tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'x86_urgent_for_v6.8_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Borislav Petkov:

- Do not reserve SETUP_RNG_SEED setup data in the e820 map as it should
be used by kexec only

- Make sure MKTME feature detection happens at an earlier time in the
boot process so that the physical address size supported by the CPU
is properly corrected and MTRR masks are programmed properly, leading
to TDX systems booting without disable_mtrr_cleanup on the cmdline

- Make sure the different address sizes supported by the CPU are read
out as early as possible

* tag 'x86_urgent_for_v6.8_rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/e820: Don't reserve SETUP_RNG_SEED in e820
x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers
x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu()

Linus Torvalds 73d35f83 04b8076d

+98 -92
+2 -2
arch/x86/kernel/cpu/common.c
··· 1589 get_cpu_vendor(c); 1590 get_cpu_cap(c); 1591 setup_force_cpu_cap(X86_FEATURE_CPUID); 1592 cpu_parse_early_param(); 1593 1594 if (this_cpu->c_early_init) ··· 1602 this_cpu->c_bsp_init(c); 1603 } else { 1604 setup_clear_cpu_cap(X86_FEATURE_CPUID); 1605 } 1606 - 1607 - get_cpu_address_sizes(c); 1608 1609 setup_force_cpu_cap(X86_FEATURE_ALWAYS); 1610
··· 1589 get_cpu_vendor(c); 1590 get_cpu_cap(c); 1591 setup_force_cpu_cap(X86_FEATURE_CPUID); 1592 + get_cpu_address_sizes(c); 1593 cpu_parse_early_param(); 1594 1595 if (this_cpu->c_early_init) ··· 1601 this_cpu->c_bsp_init(c); 1602 } else { 1603 setup_clear_cpu_cap(X86_FEATURE_CPUID); 1604 + get_cpu_address_sizes(c); 1605 } 1606 1607 setup_force_cpu_cap(X86_FEATURE_ALWAYS); 1608
+91 -87
arch/x86/kernel/cpu/intel.c
··· 184 return false; 185 } 186 187 static void early_init_intel(struct cpuinfo_x86 *c) 188 { 189 u64 misc_enable; ··· 406 */ 407 if (detect_extended_topology_early(c) < 0) 408 detect_ht_early(c); 409 } 410 411 static void bsp_init_intel(struct cpuinfo_x86 *c) ··· 573 #endif 574 } 575 576 - #define MSR_IA32_TME_ACTIVATE 0x982 577 - 578 - /* Helpers to access TME_ACTIVATE MSR */ 579 - #define TME_ACTIVATE_LOCKED(x) (x & 0x1) 580 - #define TME_ACTIVATE_ENABLED(x) (x & 0x2) 581 - 582 - #define TME_ACTIVATE_POLICY(x) ((x >> 4) & 0xf) /* Bits 7:4 */ 583 - #define TME_ACTIVATE_POLICY_AES_XTS_128 0 584 - 585 - #define TME_ACTIVATE_KEYID_BITS(x) ((x >> 32) & 0xf) /* Bits 35:32 */ 586 - 587 - #define TME_ACTIVATE_CRYPTO_ALGS(x) ((x >> 48) & 0xffff) /* Bits 63:48 */ 588 - #define TME_ACTIVATE_CRYPTO_AES_XTS_128 1 589 - 590 - /* Values for mktme_status (SW only construct) */ 591 - #define MKTME_ENABLED 0 592 - #define MKTME_DISABLED 1 593 - #define MKTME_UNINITIALIZED 2 594 - static int mktme_status = MKTME_UNINITIALIZED; 595 - 596 - static void detect_tme(struct cpuinfo_x86 *c) 597 - { 598 - u64 tme_activate, tme_policy, tme_crypto_algs; 599 - int keyid_bits = 0, nr_keyids = 0; 600 - static u64 tme_activate_cpu0 = 0; 601 - 602 - rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate); 603 - 604 - if (mktme_status != MKTME_UNINITIALIZED) { 605 - if (tme_activate != tme_activate_cpu0) { 606 - /* Broken BIOS? */ 607 - pr_err_once("x86/tme: configuration is inconsistent between CPUs\n"); 608 - pr_err_once("x86/tme: MKTME is not usable\n"); 609 - mktme_status = MKTME_DISABLED; 610 - 611 - /* Proceed. We may need to exclude bits from x86_phys_bits. */ 612 - } 613 - } else { 614 - tme_activate_cpu0 = tme_activate; 615 - } 616 - 617 - if (!TME_ACTIVATE_LOCKED(tme_activate) || !TME_ACTIVATE_ENABLED(tme_activate)) { 618 - pr_info_once("x86/tme: not enabled by BIOS\n"); 619 - mktme_status = MKTME_DISABLED; 620 - return; 621 - } 622 - 623 - if (mktme_status != MKTME_UNINITIALIZED) 624 - goto detect_keyid_bits; 625 - 626 - pr_info("x86/tme: enabled by BIOS\n"); 627 - 628 - tme_policy = TME_ACTIVATE_POLICY(tme_activate); 629 - if (tme_policy != TME_ACTIVATE_POLICY_AES_XTS_128) 630 - pr_warn("x86/tme: Unknown policy is active: %#llx\n", tme_policy); 631 - 632 - tme_crypto_algs = TME_ACTIVATE_CRYPTO_ALGS(tme_activate); 633 - if (!(tme_crypto_algs & TME_ACTIVATE_CRYPTO_AES_XTS_128)) { 634 - pr_err("x86/mktme: No known encryption algorithm is supported: %#llx\n", 635 - tme_crypto_algs); 636 - mktme_status = MKTME_DISABLED; 637 - } 638 - detect_keyid_bits: 639 - keyid_bits = TME_ACTIVATE_KEYID_BITS(tme_activate); 640 - nr_keyids = (1UL << keyid_bits) - 1; 641 - if (nr_keyids) { 642 - pr_info_once("x86/mktme: enabled by BIOS\n"); 643 - pr_info_once("x86/mktme: %d KeyIDs available\n", nr_keyids); 644 - } else { 645 - pr_info_once("x86/mktme: disabled by BIOS\n"); 646 - } 647 - 648 - if (mktme_status == MKTME_UNINITIALIZED) { 649 - /* MKTME is usable */ 650 - mktme_status = MKTME_ENABLED; 651 - } 652 - 653 - /* 654 - * KeyID bits effectively lower the number of physical address 655 - * bits. Update cpuinfo_x86::x86_phys_bits accordingly. 656 - */ 657 - c->x86_phys_bits -= keyid_bits; 658 - } 659 - 660 static void init_cpuid_fault(struct cpuinfo_x86 *c) 661 { 662 u64 msr; ··· 708 srat_detect_node(c); 709 710 init_ia32_feat_ctl(c); 711 - 712 - if (cpu_has(c, X86_FEATURE_TME)) 713 - detect_tme(c); 714 715 init_intel_misc_features(c); 716
··· 184 return false; 185 } 186 187 + #define MSR_IA32_TME_ACTIVATE 0x982 188 + 189 + /* Helpers to access TME_ACTIVATE MSR */ 190 + #define TME_ACTIVATE_LOCKED(x) (x & 0x1) 191 + #define TME_ACTIVATE_ENABLED(x) (x & 0x2) 192 + 193 + #define TME_ACTIVATE_POLICY(x) ((x >> 4) & 0xf) /* Bits 7:4 */ 194 + #define TME_ACTIVATE_POLICY_AES_XTS_128 0 195 + 196 + #define TME_ACTIVATE_KEYID_BITS(x) ((x >> 32) & 0xf) /* Bits 35:32 */ 197 + 198 + #define TME_ACTIVATE_CRYPTO_ALGS(x) ((x >> 48) & 0xffff) /* Bits 63:48 */ 199 + #define TME_ACTIVATE_CRYPTO_AES_XTS_128 1 200 + 201 + /* Values for mktme_status (SW only construct) */ 202 + #define MKTME_ENABLED 0 203 + #define MKTME_DISABLED 1 204 + #define MKTME_UNINITIALIZED 2 205 + static int mktme_status = MKTME_UNINITIALIZED; 206 + 207 + static void detect_tme_early(struct cpuinfo_x86 *c) 208 + { 209 + u64 tme_activate, tme_policy, tme_crypto_algs; 210 + int keyid_bits = 0, nr_keyids = 0; 211 + static u64 tme_activate_cpu0 = 0; 212 + 213 + rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate); 214 + 215 + if (mktme_status != MKTME_UNINITIALIZED) { 216 + if (tme_activate != tme_activate_cpu0) { 217 + /* Broken BIOS? */ 218 + pr_err_once("x86/tme: configuration is inconsistent between CPUs\n"); 219 + pr_err_once("x86/tme: MKTME is not usable\n"); 220 + mktme_status = MKTME_DISABLED; 221 + 222 + /* Proceed. We may need to exclude bits from x86_phys_bits. */ 223 + } 224 + } else { 225 + tme_activate_cpu0 = tme_activate; 226 + } 227 + 228 + if (!TME_ACTIVATE_LOCKED(tme_activate) || !TME_ACTIVATE_ENABLED(tme_activate)) { 229 + pr_info_once("x86/tme: not enabled by BIOS\n"); 230 + mktme_status = MKTME_DISABLED; 231 + return; 232 + } 233 + 234 + if (mktme_status != MKTME_UNINITIALIZED) 235 + goto detect_keyid_bits; 236 + 237 + pr_info("x86/tme: enabled by BIOS\n"); 238 + 239 + tme_policy = TME_ACTIVATE_POLICY(tme_activate); 240 + if (tme_policy != TME_ACTIVATE_POLICY_AES_XTS_128) 241 + pr_warn("x86/tme: Unknown policy is active: %#llx\n", tme_policy); 242 + 243 + tme_crypto_algs = TME_ACTIVATE_CRYPTO_ALGS(tme_activate); 244 + if (!(tme_crypto_algs & TME_ACTIVATE_CRYPTO_AES_XTS_128)) { 245 + pr_err("x86/mktme: No known encryption algorithm is supported: %#llx\n", 246 + tme_crypto_algs); 247 + mktme_status = MKTME_DISABLED; 248 + } 249 + detect_keyid_bits: 250 + keyid_bits = TME_ACTIVATE_KEYID_BITS(tme_activate); 251 + nr_keyids = (1UL << keyid_bits) - 1; 252 + if (nr_keyids) { 253 + pr_info_once("x86/mktme: enabled by BIOS\n"); 254 + pr_info_once("x86/mktme: %d KeyIDs available\n", nr_keyids); 255 + } else { 256 + pr_info_once("x86/mktme: disabled by BIOS\n"); 257 + } 258 + 259 + if (mktme_status == MKTME_UNINITIALIZED) { 260 + /* MKTME is usable */ 261 + mktme_status = MKTME_ENABLED; 262 + } 263 + 264 + /* 265 + * KeyID bits effectively lower the number of physical address 266 + * bits. Update cpuinfo_x86::x86_phys_bits accordingly. 267 + */ 268 + c->x86_phys_bits -= keyid_bits; 269 + } 270 + 271 static void early_init_intel(struct cpuinfo_x86 *c) 272 { 273 u64 misc_enable; ··· 322 */ 323 if (detect_extended_topology_early(c) < 0) 324 detect_ht_early(c); 325 + 326 + /* 327 + * Adjust the number of physical bits early because it affects the 328 + * valid bits of the MTRR mask registers. 329 + */ 330 + if (cpu_has(c, X86_FEATURE_TME)) 331 + detect_tme_early(c); 332 } 333 334 static void bsp_init_intel(struct cpuinfo_x86 *c) ··· 482 #endif 483 } 484 485 static void init_cpuid_fault(struct cpuinfo_x86 *c) 486 { 487 u64 msr; ··· 701 srat_detect_node(c); 702 703 init_ia32_feat_ctl(c); 704 705 init_intel_misc_features(c); 706
+5 -3
arch/x86/kernel/e820.c
··· 1017 e820__range_update(pa_data, sizeof(*data)+data->len, E820_TYPE_RAM, E820_TYPE_RESERVED_KERN); 1018 1019 /* 1020 - * SETUP_EFI and SETUP_IMA are supplied by kexec and do not need 1021 - * to be reserved. 1022 */ 1023 - if (data->type != SETUP_EFI && data->type != SETUP_IMA) 1024 e820__range_update_kexec(pa_data, 1025 sizeof(*data) + data->len, 1026 E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);
··· 1017 e820__range_update(pa_data, sizeof(*data)+data->len, E820_TYPE_RAM, E820_TYPE_RESERVED_KERN); 1018 1019 /* 1020 + * SETUP_EFI, SETUP_IMA and SETUP_RNG_SEED are supplied by 1021 + * kexec and do not need to be reserved. 1022 */ 1023 + if (data->type != SETUP_EFI && 1024 + data->type != SETUP_IMA && 1025 + data->type != SETUP_RNG_SEED) 1026 e820__range_update_kexec(pa_data, 1027 sizeof(*data) + data->len, 1028 E820_TYPE_RAM, E820_TYPE_RESERVED_KERN);