launchpad.net/~kmously/ubuntu/+source/linux/+git/jammy
>> gcp-sev-snp
>>
>> for you to fetch changes up to d9b2854ccded7992c5c52b72b031b75138d94876:
>>
>> UBUNTU: [config] Enable SEV_GUEST (2023-01-10 02:27:52 -0500)
>>
>> ----------------------------------------------------------------
>> Borislav Petkov (3):
>> x86/sev: Carve out HV call's return value verification
>> x86/head64: Carve out the guest encryption postprocessing into
>> a helper
>> x86/sev: Remove do_early_exception() forward declarations
>>
>> Brijesh Singh (21):
>> KVM: SVM: Define sev_features and vmpl field in the VMSA
>> x86/mm: Extend cc_attr to include AMD SEV-SNP
>> x86/sev: Shorten GHCB terminate macro names
>> x86/sev: Define the Linux specific guest termination reasons
>> x86/sev: Save the negotiated GHCB version
>> x86/sev: Check SEV-SNP features support
>> x86/sev: Add a helper for the PVALIDATE instruction
>> x86/sev: Check the vmpl level
>> x86/compressed: Add helper for validating pages in the
>> decompression stage
>> x86/compressed: Register GHCB memory when SEV-SNP is active
>> x86/sev: Register GHCB memory when SEV-SNP is active
>> x86/sev: Add helper for validating pages in early enc attribute
>> changes
>> x86/kernel: Make the .bss..decrypted section shared in RMP table
>> x86/kernel: Validate ROM memory before accessing when SEV-SNP
>> is active
>> x86/mm: Add support to validate memory when changing C-bit
>> x86/boot: Add Confidential Computing type to setup_data
>> x86/sev: Provide support for SNP guest request NAEs
>> x86/sev: Register SEV-SNP guest request platform device
>> virt: Add SEV-SNP guest driver
>> virt: sevguest: Add support to derive key
>> virt: sevguest: Add support to get extended report
>>
>> Khalid Elmously (1):
>> UBUNTU: [config] Enable SEV_GUEST
>>
>> Kuppuswamy Sathyanarayanan (2):
>> x86/sev: Use CC_ATTR attribute to generalize string I/O unroll
>> x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c
>>
>> Michael Roth (21):
>> x86/boot: Introduce helpers for MSR reads/writes
>> x86/boot: Use MSR read/write helpers instead of inline assembly
>> x86/compressed/64: Detect/setup SEV/SME features earlier in boot
>> x86/sev: Detect/setup SEV/SME features earlier in boot
>> x86/head/64: Re-enable stack protection
>> x86/compressed/acpi: Move EFI detection to helper
>> x86/compressed/acpi: Move EFI system table lookup to helper
>> x86/compressed/acpi: Move EFI config table lookup to helper
>> x86/compressed/acpi: Move EFI vendor table lookup to helper
>> x86/compressed/acpi: Move EFI kexec handling into common code
>> KVM: x86: Move lookup of indexed CPUID leafs to helper
>> x86/sev: Move MSR-based VMGEXITs for CPUID to helper
>> x86/compressed/64: Add support for SEV-SNP CPUID table in #VC
>> handlers
>> x86/boot: Add a pointer to Confidential Computing blob in
>> bootparams
>> x86/compressed: Add SEV-SNP feature detection/setup
>> x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP
>> guests
>> x86/compressed: Export and rename add_identity_map()
>> x86/compressed/64: Add identity mapping for Confidential
>> Computing blob
>> x86/sev: Add SEV-SNP feature detection/setup
>> x86/sev: Use firmware-validated CPUID for SEV-SNP guests
>> virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement
>>
>> Peter Gonda (1):
>> KVM: SEV: Refactor out sev_es_state struct
>>
>> Tianyu Lan (1):
>> x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV
>>
>> Tom Lendacky (5):
>> KVM: SVM: Create a separate mapping for the SEV-ES save area
>> KVM: SVM: Create a separate mapping for the GHCB save area
>> KVM: SVM: Update the SEV-ES save area mapping
>> treewide: Replace the use of mem_encrypt_active() with
>> cc_platform_has()
>> x86/sev: Use SEV-SNP AP creation to start secondary CPUs
>>
>> Documentation/admin-guide/kernel-parameters.txt | 4 +
>> Documentation/virt/coco/sevguest.rst | 155 +++++
>> Documentation/virt/index.rst | 1 +
>> Documentation/x86/zero-page.rst | 2 +
>> arch/powerpc/include/asm/mem_encrypt.h | 5 -
>> arch/powerpc/platforms/pseries/svm.c | 5 +-
>> arch/s390/include/asm/mem_encrypt.h | 2 -
>> arch/x86/boot/compressed/Makefile | 1 +
>> arch/x86/boot/compressed/acpi.c | 173 +----
>> arch/x86/boot/compressed/efi.c | 238 +++++++
>> arch/x86/boot/compressed/head_64.S | 37 +-
>> arch/x86/boot/compressed/ident_map_64.c | 39 +-
>> arch/x86/boot/compressed/idt_64.c | 18 +-
>> arch/x86/boot/compressed/mem_encrypt.S | 36 -
>> arch/x86/boot/compressed/misc.h | 55 +-
>> arch/x86/boot/compressed/sev.c | 263 +++++++-
>> arch/x86/boot/cpucheck.c | 30 +-
>> arch/x86/boot/msr.h | 28 +
>> arch/x86/include/asm/bootparam_utils.h | 1 +
>> arch/x86/include/asm/cpuid.h | 32 +
>> arch/x86/include/asm/io.h | 20 +-
>> arch/x86/include/asm/mem_encrypt.h | 5 -
>> arch/x86/include/asm/msr-index.h | 2 +
>> arch/x86/include/asm/msr.h | 11 +-
>> arch/x86/include/asm/setup.h | 1 -
>> arch/x86/include/asm/sev-common.h | 90 ++-
>> arch/x86/include/asm/sev.h | 108 ++-
>> arch/x86/include/asm/shared/msr.h | 15 +
>> arch/x86/include/asm/svm.h | 171 ++++-
>> arch/x86/include/uapi/asm/bootparam.h | 4 +-
>> arch/x86/include/uapi/asm/svm.h | 13 +
>> arch/x86/kernel/Makefile | 1 -
>> arch/x86/kernel/cc_platform.c | 10 +
>> arch/x86/kernel/cpu/common.c | 4 +
>> arch/x86/kernel/head64.c | 86 +--
>> arch/x86/kernel/head_64.S | 37 +-
>> arch/x86/kernel/probe_roms.c | 13 +-
>> arch/x86/kernel/sev-shared.c | 593 ++++++++++++++--
>> arch/x86/kernel/sev.c | 820
>> ++++++++++++++++++++++-
>> arch/x86/kernel/smpboot.c | 3 +
>> arch/x86/kvm/cpuid.c | 17 +-
>> arch/x86/kvm/svm/sev.c | 103 +--
>> arch/x86/kvm/svm/svm.c | 12 +-
>> arch/x86/kvm/svm/svm.h | 26 +-
>> arch/x86/mm/Makefile | 8 +-
>> arch/x86/mm/ioremap.c | 4 +-
>> arch/x86/mm/{mem_encrypt.c => mem_encrypt_amd.c} | 73 +-
>> arch/x86/mm/mem_encrypt_identity.c | 8 +
>> arch/x86/mm/pat/set_memory.c | 18 +-
>> debian.gcp/config/config.common.ubuntu | 1 +
>> drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 4 +-
>> drivers/gpu/drm/drm_cache.c | 4 +-
>> drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 4 +-
>> drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 +-
>> drivers/iommu/amd/iommu.c | 3 +-
>> drivers/iommu/amd/iommu_v2.c | 3 +-
>> drivers/iommu/iommu.c | 3 +-
>> drivers/virt/Kconfig | 3 +
>> drivers/virt/Makefile | 1 +
>> drivers/virt/coco/sevguest/Kconfig | 12 +
>> drivers/virt/coco/sevguest/Makefile | 2 +
>> drivers/virt/coco/sevguest/sevguest.c | 736
>> ++++++++++++++++++++
>> drivers/virt/coco/sevguest/sevguest.h | 98 +++
>> fs/proc/vmcore.c | 6 +-
>> include/linux/cc_platform.h | 19 +
>> include/linux/efi.h | 1 +
>> include/linux/mem_encrypt.h | 4 -
>> include/uapi/linux/sev-guest.h | 80 +++
>> kernel/dma/swiotlb.c | 4 +-
>> 69 files changed, 3838 insertions(+), 557 deletions(-)
>> create mode 100644 Documentation/virt/coco/sevguest.rst
>> create mode 100644 arch/x86/boot/compressed/efi.c
>> create mode 100644 arch/x86/boot/msr.h
>> create mode 100644 arch/x86/include/asm/cpuid.h
>> create mode 100644 arch/x86/include/asm/shared/msr.h
>> rename arch/x86/mm/{mem_encrypt.c => mem_encrypt_amd.c} (89%)
>> create mode 100644 drivers/virt/coco/sevguest/Kconfig
>> create mode 100644 drivers/virt/coco/sevguest/Makefile
>> create mode 100644 drivers/virt/coco/sevguest/sevguest.c
>> create mode 100644 drivers/virt/coco/sevguest/sevguest.h
>> create mode 100644 include/uapi/linux/sev-guest.h
>>
> Acked-by: Tim Gardner <tim.gardner at canonical.com>
>
> Applied and built on top of Ubuntu-gcp-5.15.0-1027.34
Oops, as Thadeu pointed out, those are not upstream commit IDs.
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list