Commit 38b334fc authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'x86_sev_for_v6.9_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 

Pull x86 SEV updates from Borislav Petkov:

 - Add the x86 part of the SEV-SNP host support.

   This will allow the kernel to be used as a KVM hypervisor capable of
   running SNP (Secure Nested Paging) guests. Roughly speaking, SEV-SNP
   is the ultimate goal of the AMD confidential computing side,
   providing the most comprehensive confidential computing environment
   up to date.

   This is the x86 part and there is a KVM part which did not get ready
   in time for the merge window so latter will be forthcoming in the
   next cycle.

 - Rework the early code's position-dependent SEV variable references in
   order to allow building the kernel with clang and -fPIE/-fPIC and
   -mcmodel=kernel

 - The usual set of fixes, cleanups and improvements all over the place

* tag 'x86_sev_for_v6.9_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (36 commits)
  x86/sev: Disable KMSAN for memory encryption TUs
  x86/sev: Dump SEV_STATUS
  crypto: ccp - Have it depend on AMD_IOMMU
  iommu/amd: Fix failure return from snp_lookup_rmpentry()
  x86/sev: Fix position dependent variable references in startup code
  crypto: ccp: Make snp_range_list static
  x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
  Documentation: virt: Fix up pre-formatted text block for SEV ioctls
  crypto: ccp: Add the SNP_SET_CONFIG command
  crypto: ccp: Add the SNP_COMMIT command
  crypto: ccp: Add the SNP_PLATFORM_STATUS command
  x86/cpufeatures: Enable/unmask SEV-SNP CPU feature
  KVM: SEV: Make AVIC backing, VMSA and VMCB memory allocation SNP safe
  crypto: ccp: Add panic notifier for SEV/SNP firmware shutdown on kdump
  iommu/amd: Clean up RMP entries for IOMMU pages during SNP shutdown
  crypto: ccp: Handle legacy SEV commands when SNP is enabled
  crypto: ccp: Handle non-volatile INIT_EX data when SNP is enabled
  crypto: ccp: Handle the legacy TMR allocation when SNP is enabled
  x86/sev: Introduce an SNP leaked pages list
  crypto: ccp: Provide an API to issue SEV and SNP commands
  ...
parents 2edfd104 c0935fca

Documentation/admin-guide/kernel-parameters.txt

+1 −3
Original line number Diff line number Diff line
@@ -3318,9 +3318,7 @@ 


	mem_encrypt=	[X86-64] AMD Secure Memory Encryption (SME) control

			Valid arguments: on, off

			Default (depends on kernel configuration option):

			  on  (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y)

			  off (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=n)

			Default: off

			mem_encrypt=on:		Activate SME

			mem_encrypt=off:	Do not activate SME

Documentation/arch/x86/amd-memory-encryption.rst

+8 −8
Original line number Diff line number Diff line
@@ -87,14 +87,14 @@ The state of SME in the Linux kernel can be documented as follows: 
	  kernel is non-zero).



SME can also be enabled and activated in the BIOS. If SME is enabled and

activated in the BIOS, then all memory accesses will be encrypted and it will

not be necessary to activate the Linux memory encryption support.  If the BIOS

merely enables SME (sets bit 23 of the MSR_AMD64_SYSCFG), then Linux can activate

memory encryption by default (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y) or

by supplying mem_encrypt=on on the kernel command line.  However, if BIOS does

not enable SME, then Linux will not be able to activate memory encryption, even

if configured to do so by default or the mem_encrypt=on command line parameter

is specified.

activated in the BIOS, then all memory accesses will be encrypted and it

will not be necessary to activate the Linux memory encryption support.



If the BIOS merely enables SME (sets bit 23 of the MSR_AMD64_SYSCFG),

then memory encryption can be enabled by supplying mem_encrypt=on on the

kernel command line.  However, if BIOS does not enable SME, then Linux

will not be able to activate memory encryption, even if configured to do

so by default or the mem_encrypt=on command line parameter is specified.



Secure Nested Paging (SNP)

==========================

Documentation/virt/coco/sev-guest.rst

+52 −0
Original line number Diff line number Diff line
@@ -67,6 +67,23 @@ counter (e.g. counter overflow), then -EIO will be returned. 
                };

        };



The host ioctls are issued to a file descriptor of the /dev/sev device.

The ioctl accepts the command ID/input structure documented below.



::



        struct sev_issue_cmd {

                /* Command ID */

                __u32 cmd;



                /* Command request structure */

                __u64 data;



                /* Firmware error code on failure (see psp-sev.h) */

                __u32 error;

        };





2.1 SNP_GET_REPORT

------------------
@@ -124,6 +141,41 @@ be updated with the expected value. 


See GHCB specification for further detail on how to parse the certificate blob.



2.4 SNP_PLATFORM_STATUS

-----------------------

:Technology: sev-snp

:Type: hypervisor ioctl cmd

:Parameters (out): struct sev_user_data_snp_status

:Returns (out): 0 on success, -negative on error



The SNP_PLATFORM_STATUS command is used to query the SNP platform status. The

status includes API major, minor version and more. See the SEV-SNP

specification for further details.



2.5 SNP_COMMIT

--------------

:Technology: sev-snp

:Type: hypervisor ioctl cmd

:Returns (out): 0 on success, -negative on error



SNP_COMMIT is used to commit the currently installed firmware using the

SEV-SNP firmware SNP_COMMIT command. This prevents roll-back to a previously

committed firmware version. This will also update the reported TCB to match

that of the currently installed firmware.



2.6 SNP_SET_CONFIG

------------------

:Technology: sev-snp

:Type: hypervisor ioctl cmd

:Parameters (in): struct sev_user_data_snp_config

:Returns (out): 0 on success, -negative on error



SNP_SET_CONFIG is used to set the system-wide configuration such as

reported TCB version in the attestation report. The command is similar

to SNP_CONFIG command defined in the SEV-SNP spec. The current values of

the firmware parameters affected by this command can be queried via

SNP_PLATFORM_STATUS.



3. SEV-SNP CPUID Enforcement

============================

arch/x86/Kbuild

+2 −0
Original line number Diff line number Diff line
@@ -28,5 +28,7 @@ obj-y += net/ 


obj-$(CONFIG_KEXEC_FILE) += purgatory/



obj-y += virt/svm/



# for cleaning

subdir- += boot tools

arch/x86/Kconfig

+0 −13
Original line number Diff line number Diff line
@@ -1548,19 +1548,6 @@ config AMD_MEM_ENCRYPT 
	  This requires an AMD processor that supports Secure Memory

	  Encryption (SME).



config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT

	bool "Activate AMD Secure Memory Encryption (SME) by default"

	depends on AMD_MEM_ENCRYPT

	help

	  Say yes to have system memory encrypted by default if running on

	  an AMD processor that supports Secure Memory Encryption (SME).



	  If set to Y, then the encryption of system memory can be

	  deactivated with the mem_encrypt=off command line option.



	  If set to N, then the encryption of system memory can be

	  activated with the mem_encrypt=on command line option.



# Common NUMA Features

config NUMA

	bool "NUMA Memory Allocation and Scheduler Support"