[SRU][mantic:gcp][PULL] GCP TDX Support
John Cabaj
john.cabaj at canonical.com
Wed Feb 7 02:49:59 UTC 2024
BugLink: https://bugs.launchpad.net/bugs/2052576
[Impact]
* Google requested TDX guest features to be added to GCP kernel.
[Fix]
* 16 clean cherry-picks, 2 backports from upstream
* 11 backports from Intel
* 1 config change to enable support
[Test Case]
* Compile tested
* Boot tested
* Tested internally at various stages of development
* Tested by Google
[Where things could go wrong]
* Majority of patches come from upstream with minimal backporting.
* Some patches sourced from Intel, and differ from upstream counterparts.
However, these patches have been extensively tested in other kernels already released.
[Other Info]
* SF #00363309
----------------------------------------------------------------
The following changes since commit 77c2daaf38b78fdf918f0bc15f5f876c7420e4b6:
UBUNTU: Ubuntu-gcp-6.5.0-1013.13 (2024-01-24 15:18:45 -0600)
are available in the Git repository at:
https://git.launchpad.net/~john-cabaj/ubuntu/+source/linux-gcp/+git/mantic-gcp-tdx tdx
for you to fetch changes up to ff41aa9bed4a49032f83acc0dd96005aabeff590:
UBUNTU: [Config] gcp: Updates for TDX (2024-02-06 20:42:03 -0600)
----------------------------------------------------------------
Dan Williams (6):
virt: sevguest: Fix passing a stack buffer as a scatterlist target
virt: coco: Add a coco/Makefile and coco/Kconfig
configfs-tsm: Introduce a shared ABI for attestation reports
virt: sevguest: Prep for kernel internal get_ext_report()
mm/slab: Add __free() support for kvfree
virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT
Dexuan Cui (1):
x86/tdx: Retry partially-completed page conversion hypercalls
John Cabaj (1):
UBUNTU: [Config] gcp: Updates for TDX
Kai Huang (12):
UBUNTU: SAUCE: x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro
UBUNTU: SAUCE: x86/tdx: Skip saving output regs when SEAMCALL fails with VMFailInvalid
UBUNTU: SAUCE: x86/tdx: Make macros of TDCALLs consistent with the spec
UBUNTU: SAUCE: x86/tdx: Rename __tdx_module_call() to __tdcall()
UBUNTU: SAUCE: x86/tdx: Pass TDCALL/SEAMCALL input/output registers via a structure
UBUNTU: SAUCE: x86/tdx: Extend TDX_MODULE_CALL to support more TDCALL/SEAMCALL leafs
UBUNTU: SAUCE: x86/tdx: Make TDX_HYPERCALL asm similar to TDX_MODULE_CALL
UBUNTU: SAUCE: x86/tdx: Reimplement __tdx_hypercall() using TDX_MODULE_CALL asm
UBUNTU: SAUCE: x86/tdx: Remove 'struct tdx_hypercall_args'
UBUNTU: SAUCE: x86/virt/tdx: Wire up basic SEAMCALL functions
x86/virt/tdx: Make TDX_MODULE_CALL handle SEAMCALL #UD and #GP
x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed()
Kirill A. Shutemov (5):
x86/tdx: Mark TSC reliable
efi/unaccepted: Fix soft lockups caused by parallel memory acceptance
x86/coco: Disable 32-bit emulation by default on TDX and SEV
x86/tdx: Allow 32-bit emulation by default
x86/kvm: Do not try to disable kvmclock if it was not enabled
Kuppuswamy Sathyanarayanan (2):
UBUNTU: SAUCE: virt: tdx-guest: Add RTMR update interface
virt: tdx-guest: Add Quote generation support using TSM_REPORTS
Nikolay Borisov (1):
x86: Introduce ia32_enabled()
Thomas Gleixner (2):
x86/entry: Convert INT 0x80 emulation to IDTENTRY
x86/entry: Do not allow external 0x80 interrupts
Documentation/ABI/testing/configfs-tsm | 82 ++++++++++++++++++++++++++++
Documentation/virt/coco/tdx-guest.rst | 11 ++++
MAINTAINERS | 8 +++
arch/x86/Kconfig | 12 ++++
arch/x86/Makefile | 2 +
arch/x86/boot/compressed/tdx.c | 6 +-
arch/x86/coco/tdx/tdcall.S | 231 ++++++++++-------------------------------------------------------------------
arch/x86/coco/tdx/tdx-shared.c | 28 ++++++++--
arch/x86/coco/tdx/tdx.c | 194 +++++++++++++++++++++++++++++++++++++++++++++++++---------------
arch/x86/entry/common.c | 97 +++++++++++++++++++++++++++++++-
arch/x86/entry/entry_64_compat.S | 77 --------------------------
arch/x86/include/asm/ia32.h | 23 +++++++-
arch/x86/include/asm/idtentry.h | 4 ++
arch/x86/include/asm/proto.h | 4 --
arch/x86/include/asm/shared/tdx.h | 91 ++++++++++++++++++------------
arch/x86/include/asm/tdx.h | 15 +++++
arch/x86/kernel/asm-offsets.c | 33 +++++------
arch/x86/kernel/idt.c | 2 +-
arch/x86/kernel/kvmclock.c | 12 ++--
arch/x86/mm/mem_encrypt_amd.c | 11 ++++
arch/x86/virt/Makefile | 2 +
arch/x86/virt/vmx/Makefile | 2 +
arch/x86/virt/vmx/tdx/Makefile | 2 +
arch/x86/virt/vmx/tdx/seamcall.S | 61 +++++++++++++++++++++
arch/x86/virt/vmx/tdx/tdxcall.S | 227 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------
arch/x86/xen/enlighten_pv.c | 2 +-
arch/x86/xen/xen-asm.S | 2 +-
debian.gcp/config/annotations | 2 +
drivers/firmware/efi/unaccepted_memory.c | 64 ++++++++++++++++++++--
drivers/virt/Kconfig | 6 +-
drivers/virt/Makefile | 4 +-
drivers/virt/coco/Kconfig | 14 +++++
drivers/virt/coco/Makefile | 8 +++
drivers/virt/coco/sev-guest/Kconfig | 1 +
drivers/virt/coco/sev-guest/sev-guest.c | 214 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------
drivers/virt/coco/tdx-guest/Kconfig | 1 +
drivers/virt/coco/tdx-guest/tdx-guest.c | 264 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
drivers/virt/coco/tsm.c | 425 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
include/linux/slab.h | 2 +
include/linux/tsm.h | 69 +++++++++++++++++++++++
include/uapi/linux/psp-sev.h | 1 +
include/uapi/linux/sev-guest.h | 4 +-
include/uapi/linux/tdx-guest.h | 24 ++++++++
tools/objtool/noreturns.h | 1 +
44 files changed, 1857 insertions(+), 488 deletions(-)
create mode 100644 Documentation/ABI/testing/configfs-tsm
create mode 100644 arch/x86/virt/Makefile
create mode 100644 arch/x86/virt/vmx/Makefile
create mode 100644 arch/x86/virt/vmx/tdx/Makefile
create mode 100644 arch/x86/virt/vmx/tdx/seamcall.S
create mode 100644 drivers/virt/coco/Kconfig
create mode 100644 drivers/virt/coco/Makefile
create mode 100644 drivers/virt/coco/tsm.c
create mode 100644 include/linux/tsm.h
More information about the kernel-team
mailing list