Commit 50ac57c3 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'x86_tdx_for_6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 

Pull x86 TDX updates from Dave Hansen:
 "The biggest change here is making TDX and kexec play nicely together.

  Before this, the memory encryption hardware (which doesn't respect
  cache coherency) could write back old cachelines on top of data in the
  new kernel, so kexec and TDX were made mutually exclusive. This
  removes the limitation.

  There is also some work to tighten up a hardware bug workaround and
  some MAINTAINERS updates.

   - Make TDX and kexec work together

    - Skip TDX bug workaround when the bug is not present

    - Update maintainers entries"

* tag 'x86_tdx_for_6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/virt/tdx: Use precalculated TDVPR page physical address
  KVM/TDX: Explicitly do WBINVD when no more TDX SEAMCALLs
  x86/virt/tdx: Update the kexec section in the TDX documentation
  x86/virt/tdx: Remove the !KEXEC_CORE dependency
  x86/kexec: Disable kexec/kdump on platforms with TDX partial write erratum
  x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL
  x86/sme: Use percpu boolean to control WBINVD during kexec
  x86/kexec: Consolidate relocate_kernel() function parameters
  x86/tdx: Skip clearing reclaimed pages unless X86_BUG_TDX_PW_MCE is present
  x86/tdx: Tidy reset_pamt functions
  x86/tdx: Eliminate duplicate code in tdx_clear_page()
  MAINTAINERS: Add KVM mail list to the TDX entry
  MAINTAINERS: Add Rick Edgecombe as a TDX reviewer
  MAINTAINERS: Update the file list in the TDX entry.
parents 5b7ce938 e414b100

Documentation/arch/x86/tdx.rst

+7 −7
Original line number Diff line number Diff line
@@ -142,13 +142,6 @@ but depends on the BIOS to behave correctly. 
Note TDX works with CPU logical online/offline, thus the kernel still

allows to offline logical CPU and online it again.



Kexec()

~~~~~~~



TDX host support currently lacks the ability to handle kexec.  For

simplicity only one of them can be enabled in the Kconfig.  This will be

fixed in the future.



Erratum

~~~~~~~
@@ -171,6 +164,13 @@ If the platform has such erratum, the kernel prints additional message in 
machine check handler to tell user the machine check may be caused by

kernel bug on TDX private memory.



Kexec

~~~~~~~



Currently kexec doesn't work on the TDX platforms with the aforementioned

erratum.  It fails when loading the kexec kernel image.  Otherwise it

works normally.



Interaction vs S3 and deeper states

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MAINTAINERS

+4 −7
Original line number Diff line number Diff line
@@ -27723,17 +27723,14 @@ F: arch/x86/kernel/unwind_*.c 
X86 TRUST DOMAIN EXTENSIONS (TDX)

M:	Kirill A. Shutemov <kas@kernel.org>

R:	Dave Hansen <dave.hansen@linux.intel.com>

R:	Rick Edgecombe <rick.p.edgecombe@intel.com>

L:	x86@kernel.org

L:	linux-coco@lists.linux.dev

L:	kvm@vger.kernel.org

S:	Supported

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/tdx

F:	Documentation/ABI/testing/sysfs-devices-virtual-misc-tdx_guest

F:	arch/x86/boot/compressed/tdx*

F:	arch/x86/coco/tdx/

F:	arch/x86/include/asm/shared/tdx.h

F:	arch/x86/include/asm/tdx.h

F:	arch/x86/virt/vmx/tdx/

F:	drivers/virt/coco/tdx-guest

N:	tdx

K:	\b(tdx)









X86 VDSO









M:	Andy Lutomirski <luto@kernel.org>

























arch/x86/Kconfig



+0
−1






























Original line number
Diff line number
Diff line







@@ -1902,7 +1902,6 @@ config INTEL_TDX_HOST







	depends on X86_X2APIC









	select ARCH_KEEP_MEMBLOCK









	depends on CONTIG_ALLOC









	depends on !KEXEC_CORE









	depends on X86_MCE









	help









	  Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
































arch/x86/include/asm/kexec.h



+10
−2






























Original line number
Diff line number
Diff line







@@ -13,6 +13,15 @@







# define KEXEC_DEBUG_EXC_HANDLER_SIZE	6 /* PUSHI, PUSHI, 2-byte JMP */









#endif



















#ifdef CONFIG_X86_64



















#include <linux/bits.h>



















#define RELOC_KERNEL_PRESERVE_CONTEXT	BIT(0)









#define RELOC_KERNEL_CACHE_INCOHERENT	BIT(1)



















#endif



















# define KEXEC_CONTROL_PAGE_SIZE	4096









# define KEXEC_CONTROL_CODE_MAX_SIZE	2048


















@@ -121,8 +130,7 @@ typedef unsigned long







relocate_kernel_fn(unsigned long indirection_page,









		   unsigned long pa_control_page,









		   unsigned long start_address,









		   unsigned int preserve_context,









		   unsigned int host_mem_enc_active);









		   unsigned int flags);









#endif









extern relocate_kernel_fn relocate_kernel;









#define ARCH_HAS_KIMAGE_ARCH
































arch/x86/include/asm/processor.h



+2
−0






























Original line number
Diff line number
Diff line







@@ -731,6 +731,8 @@ void __noreturn stop_this_cpu(void *dummy);







void microcode_check(struct cpuinfo_x86 *prev_info);









void store_cpu_caps(struct cpuinfo_x86 *info);



















DECLARE_PER_CPU(bool, cache_state_incoherent);



















enum l1tf_mitigations {









	L1TF_MITIGATION_OFF,









	L1TF_MITIGATION_AUTO,