• Linus Torvalds's avatar
    Merge tag 'x86_sev_for_v5.19_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · eb39e37d
    Linus Torvalds authored
    Pull AMD SEV-SNP support from Borislav Petkov:
     "The third AMD confidential computing feature called Secure Nested
      Paging.
    
      Add to confidential guests the necessary memory integrity protection
      against malicious hypervisor-based attacks like data replay, memory
      remapping and others, thus achieving a stronger isolation from the
      hypervisor.
    
      At the core of the functionality is a new structure called a reverse
      map table (RMP) with which the guest has a say in which pages get
      assigned to it and gets notified when a page which it owns, gets
      accessed/modified under the covers so that the guest can take an
      appropriate action.
    
      In addition, add support for the whole machinery needed to launch a
      SNP guest, details of which is properly explained in each patch.
    
      And last but not least, the series refactors and improves parts of the
      previous SEV support so that the new code is accomodated properly and
      not just bolted on"
    
    * tag 'x86_sev_for_v5.19_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (60 commits)
      x86/entry: Fixup objtool/ibt validation
      x86/sev: Mark the code returning to user space as syscall gap
      x86/sev: Annotate stack change in the #VC handler
      x86/sev: Remove duplicated assignment to variable info
      x86/sev: Fix address space sparse warning
      x86/sev: Get the AP jump table address from secrets page
      x86/sev: Add missing __init annotations to SEV init routines
      virt: sevguest: Rename the sevguest dir and files to sev-guest
      virt: sevguest: Change driver name to reflect generic SEV support
      x86/boot: Put globals that are accessed early into the .data section
      x86/boot: Add an efi.h header for the decompressor
      virt: sevguest: Fix bool function returning negative value
      virt: sevguest: Fix return value check in alloc_shared_pages()
      x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate()
      virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement
      virt: sevguest: Add support to get extended report
      virt: sevguest: Add support to derive key
      virt: Add SEV-SNP guest driver
      x86/sev: Register SEV-SNP guest request platform device
      x86/sev: Provide support for SNP guest request NAEs
      ...
    eb39e37d
sev.c 75.1 KB