Skip to content

TDX core kernel enabling (support running Linux as guest)

Wander Lairson Costa requested to merge walac/centos-stream-9:bz1955275-tdx-core-9.1 into main

Bugzilla: http://bugzilla.redhat.com/1955275

Depends: !1359 (merged)

Signed-off-by: Wander Lairson Costa wander@redhat.com

Omitted-fix: 4b3f7644ae84 ("tools headers cpufeatures: Sync with the kernel sources") Unnecessary to this MR.

Omitted-fix: 5ced81243593 ("tools headers cpufeatures: Sync with the kernel sources") Unnecessary to this MR.

d86d28c2 (Wander Lairson Costa) config: Enable TDX Guest

3f18abeb (Wander Lairson Costa) x86/hyperv: Initialize shared memory boundary in the Isolation VM.

2d58bdec (Wander Lairson Costa) Documentation/x86: Document TDX kernel architecture

7b222673 (Wander Lairson Costa) ACPICA: Avoid cache flush inside virtual machines

04420296 (Wander Lairson Costa) x86/tdx/ioapic: Add shared bit for IOAPIC base address

8ef8f998 (Wander Lairson Costa) x86/mm: Make DMA memory shared for TD guest

9768974a (Wander Lairson Costa) x86/mm/cpa: Add support for TDX shared memory

1fcb980c (Wander Lairson Costa) x86/tdx: Make pages shared in ioremap()

60e4f2d0 (Wander Lairson Costa) x86/topology: Disable CPU online/offline control for TDX guests

0ef54dd6 (Wander Lairson Costa) x86/acpi/x86/boot: Add multiprocessor wake-up support

dcc0b0bb (Wander Lairson Costa) x86/boot: Avoid #VE during boot for TDX platforms

d9f6dbc6 (Wander Lairson Costa) x86/boot: Set CR0.NE early and keep it set during the boot

9918045f (Wander Lairson Costa) x86/acpi/x86/boot: Add multiprocessor wake-up support

0089010a (Wander Lairson Costa) x86/boot: Add a trampoline for booting APs via firmware handoff

ace0733b (Wander Lairson Costa) x86/tdx: Wire up KVM hypercalls

2be45c89 (Wander Lairson Costa) x86/tdx: Port I/O: Add early boot support

e4d019d0 (Wander Lairson Costa) x86/tdx: Port I/O: Add runtime hypercalls

4defa6a6 (Wander Lairson Costa) x86/boot: Port I/O: Add decompression-time support for TDX

4c739b45 (Wander Lairson Costa) x86/boot: Port I/O: Allow to hook up alternative helpers

965b5f7d (Wander Lairson Costa) x86: Consolidate port I/O helpers

74ed20bd (Wander Lairson Costa) x86: Adjust types used in port I/O helpers

1ae2ce7e (Wander Lairson Costa) x86/tdx: Detect TDX at early kernel decompression time

0089726a (Wander Lairson Costa) x86/tdx: Handle in-kernel MMIO

1c50354f (Wander Lairson Costa) x86/tdx: Handle CPUID via #VE

407152b6 (Wander Lairson Costa) x86/tdx: Add MSR support for TDX guests

17e87935 (Wander Lairson Costa) x86/tdx: Add HLT support for TDX guests

1bf9e163 (Wander Lairson Costa) x86/traps: Add #VE support for TDX guest

25aeaa15 (Wander Lairson Costa) x86/traps: Refactor exc_general_protection()

69558857 (Wander Lairson Costa) x86/tdx: Exclude shared bit from __PHYSICAL_MASK

cd447f38 (Wander Lairson Costa) x86/tdx: Extend the confidential computing API to support TDX guests

b684ce61 (Wander Lairson Costa) x86/tdx: Add __tdx_module_call() and __tdx_hypercall() helper functions

161598be (Wander Lairson Costa) x86/tdx: Provide common base for SEAMCALL and TDCALL C wrappers

b140c104 (Wander Lairson Costa) x86/tdx: Detect running as a TDX guest in early boot

995afcdd (Wander Lairson Costa) x86/ibt: Disable IBT around firmware

045dfa4e (Wander Lairson Costa) x86/ibt,kexec: Disable CET on kexec

496a5f1f (Wander Lairson Costa) x86/ibt: Add IBT feature, MSR and #CP handling

5d67f540 (Wander Lairson Costa) x86/ibt: Base IBT bits

1521fcb8 (Wander Lairson Costa) Documentation: Add x86/amd_hsmp driver

c844f1ba (Wander Lairson Costa) x86/mm/cpa: Generalize __set_memory_enc_pgtable()

44c6c035 (Wander Lairson Costa) x86/coco: Add API to handle encryption mask

953a82ec (Wander Lairson Costa) x86/coco: Explicitly declare type of confidential computing platform

f9ac78c1 (Wander Lairson Costa) x86/cc: Move arch/x86/{kernel/cc_platform.c => coco/core.c}

01e18fac (Wander Lairson Costa) hyper-v: Enable swiotlb bounce buffer for Isolation VM

90e8d9c5 (Wander Lairson Costa) x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has()

3de5845b (Wander Lairson Costa) swiotlb: Add swiotlb bounce buffer remap function for HV IVM

aa622fcc (Wander Lairson Costa) x86/sev: Move common memory encryption code to mem_encrypt.c

a97b7c77 (Wander Lairson Costa) x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c

61db1fc9 (Wander Lairson Costa) x86/sev: Use CC_ATTR attribute to generalize string I/O unroll

8aaa3ebc (Wander Lairson Costa) x86/insn-eval: Introduce insn_decode_mmio()

81d52821 (Wander Lairson Costa) x86/insn-eval: Introduce insn_get_modrm_reg_ptr()

880e1d2c (Wander Lairson Costa) x86/sev: Remove do_early_exception() forward declarations

7b6d4f84 (Wander Lairson Costa) x86/head64: Carve out the guest encryption postprocessing into a helper

4a1dcbfc (Wander Lairson Costa) x86/sev: Get rid of excessive use of defines

5611b4e2 (Wander Lairson Costa) x86/sev: Shorten GHCB terminate macro names

63ca1c66 (Wander Lairson Costa) x86/kvm: Add guest support for detecting and enabling SEV Live Migration feature.

547ffb03 (Wander Lairson Costa) EFI: Introduce the new AMD Memory Encryption GUID.

2f1f679e (Wander Lairson Costa) x86/hyperv: Initialize GHCB page in Isolation VM

d9838441 (Wander Lairson Costa) x86/iopl: Fake iopl(3) CLI/STI usage

67a8e012 (Wander Lairson Costa) mm: x86: Invoke hypercall when page encryption status is changed

2ff153eb (Wander Lairson Costa) x86/kvm: Add AMD SEV specific Hypercall3

Documentation/x86/amd_hsmp.rst | 86 +++ Documentation/x86/index.rst | 2 + Documentation/x86/tdx.rst | 218 +++++++ arch/x86/Kbuild | 2 + arch/x86/Kconfig | 45 +- arch/x86/Makefile | 16 +- arch/x86/boot/boot.h | 37 +- arch/x86/boot/compressed/Makefile | 1 + arch/x86/boot/compressed/head_64.S | 27 +- arch/x86/boot/compressed/misc.c | 12 + arch/x86/boot/compressed/misc.h | 4 +- arch/x86/boot/compressed/pgtable.h | 2 +- arch/x86/boot/compressed/sev.c | 6 +- arch/x86/boot/compressed/tdcall.S | 3 + arch/x86/boot/compressed/tdx.c | 77 +++ arch/x86/boot/compressed/tdx.h | 13 + arch/x86/boot/cpuflags.c | 3 +- arch/x86/boot/cpuflags.h | 1 + arch/x86/boot/io.h | 41 ++ arch/x86/boot/main.c | 4 + arch/x86/coco/Makefile | 8 + arch/x86/coco/core.c | 137 ++++ arch/x86/coco/tdx/Makefile | 3 + arch/x86/coco/tdx/tdcall.S | 204 ++++++ arch/x86/coco/tdx/tdx.c | 692 +++++++++++++++++++++ arch/x86/hyperv/hv_init.c | 80 ++- arch/x86/include/asm/acenv.h | 14 +- arch/x86/include/asm/apic.h | 7 + arch/x86/include/asm/coco.h | 32 + arch/x86/include/asm/cpu.h | 4 + arch/x86/include/asm/cpufeatures.h | 2 + arch/x86/include/asm/disabled-features.h | 8 +- arch/x86/include/asm/efi.h | 9 +- arch/x86/include/asm/ibt.h | 93 +++ arch/x86/include/asm/idtentry.h | 9 + arch/x86/include/asm/insn-eval.h | 14 + arch/x86/include/asm/io.h | 62 +- arch/x86/include/asm/kvm_para.h | 34 + arch/x86/include/asm/mem_encrypt.h | 10 +- arch/x86/include/asm/mshyperv.h | 4 + arch/x86/include/asm/msr-index.h | 20 +- arch/x86/include/asm/paravirt.h | 6 + arch/x86/include/asm/paravirt_types.h | 1 + arch/x86/include/asm/pgtable.h | 13 +- arch/x86/include/asm/processor.h | 1 + arch/x86/include/asm/realmode.h | 1 + arch/x86/include/asm/sev-common.h | 55 +- arch/x86/include/asm/shared/io.h | 34 + arch/x86/include/asm/shared/tdx.h | 40 ++ arch/x86/include/asm/tdx.h | 91 +++ arch/x86/include/asm/traps.h | 2 + arch/x86/include/asm/x86_init.h | 16 + arch/x86/include/uapi/asm/processor-flags.h | 2 + arch/x86/kernel/Makefile | 5 - arch/x86/kernel/acpi/boot.c | 100 ++- arch/x86/kernel/apic/apic.c | 10 + arch/x86/kernel/apic/io_apic.c | 18 +- arch/x86/kernel/apm_32.c | 7 + arch/x86/kernel/asm-offsets.c | 17 + arch/x86/kernel/cc_platform.c | 69 -- arch/x86/kernel/cpu/common.c | 59 +- arch/x86/kernel/cpu/mshyperv.c | 24 + arch/x86/kernel/head64.c | 67 +- arch/x86/kernel/head_64.S | 28 +- arch/x86/kernel/idt.c | 7 + arch/x86/kernel/kvm.c | 82 +++ arch/x86/kernel/machine_kexec_64.c | 4 +- arch/x86/kernel/paravirt.c | 1 + arch/x86/kernel/process.c | 5 + arch/x86/kernel/relocate_kernel_64.S | 8 + arch/x86/kernel/sev-shared.c | 2 +- arch/x86/kernel/sev.c | 11 +- arch/x86/kernel/smpboot.c | 12 +- arch/x86/kernel/traps.c | 249 +++++++- arch/x86/kernel/x86_init.c | 16 +- arch/x86/lib/insn-eval.c | 106 +++- arch/x86/mm/Makefile | 7 +- arch/x86/mm/ioremap.c | 5 + arch/x86/mm/mem_encrypt.c | 392 +----------- arch/x86/mm/mem_encrypt_amd.c | 466 ++++++++++++++ arch/x86/mm/mem_encrypt_identity.c | 12 +- arch/x86/mm/pat/set_memory.c | 21 +- arch/x86/realmode/rm/header.S | 1 + arch/x86/realmode/rm/trampoline_64.S | 57 +- arch/x86/realmode/rm/trampoline_common.S | 12 +- arch/x86/realmode/rm/wakemain.c | 4 + arch/x86/virt/vmx/tdx/tdxcall.S | 96 +++ include/asm-generic/mshyperv.h | 18 +- include/linux/cc_platform.h | 21 + include/linux/efi.h | 1 + include/linux/swiotlb.h | 6 + kernel/cpu.c | 7 + kernel/dma/swiotlb.c | 43 +- .../configs/common/generic/CONFIG_INTEL_TDX_GUEST | 1 + .../configs/common/generic/CONFIG_X86_KERNEL_IBT | 1 + 95 files changed, 3691 insertions(+), 695 deletions(-)

Edited by Wander Lairson Costa

Merge request reports