ACK: [SRU][mantic:gcp][PULL] GCP TDX Support

Tim Gardner tim.gardner at canonical.com
Tue Feb 13 16:11:14 UTC 2024 

On 2/6/24 7:49 PM, John Cabaj wrote:
> BugLink: https://bugs.launchpad.net/bugs/2052576
> 
> [Impact]
> 
> * Google requested TDX guest features to be added to GCP kernel.
> 
> [Fix]
> 
> * 16 clean cherry-picks, 2 backports from upstream
> * 11 backports from Intel
> * 1 config change to enable support
> 
> [Test Case]
> 
> * Compile tested
> * Boot tested
> * Tested internally at various stages of development
> * Tested by Google
> 
> [Where things could go wrong]
> 
> * Majority of patches come from upstream with minimal backporting.
> * Some patches sourced from Intel, and differ from upstream counterparts.
>    However, these patches have been extensively tested in other kernels already released.
> 
> [Other Info]
> 
> * SF #00363309
> 
> ----------------------------------------------------------------
> 
> The following changes since commit 77c2daaf38b78fdf918f0bc15f5f876c7420e4b6:
> 
>    UBUNTU: Ubuntu-gcp-6.5.0-1013.13 (2024-01-24 15:18:45 -0600)
> 
> are available in the Git repository at:
> 
>    https://git.launchpad.net/~john-cabaj/ubuntu/+source/linux-gcp/+git/mantic-gcp-tdx tdx
> 
> for you to fetch changes up to ff41aa9bed4a49032f83acc0dd96005aabeff590:
> 
>    UBUNTU: [Config] gcp: Updates for TDX (2024-02-06 20:42:03 -0600)
> 
> ----------------------------------------------------------------
> Dan Williams (6):
>        virt: sevguest: Fix passing a stack buffer as a scatterlist target
>        virt: coco: Add a coco/Makefile and coco/Kconfig
>        configfs-tsm: Introduce a shared ABI for attestation reports
>        virt: sevguest: Prep for kernel internal get_ext_report()
>        mm/slab: Add __free() support for kvfree
>        virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT
> 
> Dexuan Cui (1):
>        x86/tdx: Retry partially-completed page conversion hypercalls
> 
> John Cabaj (1):
>        UBUNTU: [Config] gcp: Updates for TDX
> 
> Kai Huang (12):
>        UBUNTU: SAUCE: x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro
>        UBUNTU: SAUCE: x86/tdx: Skip saving output regs when SEAMCALL fails with VMFailInvalid
>        UBUNTU: SAUCE: x86/tdx: Make macros of TDCALLs consistent with the spec
>        UBUNTU: SAUCE: x86/tdx: Rename __tdx_module_call() to __tdcall()
>        UBUNTU: SAUCE: x86/tdx: Pass TDCALL/SEAMCALL input/output registers via a structure
>        UBUNTU: SAUCE: x86/tdx: Extend TDX_MODULE_CALL to support more TDCALL/SEAMCALL leafs
>        UBUNTU: SAUCE: x86/tdx: Make TDX_HYPERCALL asm similar to TDX_MODULE_CALL
>        UBUNTU: SAUCE: x86/tdx: Reimplement __tdx_hypercall() using TDX_MODULE_CALL asm
>        UBUNTU: SAUCE: x86/tdx: Remove 'struct tdx_hypercall_args'
>        UBUNTU: SAUCE: x86/virt/tdx: Wire up basic SEAMCALL functions
>        x86/virt/tdx: Make TDX_MODULE_CALL handle SEAMCALL #UD and #GP
>        x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed()
> 
> Kirill A. Shutemov (5):
>        x86/tdx: Mark TSC reliable
>        efi/unaccepted: Fix soft lockups caused by parallel memory acceptance
>        x86/coco: Disable 32-bit emulation by default on TDX and SEV
>        x86/tdx: Allow 32-bit emulation by default
>        x86/kvm: Do not try to disable kvmclock if it was not enabled
> 
> Kuppuswamy Sathyanarayanan (2):
>        UBUNTU: SAUCE: virt: tdx-guest: Add RTMR update interface
>        virt: tdx-guest: Add Quote generation support using TSM_REPORTS
> 
> Nikolay Borisov (1):
>        x86: Introduce ia32_enabled()
> 
> Thomas Gleixner (2):
>        x86/entry: Convert INT 0x80 emulation to IDTENTRY
>        x86/entry: Do not allow external 0x80 interrupts
> 
>   Documentation/ABI/testing/configfs-tsm   |  82 ++++++++++++++++++++++++++++
>   Documentation/virt/coco/tdx-guest.rst    |  11 ++++
>   MAINTAINERS                              |   8 +++
>   arch/x86/Kconfig                         |  12 ++++
>   arch/x86/Makefile                        |   2 +
>   arch/x86/boot/compressed/tdx.c           |   6 +-
>   arch/x86/coco/tdx/tdcall.S               | 231 ++++++++++-------------------------------------------------------------------
>   arch/x86/coco/tdx/tdx-shared.c           |  28 ++++++++--
>   arch/x86/coco/tdx/tdx.c                  | 194 +++++++++++++++++++++++++++++++++++++++++++++++++---------------
>   arch/x86/entry/common.c                  |  97 +++++++++++++++++++++++++++++++-
>   arch/x86/entry/entry_64_compat.S         |  77 --------------------------
>   arch/x86/include/asm/ia32.h              |  23 +++++++-
>   arch/x86/include/asm/idtentry.h          |   4 ++
>   arch/x86/include/asm/proto.h             |   4 --
>   arch/x86/include/asm/shared/tdx.h        |  91 ++++++++++++++++++------------
>   arch/x86/include/asm/tdx.h               |  15 +++++
>   arch/x86/kernel/asm-offsets.c            |  33 +++++------
>   arch/x86/kernel/idt.c                    |   2 +-
>   arch/x86/kernel/kvmclock.c               |  12 ++--
>   arch/x86/mm/mem_encrypt_amd.c            |  11 ++++
>   arch/x86/virt/Makefile                   |   2 +
>   arch/x86/virt/vmx/Makefile               |   2 +
>   arch/x86/virt/vmx/tdx/Makefile           |   2 +
>   arch/x86/virt/vmx/tdx/seamcall.S         |  61 +++++++++++++++++++++
>   arch/x86/virt/vmx/tdx/tdxcall.S          | 227 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------
>   arch/x86/xen/enlighten_pv.c              |   2 +-
>   arch/x86/xen/xen-asm.S                   |   2 +-
>   debian.gcp/config/annotations            |   2 +
>   drivers/firmware/efi/unaccepted_memory.c |  64 ++++++++++++++++++++--
>   drivers/virt/Kconfig                     |   6 +-
>   drivers/virt/Makefile                    |   4 +-
>   drivers/virt/coco/Kconfig                |  14 +++++
>   drivers/virt/coco/Makefile               |   8 +++
>   drivers/virt/coco/sev-guest/Kconfig      |   1 +
>   drivers/virt/coco/sev-guest/sev-guest.c  | 214 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------
>   drivers/virt/coco/tdx-guest/Kconfig      |   1 +
>   drivers/virt/coco/tdx-guest/tdx-guest.c  | 264 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
>   drivers/virt/coco/tsm.c                  | 425 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>   include/linux/slab.h                     |   2 +
>   include/linux/tsm.h                      |  69 +++++++++++++++++++++++
>   include/uapi/linux/psp-sev.h             |   1 +
>   include/uapi/linux/sev-guest.h           |   4 +-
>   include/uapi/linux/tdx-guest.h           |  24 ++++++++
>   tools/objtool/noreturns.h                |   1 +
>   44 files changed, 1857 insertions(+), 488 deletions(-)
>   create mode 100644 Documentation/ABI/testing/configfs-tsm
>   create mode 100644 arch/x86/virt/Makefile
>   create mode 100644 arch/x86/virt/vmx/Makefile
>   create mode 100644 arch/x86/virt/vmx/tdx/Makefile
>   create mode 100644 arch/x86/virt/vmx/tdx/seamcall.S
>   create mode 100644 drivers/virt/coco/Kconfig
>   create mode 100644 drivers/virt/coco/Makefile
>   create mode 100644 drivers/virt/coco/tsm.c
>   create mode 100644 include/linux/tsm.h
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>
-- 
-----------
Tim Gardner
Canonical, Inc

More information about the kernel-team mailing list