of an AMD platform like the security processor (ASP) firmware, modules
etc, for example. The intent being that these updates are interim,
live fixups before a proper BIOS update can be attempted
- Add guest support for AMD's Secure AVIC feature which gives encrypted
guests the needed protection against a malicious hypervisor generating
unexpected interrupts and injecting them into such guest, thus
interfering with its operation in an unexpected and negative manner.
The advantage of this scheme is that the guest determines which
interrupts and when to accept them vs leaving that to the benevolence
(or not) of the hypervisor
- Strictly separate the startup code from the rest of the kernel where
former is executed from the initial 1:1 mapping of memory. The problem
was that the toolchain-generated version of the code was being
executed from a different mapping of memory than what was "assumed"
during code generation, needing an ever-growing pile of fixups for
absolute memory references which are invalid in the early, 1:1 memory
mapping during boot.
The major advantage of this is that there's no need to check the 1:1
mapping portion of the code for absolute relocations anymore and get
rid of the RIP_REL_REF() macro sprinkling all over the place.
For more info, see Ard's very detailed writeup on this:
https://lore.kernel.org/r/CAMj1kXEzKEuePEiHB%2BHxvfQbFz0sTiHdn4B%2B%2BzVBJ2mhkPkQ4Q@mail.gmail.com
- The usual cleanups and fixes
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmjWaaMACgkQEsHwGGHe
VUr/RBAAnfneG+5U7f5x+hYW68mwZu07eoQn02IW9WGb2xjV6LKYxzDqyEj/+l+x
jgN77i1uhl/4sqqKBvUjFfgot1gQ0g6M2fok2eZscSf+AHZF+LfDJPl4dFheVENo
KtPieu1yi2bA+stL9JgaKh0I1ELX40qebXeZY4H4rYVzokHG0H+CEcuhv6Es71bW
1C6efkZKHS3pAhlRUoa2MZagxnw+3mn9bfZDvSSNNM6I4qy9/CAPZlWw0jGrXKQX
K/gjBI2KcoqK2bdJtCQsTvbrsuBedjkM6BZveAAhvOVCh6Aq6lnbqirJPJX8WJLq
bIDAdsWGJ1vOzcgiPwT0e3qsfaTWep6MewcAQ/HnzrksH+IFb7J/l9awUgGY6LFh
GzG7KPEKIWiLOxYFC+gLxRn8SWhcXHeY/fB8i5OOnhnikODWG4bJtM8F1MTQO4O1
u2UuZ+wNzgdatJDXmLK1eluyuhkIqCZ7Hd8kpE0Zr32rbipEvuxnUPSyMzfhDM9M
+UJGm3C205vPU6doRG8X0+EosFGCyZcixQNXhOugmedT5g3XGHHoJtiLj2i29jLN
Xi0npxh2hwBe6N+WcIRnOfonFTsp6wWYatWPnGWTChpe+OGj9ZISXpmxnFUVCSag
spG1J+upBA7ck1exuwpS3ldNSiw/066iTxB7Ht02vbeQ4JXIF6M=
=shVa
-----END PGP SIGNATURE-----
Merge tag 'x86_apic_for_v6.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 SEV and apic updates from Borislav Petkov:
- Add functionality to provide runtime firmware updates for the non-x86
parts of an AMD platform like the security processor (ASP) firmware,
modules etc, for example. The intent being that these updates are
interim, live fixups before a proper BIOS update can be attempted
- Add guest support for AMD's Secure AVIC feature which gives encrypted
guests the needed protection against a malicious hypervisor
generating unexpected interrupts and injecting them into such guest,
thus interfering with its operation in an unexpected and negative
manner.
The advantage of this scheme is that the guest determines which
interrupts and when to accept them vs leaving that to the benevolence
(or not) of the hypervisor
- Strictly separate the startup code from the rest of the kernel where
former is executed from the initial 1:1 mapping of memory.
The problem was that the toolchain-generated version of the code was
being executed from a different mapping of memory than what was
"assumed" during code generation, needing an ever-growing pile of
fixups for absolute memory references which are invalid in the early,
1:1 memory mapping during boot.
The major advantage of this is that there's no need to check the 1:1
mapping portion of the code for absolute relocations anymore and get
rid of the RIP_REL_REF() macro sprinkling all over the place.
For more info, see Ard's very detailed writeup on this [1]
- The usual cleanups and fixes
Link: https://lore.kernel.org/r/CAMj1kXEzKEuePEiHB%2BHxvfQbFz0sTiHdn4B%2B%2BzVBJ2mhkPkQ4Q@mail.gmail.com [1]
* tag 'x86_apic_for_v6.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (49 commits)
x86/boot: Drop erroneous __init annotation from early_set_pages_state()
crypto: ccp - Add AMD Seamless Firmware Servicing (SFS) driver
crypto: ccp - Add new HV-Fixed page allocation/free API
x86/sev: Add new dump_rmp parameter to snp_leak_pages() API
x86/startup/sev: Document the CPUID flow in the boot #VC handler
objtool: Ignore __pi___cfi_ prefixed symbols
x86/sev: Zap snp_abort()
x86/apic/savic: Do not use snp_abort()
x86/boot: Get rid of the .head.text section
x86/boot: Move startup code out of __head section
efistub/x86: Remap inittext read-execute when needed
x86/boot: Create a confined code area for startup code
x86/kbuild: Incorporate boot/startup/ via Kbuild makefile
x86/boot: Revert "Reject absolute references in .head.text"
x86/boot: Check startup code for absence of absolute relocations
objtool: Add action to check for absence of absolute relocations
x86/sev: Export startup routines for later use
x86/sev: Move __sev_[get|put]_ghcb() into separate noinstr object
x86/sev: Provide PIC aliases for SEV related data objects
x86/boot: Provide PIC aliases for 5-level paging related constants
...
22bdd6e68b