tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'x86_urgent_for_v6.5_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Borislav Petkov:

- Do not parse the confidential computing blob on non-AMD hardware as
it leads to an EFI config table ending up unmapped

- Use the correct segment selector in the 32-bit version of getcpu() in
the vDSO

- Make sure vDSO and VVAR regions are placed in the 47-bit VA range
even on 5-level paging systems

- Add models 0x90-0x91 to the range of AMD Zenbleed-affected CPUs

* tag 'x86_urgent_for_v6.5_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
x86/linkage: Fix typo of BUILD_VDSO in asm/linkage.h
x86/vdso: Choose the right GDT_ENTRY_CPUNODE for 32-bit getcpu() on 64-bit kernel
x86/sev: Do not try to parse for the CC blob on non-AMD hardware

Linus Torvalds 43972cf2 272b86ba

+49 -8
+8 -1
arch/x86/boot/compressed/idt_64.c
··· 63 63 set_idt_entry(X86_TRAP_PF, boot_page_fault); 64 64 65 65 #ifdef CONFIG_AMD_MEM_ENCRYPT 66 - set_idt_entry(X86_TRAP_VC, boot_stage2_vc); 66 + /* 67 + * Clear the second stage #VC handler in case guest types 68 + * needing #VC have not been detected. 69 + */ 70 + if (sev_status & BIT(1)) 71 + set_idt_entry(X86_TRAP_VC, boot_stage2_vc); 72 + else 73 + set_idt_entry(X86_TRAP_VC, NULL); 67 74 #endif 68 75 69 76 load_boot_idt(&boot_idt_desc);
+36 -3
arch/x86/boot/compressed/sev.c
··· 405 405 bp->cc_blob_address = 0; 406 406 407 407 /* 408 - * Setup/preliminary detection of SNP. This will be sanity-checked 409 - * against CPUID/MSR values later. 408 + * Do an initial SEV capability check before snp_init() which 409 + * loads the CPUID page and the same checks afterwards are done 410 + * without the hypervisor and are trustworthy. 411 + * 412 + * If the HV fakes SEV support, the guest will crash'n'burn 413 + * which is good enough. 410 414 */ 411 - snp = snp_init(bp); 412 415 413 416 /* Check for the SME/SEV support leaf */ 414 417 eax = 0x80000000; ··· 422 419 423 420 /* 424 421 * Check for the SME/SEV feature: 422 + * CPUID Fn8000_001F[EAX] 423 + * - Bit 0 - Secure Memory Encryption support 424 + * - Bit 1 - Secure Encrypted Virtualization support 425 + * CPUID Fn8000_001F[EBX] 426 + * - Bits 5:0 - Pagetable bit position used to indicate encryption 427 + */ 428 + eax = 0x8000001f; 429 + ecx = 0; 430 + native_cpuid(&eax, &ebx, &ecx, &edx); 431 + /* Check whether SEV is supported */ 432 + if (!(eax & BIT(1))) 433 + return; 434 + 435 + /* 436 + * Setup/preliminary detection of SNP. This will be sanity-checked 437 + * against CPUID/MSR values later. 438 + */ 439 + snp = snp_init(bp); 440 + 441 + /* Now repeat the checks with the SNP CPUID table. */ 442 + 443 + /* Recheck the SME/SEV support leaf */ 444 + eax = 0x80000000; 445 + ecx = 0; 446 + native_cpuid(&eax, &ebx, &ecx, &edx); 447 + if (eax < 0x8000001f) 448 + return; 449 + 450 + /* 451 + * Recheck for the SME/SEV feature: 425 452 * CPUID Fn8000_001F[EAX] 426 453 * - Bit 0 - Secure Memory Encryption support 427 454 * - Bit 1 - Secure Encrypted Virtualization support
+2 -2
arch/x86/entry/vdso/vma.c
··· 299 299 300 300 /* Round the lowest possible end address up to a PMD boundary. */ 301 301 end = (start + len + PMD_SIZE - 1) & PMD_MASK; 302 - if (end >= TASK_SIZE_MAX) 303 - end = TASK_SIZE_MAX; 302 + if (end >= DEFAULT_MAP_WINDOW) 303 + end = DEFAULT_MAP_WINDOW; 304 304 end -= len; 305 305 306 306 if (end > start) {
+1 -1
arch/x86/include/asm/linkage.h
··· 21 21 #define FUNCTION_PADDING 22 22 #endif 23 23 24 - #if (CONFIG_FUNCTION_ALIGNMENT > 8) && !defined(__DISABLE_EXPORTS) && !defined(BULID_VDSO) 24 + #if (CONFIG_FUNCTION_ALIGNMENT > 8) && !defined(__DISABLE_EXPORTS) && !defined(BUILD_VDSO) 25 25 # define __FUNC_ALIGN __ALIGN; FUNCTION_PADDING 26 26 #else 27 27 # define __FUNC_ALIGN __ALIGN
+1 -1
arch/x86/include/asm/segment.h
··· 56 56 57 57 #define GDT_ENTRY_INVALID_SEG 0 58 58 59 - #ifdef CONFIG_X86_32 59 + #if defined(CONFIG_X86_32) && !defined(BUILD_VDSO32_64) 60 60 /* 61 61 * The layout of the per-CPU GDT under Linux: 62 62 *
+1
arch/x86/kernel/cpu/amd.c
··· 73 73 static const int amd_zenbleed[] = 74 74 AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x17, 0x30, 0x0, 0x4f, 0xf), 75 75 AMD_MODEL_RANGE(0x17, 0x60, 0x0, 0x7f, 0xf), 76 + AMD_MODEL_RANGE(0x17, 0x90, 0x0, 0x91, 0xf), 76 77 AMD_MODEL_RANGE(0x17, 0xa0, 0x0, 0xaf, 0xf)); 77 78 78 79 static const int amd_div0[] =