tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'x86_urgent_for_v6.1_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Borislav Petkov:

- Add new Intel CPU models

- Enforce that TDX guests are successfully loaded only on TDX hardware
where virtualization exception (#VE) delivery on kernel memory is
disabled because handling those in all possible cases is "essentially
impossible"

- Add the proper include to the syscall wrappers so that BTF can see
the real pt_regs definition and not only the forward declaration

* tag 'x86_urgent_for_v6.1_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/cpu: Add several Intel server CPU model numbers
x86/tdx: Panic on bad configs that #VE on "private" memory access
x86/tdx: Prepare for using "INFO" call for a second purpose
x86/syscall: Include asm/ptrace.h in syscall_wrapper header

Linus Torvalds f6f52047 35697d81

+30 -10
+19 -8
arch/x86/coco/tdx/tdx.c
··· 34 34 #define VE_GET_PORT_NUM(e) ((e) >> 16) 35 35 #define VE_IS_IO_STRING(e) ((e) & BIT(4)) 36 36 37 + #define ATTR_SEPT_VE_DISABLE BIT(28) 38 + 37 39 /* 38 40 * Wrapper for standard use of __tdx_hypercall with no output aside from 39 41 * return code. ··· 100 98 panic("TDCALL %lld failed (Buggy TDX module!)\n", fn); 101 99 } 102 100 103 - static u64 get_cc_mask(void) 101 + static void tdx_parse_tdinfo(u64 *cc_mask) 104 102 { 105 103 struct tdx_module_output out; 106 104 unsigned int gpa_width; 105 + u64 td_attr; 107 106 108 107 /* 109 108 * TDINFO TDX module call is used to get the TD execution environment ··· 112 109 * information, etc. More details about the ABI can be found in TDX 113 110 * Guest-Host-Communication Interface (GHCI), section 2.4.2 TDCALL 114 111 * [TDG.VP.INFO]. 115 - * 116 - * The GPA width that comes out of this call is critical. TDX guests 117 - * can not meaningfully run without it. 118 112 */ 119 113 tdx_module_call(TDX_GET_INFO, 0, 0, 0, 0, &out); 120 - 121 - gpa_width = out.rcx & GENMASK(5, 0); 122 114 123 115 /* 124 116 * The highest bit of a guest physical address is the "sharing" bit. 125 117 * Set it for shared pages and clear it for private pages. 118 + * 119 + * The GPA width that comes out of this call is critical. TDX guests 120 + * can not meaningfully run without it. 126 121 */ 127 - return BIT_ULL(gpa_width - 1); 122 + gpa_width = out.rcx & GENMASK(5, 0); 123 + *cc_mask = BIT_ULL(gpa_width - 1); 124 + 125 + /* 126 + * The kernel can not handle #VE's when accessing normal kernel 127 + * memory. Ensure that no #VE will be delivered for accesses to 128 + * TD-private memory. Only VMM-shared memory (MMIO) will #VE. 129 + */ 130 + td_attr = out.rdx; 131 + if (!(td_attr & ATTR_SEPT_VE_DISABLE)) 132 + panic("TD misconfiguration: SEPT_VE_DISABLE attibute must be set.\n"); 128 133 } 129 134 130 135 /* ··· 769 758 setup_force_cpu_cap(X86_FEATURE_TDX_GUEST); 770 759 771 760 cc_set_vendor(CC_VENDOR_INTEL); 772 - cc_mask = get_cc_mask(); 761 + tdx_parse_tdinfo(&cc_mask); 773 762 cc_set_mask(cc_mask); 774 763 775 764 /*
+10 -1
arch/x86/include/asm/intel-family.h
··· 107 107 108 108 #define INTEL_FAM6_SAPPHIRERAPIDS_X 0x8F /* Golden Cove */ 109 109 110 + #define INTEL_FAM6_EMERALDRAPIDS_X 0xCF 111 + 112 + #define INTEL_FAM6_GRANITERAPIDS_X 0xAD 113 + #define INTEL_FAM6_GRANITERAPIDS_D 0xAE 114 + 110 115 #define INTEL_FAM6_ALDERLAKE 0x97 /* Golden Cove / Gracemont */ 111 116 #define INTEL_FAM6_ALDERLAKE_L 0x9A /* Golden Cove / Gracemont */ 112 117 #define INTEL_FAM6_ALDERLAKE_N 0xBE ··· 123 118 #define INTEL_FAM6_METEORLAKE 0xAC 124 119 #define INTEL_FAM6_METEORLAKE_L 0xAA 125 120 126 - /* "Small Core" Processors (Atom) */ 121 + /* "Small Core" Processors (Atom/E-Core) */ 127 122 128 123 #define INTEL_FAM6_ATOM_BONNELL 0x1C /* Diamondville, Pineview */ 129 124 #define INTEL_FAM6_ATOM_BONNELL_MID 0x26 /* Silverthorne, Lincroft */ ··· 149 144 #define INTEL_FAM6_ATOM_TREMONT_D 0x86 /* Jacobsville */ 150 145 #define INTEL_FAM6_ATOM_TREMONT 0x96 /* Elkhart Lake */ 151 146 #define INTEL_FAM6_ATOM_TREMONT_L 0x9C /* Jasper Lake */ 147 + 148 + #define INTEL_FAM6_SIERRAFOREST_X 0xAF 149 + 150 + #define INTEL_FAM6_GRANDRIDGE 0xB6 152 151 153 152 /* Xeon Phi */ 154 153
+1 -1
arch/x86/include/asm/syscall_wrapper.h
··· 6 6 #ifndef _ASM_X86_SYSCALL_WRAPPER_H 7 7 #define _ASM_X86_SYSCALL_WRAPPER_H 8 8 9 - struct pt_regs; 9 + #include <asm/ptrace.h> 10 10 11 11 extern long __x64_sys_ni_syscall(const struct pt_regs *regs); 12 12 extern long __ia32_sys_ni_syscall(const struct pt_regs *regs);