[Deepin-Kernel-SIG] [linux 6.18-y] rebase our patches and fix builds -part4 #1406
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Sorry @opsiff, your pull request is larger than the review limit of 150000 diff characters
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
deepin pr auto review这是一个很大的代码差异(diff),涉及多个文件和模块的修改。我将对主要部分进行审查和分析。
3.1 代码组织:
3.2 安全性:
3.3 性能考虑:
3.4 潜在问题:
4.1 代码质量:
4.2 安全性:
4.3 性能:
4.4 可维护性:
主要风险点:
建议后续工作:
5.1 内存管理: // 建议添加内存分配失败检查
if (!ptr) {
pr_err("Memory allocation failed\n");
return -ENOMEM;
}5.2 错误处理: // 建议统一错误处理风格
ret = some_function();
if (ret) {
pr_err("Operation failed: %d\n", ret);
goto cleanup;
}5.3 安全检查: // 建议添加输入验证
if (unlikely(len > MAX_LEN)) {
pr_warn("Invalid length\n");
return -EINVAL;
}
主要风险点:
建议后续工作:
|
|
The following users are mentioned in OWNERS file(s) but are untrusted for the following reasons. One way to make the user trusted is to add them as members of the deepin-community org. You can then trigger verification by writing
|
This patch document the DT bindings for the Phytium MAC 1.0 and 2.0 controller. Signed-off-by: Li Wencheng <liwencheng@phytium.com.cn> Signed-off-by: Wang Yinfeng <wangyinfeng@phytium.com.cn> Signed-off-by: Wang Zhimin <wangzhimin1179@phytium.com.cn> Link: deepin-community#222 (cherry picked from commit 666a16e) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion
category: feature
CVE: NA
---------------------------
Hygon secure processors provide a lot of security functions, which
require a lot of code to support. In order to prevent Hygon function
code from invading the driver's native code, we introduce specific
files for Hygon. We'll leave the native code unchanged as much as
possible.
In this patch, we add files as below:
a. files for codes to support Hygon secure processor:
drivers/crypto/ccp/hygon/sp-dev.h
drivers/crypto/ccp/hygon/sp-pci.c
drivers/crypto/ccp/hygon/psp-dev.c
drivers/crypto/ccp/hygon/psp-dev.h
b. header file to define data types and structures for HYGON
Platform Security Processor:
include/linux/psp-hygon.h
c. header file to define userspace interface for HYGON Platform
Security Processor:
include/uapi/linux/psp-hygon.h
We'll add more Hygon specific code in the following commits.
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Link: deepin-community#341
(cherry picked from commit 51e0983)
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
Conflicts:
drivers/crypto/ccp/Makefile
hygon inclusion category: feature CVE: NA --------------------------- The meaning of the data read from feature register of Hygon PSP is not exactly the same as AMD ASP. The bit 1 in feature register is used to indicates TEE in AMD ASP, but not in Hygon PSP, which will cause host to crash during module initialization, as shown below. [ 27.898723] BUG: kernel NULL pointer dereference, address: 0000000000000014 [ 27.906503] #PF: supervisor read access in kernel mode [ 27.912242] #PF: error_code(0x0000) - not-present page [ 27.917981] PGD 0 P4D 0 [ 27.920810] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 27.925676] CPU: 67 PID: 1668 Comm: systemd-udevd Not tainted 6.6.7-for-gerrit #3 [ 27.934033] Hardware name: HYGON Hygon65N32/65N32, BIOS A0173036 02/01/2023 [ 27.941807] RIP: 0010:psp_firmware_is_visible+0x3c/0x70 [ccp] [ 27.948240] Code: 00 00 48 85 c0 74 12 48 81 fe e0 54 53 c1 74 2f 48 81 fe c0 54 53 c1 74 03 31 c0 c3 f6 40 70 02 74 f7 48 8b 50 10 48 8b 52 08 <8b> 52 14 85 d2 74 e8 48 03 50 38 48 89 d7 e8 51 71 0a d7 eb 14 48 [ 27.969204] RSP: 0018:ffffc9000b80fa70 EFLAGS: 00010202 [ 27.975039] RAX: ffff888113c2d9a8 RBX: ffffffffc1535460 RCX: 0000000000000124 [ 27.983008] RDX: 0000000000000000 RSI: ffffffffc15354c0 RDI: ffff8888830dc0c0 [ 27.993320] RBP: ffff888883060980 R08: 0000000000000001 R09: 00000006c8df7639 [ 28.005756] R10: ffff888100258278 R11: 0000000000000100 R12: ffff8888830dc0c0 [ 28.019695] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffffc1535490 [ 28.032285] FS: 00007f7c9ba2b880(0000) GS:ffff88885fcc0000(0000) knlGS:0000000000000000 [ 28.044626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.054928] CR2: 0000000000000014 CR3: 0000800106e50000 CR4: 00000000003506e0 [ 28.065028] Call Trace: [ 28.067751] <TASK> [ 28.070095] ? __die_body+0x1f/0x60 [ 28.073995] ? page_fault_oops+0x15d/0x460 [ 28.078573] ? exc_page_fault+0x78/0x170 [ 28.082956] ? asm_exc_page_fault+0x26/0x30 [ 28.087632] ? psp_firmware_is_visible+0x3c/0x70 [ccp] [ 28.093384] internal_create_group+0xde/0x3a0 [ 28.093392] internal_create_groups.part.0+0x3d/0xa0 [ 28.093396] really_probe+0x197/0x3c0 [ 28.093402] ? __device_attach_driver+0x100/0x100 [[ 0 ;2382.m0 9 3O4K0 5 ] __driver_probe_device+0x78/0x160 [ 28.093409] driver_probe_device+0x1e/0xa0 [ 28.126379] __driver_attach+0xaa/0x160 [ 28.130667] ? __device_attach_driver+0x100/0x100 [ 28.135921] bus_for_each_dev+0x75/0xc0 [ 28.142419] bus_add_driver+0x112/0x210 [ 28.149240] driver_register+0x5c/0x110 [ 28.154875] ? 0xffffffffc14a4000 [ 28.160197] sp_mod_init+0x10/0x1000 [ccp] [ 28.166164] do_one_initcall+0x45/0x210 [ 28.170453] ? kmalloc_trace+0x29/0x90 [ 28.174642] do_init_module+0x64/0x240 [ 28.178831] load_module+0x1d84/0x2010 [ 28.183024] ? init_module_from_file+0x8b/0xd0 [ 28.187986] init_module_from_file+0x8b/0xd0 [ 28.192763] do_syscall_64+0x39/0x80 [ 28.206672] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 28.212318] RIP: 0033:0x7f7c9b91ea3d [ 28.216312] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c3 a3 0f 00 f7 d8 64 89 01 48 [ 28.237272] RSP: 002b:00007ffe6cee5368 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 28.245725] RAX: ffffffffffffffda RBX: 000055700e302260 RCX: 00007f7c9b91ea3d [ 28.253691] RDX: 0000000000000000 RSI: 00007f7c9ba5cded RDI: 0000000000000006 [ 28.261658] RBP: 0000000000020000 R08: 0000000000000000 R09: 000055700e4d3188 [ 28.269624] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f7c9ba5cded [ 28.277590] R13: 0000000000000000 R14: 000055700e4cb7b0 R15: 000055700e302260 [ 28.285552] </TASK> [ 28.287995] Modules linked in: k10temp ccp(+) drm_kms_helper ipmi_si(+) ipmi_devintf ipmi_msghandler mac_hid sch_fq_codel parport_pc ppdev lp parport ramoops drm reed_solomon efi_pstore ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear igb i2c_algo_bit dca ptp crc32_pclmul pps_core ahci libahci i2c_piix4 hid_generic usbhid hid [ 28.288027] CR2: 0000000000000014 [ 28.288031] ---[ end trace 0000000000000000 ]--- [ 28.533899] ipmi_si IPI0001:00: IPMI message handler: Found new BMC (man_id: 0x00d455, prod_id: 0x0202, dev_id: 0x20) [ 28.604507] RIP: 0010:psp_firmware_is_visible+0x3c/0x70 [ccp] [ 28.604527] Code: 00 00 48 85 c0 74 12 48 81 fe e0 54 53 c1 74 2f 48 81 fe c0 54 53 c1 74 03 31 c0 c3 f6 40 70 02 74 f7 48 8b 50 10 48 8b 52 08 <8b> 52 14 85 d2 74 e8 48 03 50 38 48 89 d7 e8 51 71 0a d7 eb 14 48 [ 28.604530] RSP: 0018:ffffc9000b80fa70 EFLAGS: 00010202 [ 28.604533] RAX: ffff888113c2d9a8 RBX: ffffffffc1535460 RCX: 0000000000000124 [ 28.604535] RDX: 0000000000000000 RSI: ffffffffc15354c0 RDI: ffff8888830dc0c0 [ 28.604536] RBP: ffff888883060980 R08: 0000000000000001 R09: 00000006c8df7639 [ 28.604537] R10: ffff888100258278 R11: 0000000000000100 R12: ffff8888830dc0c0 [ 28.604539] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffffc1535490 [ 28.604540] FS: 00007f7c9ba2b880(0000) GS:ffff88885fcc0000(0000) knlGS:0000000000000000 [ 28.604542] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.604543] CR2: 0000000000000014 CR3: 0000800106e50000 CR4: 00000000003506e0 Also, the meaning of bit 7 in the feature register of Hygon PSP is not the same as AMD ASP. The Hygon PSP works only when CSV is configured in feature register. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#341 (cherry picked from commit 86af24a) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: drivers/crypto/ccp/psp-dev.c
hygon inclusion category: feature CVE: NA --------------------------- The are Secure Processor devices with 2 different PCI device IDs on Hygon 2nd and 3rd CPUs, add them in the device list. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#341 (cherry picked from commit 06b1147) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: drivers/crypto/ccp/sp-pci.c
hygon inclusion category: feature CVE: NA --------------------------- Since Hygon 4th CPUs, there are new Secure Processor devices with 3 different PCI device IDs, add them in the device list. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#341 (cherry picked from commit 4de2441) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: feature CVE: NA --------------------------- The CSV_HGSC_CERT_IMPORT command can be used to import hygon general secure cert to the Secure Proccessor, to enable Hygon Secure Functions, such as CSV, TPM, TPCM, TDM. Signed-off-by: fangbaoshun <fangbaoshun@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#342 (cherry picked from commit 0a38ba2) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: drivers/crypto/ccp/Makefile
hygon inclusion category: feature CVE: NA --------------------------- Add the HYGON secure virtualization document describing the secure virtualization features. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit e9aaad4) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
…support into the kernel hygon inclusion category: feature CVE: NA --------------------------- Provide CONFIG_HYGON_CSV to the arch/x86/Kconfig, and build HYGON's specific memory encryption support into the kernel when CONFIG_HYGON_CSV=y. Besides, add arch/x86/include/asm/processor-hygon.h to contains helpers to determine the Hygon CPUs so that we can call functions specific to CSV in the native code and reduce code intruision. Signed-off-by: hanliyang <hanliyang@hygon.cn> (cherry picked from commit 9a215e2) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion
category: bugfix
CVE: NA
---------------------------
The error messages is shown as following:
drivers/crypto/ccp/hygon/csv-dev.c:21:5: error: no previous prototype for ‘csv_cmd_buffer_len’ [-Werror=missing-prototypes]
21 | int csv_cmd_buffer_len(int cmd)
| ^~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Reported-by: WangYuli <wangyuli@uniontech.com>
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Link: deepin-community#351
(cherry picked from commit 47ea01f)
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
The following commit remove some macro, fix it. commit 8609dd2 Author: Mario Limonciello <mario.limonciello@amd.com> Date: Tue May 28 16:07:08 2024 -0500 crypto: ccp - Represent capabilities register as a union Making the capabilities register a union makes it easier to refer to the members instead of always doing bit shifts. No intended functional changes. Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Suggested-by: Yazen Ghannam <yazen.ghannam@amd.com> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Link: deepin-community#350 Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: feature CVE: NA --------------------------- Add CSV and CSV2 to the list of memory encryption features. Also print CPU vendor while printing CSV infos. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: Link: deepin-community#350 (cherry picked from commit 3a15cca) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/include/asm/mem_encrypt.h arch/x86/mm/mem_encrypt.c
hygon inclusion category: feature CVE: NA --------------------------- The Cryptographic Co-Processor module will print 'SEV API' instead of 'CSV API' on Hygon CPU if CSV is supported. Fix this confused message here. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 9d1c6b9) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: feature CVE: NA --------------------------- The KVM will print 'SEV supported' instead of 'CSV supported' on Hygon CPU if CSV is supported. Fix these confused messages here. Fix other 'SEV' messages in arch/x86/kvm/svm/svm.c. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 8ab045c) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/kvm/svm/sev.c
hygon inclusion category: feature CVE: NA --------------------------- Hygon SME is identified by CPUID 0x8000001f, but requires BIOS support to enable it (set bit 23 of MSR_AMD64_SYSCFG). Hygon CSV and CSV2 are identified by CPUID 0x8000001f, but requires BIOS support to enable it (set bit 23 of MSR_AMD64_SYSCFG and set bit 0 of MSR_K7_HWCR). Only show the SME, CSV, CSV2 features as available if reported by CPUID and enabled by BIOS. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 54f0805) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/kernel/cpu/hygon.c
hygon inclusion category: feature CVE: NA --------------------------- This is a pure feature bits leaf. Add SM3 and SM4 feature bits from this leaf on Hygon CPUs. Signed-off-by: hanliyang <hanliyang@hygon.cn> [disabled-features.h and required-features.h removed by the commit commit 8f97566 Author: Xin Li (Intel) <xin@zytor.com> Date: Mon Mar 10 08:32:12 2025 +0100 x86/cpufeatures: Remove {disabled,required}-features.h The functionalities of {disabled,required}-features.h have been replaced with the auto-generated generated/<asm/cpufeaturemasks.h> header. Thus they are no longer needed and can be removed. None of the macros defined in {disabled,required}-features.h is used in tools, delete them too. Signed-off-by: Xin Li (Intel) <xin@zytor.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Signed-off-by: Ingo Molnar <mingo@kernel.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Link: https://lore.kernel.org/r/20250305184725.3341760-4-xin@zytor.com] Link: deepin-community#350 (cherry picked from commit 4a0be8d) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/include/asm/cpufeature.h arch/x86/include/asm/cpufeatures.h arch/x86/include/asm/disabled-features.h arch/x86/include/asm/required-features.h
hygon inclusion category: feature CVE: NA --------------------------- Add CPU feature detection for Hygon 3rd CSV. This feature enhances CSV2 by also isolating NPT and VMCB, making them in-accessible to the hypervisor. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 00a1c40) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/include/asm/cpufeatures.h
hygon inclusion category: feature CVE: NA --------------------------- The commit 08f253e ("x86/cpu: Clear SME feature flag when not in use") will clear SME feature flag if the kernel is not using it on AMD CPUs, this will help userspace to determine if SME is available and in use from /proc/cpuinfo. Apply this change to Hygon CPUs as well. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit 941989f) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: feature CVE: NA --------------------------- Configure CONFIG_HYGON_CSV=y so that Hygon Confidential Computing support will be compiled. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#350 (cherry picked from commit b0567bb) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/configs/deepin_x86_desktop_defconfig
hygon inclusion category: bugfix CVE: NA --------------------------- The upstream commit a0423af ("x86: KVM: Advertise CPUIDs for new instructions in Clearwater Forest") has introduced the macros X86_FEATURE_SM3 and X86_FEATURE_SM4, which conflict with the non-upstreamed commit 4a0be8d ("x86/cpufeatures: Add CPUID_8C86_0000_EDX CPUID leaf"). To address this issue, we rename X86_FEATURE_SM{3,4} to X86_FEATURE_HYGON_SM{3,4}. Fixes: 4a0be8d ("x86/cpufeatures: Add CPUID_8C86_0000_EDX CPUID leaf") Link: deepin-community#643 Signed-off-by: hanliyang <hanliyang@hygon.cn> (cherry picked from commit a552a37) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion
category: bugfix
CVE: NA
---------------------------
The error messages is shown as following:
In file included from drivers/crypto/ccp/hygon/csv-dev.c:19:
drivers/crypto/ccp/hygon/csv-dev.h:18:36: error: ‘struct sev_user_data_status’ declared inside parameter list will not be visible outside of this definition or declaration [-Werror]
18 | void csv_update_api_version(struct sev_user_data_status *status);
| ^~~~~~~~~~~~~~~~~~~~
drivers/crypto/ccp/hygon/csv-dev.c:34:6: error: conflicting types for ‘csv_update_api_version’; have ‘void(struct sev_user_data_status *)’
34 | void csv_update_api_version(struct sev_user_data_status *status)
| ^~~~~~~~~~~~~~~~~~~~~~
drivers/crypto/ccp/hygon/csv-dev.h:18:6: note: previous declaration of ‘csv_update_api_version’ with type ‘void(struct sev_user_data_status *)’
18 | void csv_update_api_version(struct sev_user_data_status *status);
| ^~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Signed-off-by: hanliyang <hanliyang@hygon.cn>
Link: deepin-community#353
(cherry picked from commit 174941c)
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: feature CVE: NA --------------------------- When sev guest wants to collect the attestation report, it cannot directly communicate with psp. Add VM_ATTESTATION hypercall to allow sev guest to tell host to help get the attestation report. Since sev guest memory is encrypted, host cannot tamper with the report data. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#354 (cherry picked from commit 6be6dfe) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/include/asm/kvm-x86-ops.h arch/x86/include/asm/kvm_host.h arch/x86/kvm/Makefile arch/x86/kvm/svm/sev.c arch/x86/kvm/x86.c
hygon inclusion category: feature CVE: NA --------------------------- CSV firmware provides the guest a mechanism to communicate with the PSP without risk from a malicious hypervisor who wishes to read, alter, drop or replay the messages sent. The driver provides userspace interface to communicate with the PSP to request the attestation report and more. Signed-off-by: fangbaoshun <fangbaoshun@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#354 (cherry picked from commit a97e352) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: drivers/virt/Makefile
hygon inclusion category: feature CVE: NA --------------------------- When ccp driver detect CSV support on Hygon CPU, it should try to update the latest CSV firmware on the system paths. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#354 (cherry picked from commit fba194e) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: drivers/crypto/ccp/sev-dev.c
hygon inclusion category: feature CVE: NA --------------------------- The CSV_PLATFORM_INIT command can be used by the platform owner to switch platform from PSTATE.UNINIT to PSTATE.INIT. In the upcoming patches, we'll support DOWNLOAD_FIRMWARE at userspace. Due to DOWNLOAD_FIRMWARE can only performed when platform is in the PSTATE.UNINIT, we need invoke PLATFORM_INIT following DOWNLOAD_FIRMWARE to switch platform back to PSTATE.INIT. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#354 (cherry picked from commit 17ed0b7) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: feature CVE: NA --------------------------- The CSV_PLATFORM_SHUTDOWN command can be used by the platform owner to switch platform to PSTATE.UNINIT. The DOWNLOAD_FIRMWARE API can only performed when platform is in the PSTATE.UNINIT. In order to support DOWNLOAD_FIRMWARE at userspace, we need invoke PLATFORM_SHUTDOWN before that. Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#354 (cherry picked from commit 76b83f8) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: feature -------------------------------- In order to add SM4 driver for hygon ccp, relating to sm4 mode of ecb/ecb_hs, cbc/cbc_hs, cfb, ofb and ctr Signed-off-by: Yabin Li <liyabin@hygon.cn> Signed-off-by: yangdepei <yangdepei@hygon.cn> [ add crypto/internal/skcipher.h to ccp-crypto-sm4-hygon.c include] (cherry picked from commit 88ae1ee) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion
category: bugfix
--------------------------------
the complete callback 'crypto_req_done' has changed its input parameter,
we need update input in ccp-crypto implement.
Fixes: acafe30ff58a ("crypto: ccp: Support SM2 algorithm for hygon ccp.")
Signed-off-by: yangdepei <yangdepei@hygon.cn>
(cherry picked from commit 9ced149)
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: bugfix -------------------------------- ccp_find_lsb_regions check from vq_1 but status value start from vq_0. Fixes: 4b394a2 ("crypto: ccp - Let a v5 CCP provide the same function as v3") Signed-off-by: Yabin Li <liyabin@hygon.cn> Signed-off-by: yangdepei <yangdepei@hygon.cn> (cherry picked from commit 3eb66e3) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: bugfix -------------------------------- fix the repetitive interrupt (INT_COMPLETION & INT_EMPTY_QUEUE) in one cmd process. Fixes: 6263b51 ("crypto: ccp - Change ISR handler method for a v5 CCP") Signed-off-by: Yabin Li <liyabin@hygon.cn> Signed-off-by: yangdepei <yangdepei@hygon.cn> (cherry picked from commit e0c92f7) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
…cess test. hygon inclusion category: bugfix -------------------------------- we shuld clear interrupt status before set int_revd flag, otherwise, it will cause vq thread stuck when process multi command. Fixes: 4b394a2 ("crypto: ccp - Let a v5 CCP provide the same function as v3") Signed-off-by: Xiangyu Xu <xuxiangyu@hygon.cn> Signed-off-by: Yabin Li <liyabin@hygon.cn> Signed-off-by: yangdepei <yangdepei@hygon.cn> (cherry picked from commit bbc1b57) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
…ding
hygon inclusion
category: bugfix
--------------------------------
Add DER coding support for ccp sm2 sign interface.
Fixes: acafe30ff58a ("crypto: ccp: Support SM2 algorithm for hygon ccp.")
Signed-off-by: liulanyi <liulanyi@hygon.cn>
Signed-off-by: yangdepei <yangdepei@hygon.cn>
(cherry picked from commit 10a3ac3)
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
See this commit: commit 5b553e0 Author: Lukas Wunner <lukas@wunner.de> Date: Tue Sep 10 16:30:19 2024 +0200 crypto: virtio - Drop sign/verify operations The virtio crypto driver exposes akcipher sign/verify operations in a user space ABI. This blocks removal of sign/verify from akcipher_alg. Herbert opines: "I would say that this is something that we can break. Breaking it is no different to running virtio on a host that does not support these algorithms. After all, a software implementation must always be present. I deliberately left akcipher out of crypto_user because the API is still in flux. We should not let virtio constrain ourselves." https://lore.kernel.org/all/ZtqoNAgcnXnrYhZZ@gondor.apana.org.au/ "I would remove virtio akcipher support in its entirety. This API was never meant to be exposed outside of the kernel." https://lore.kernel.org/all/Ztqql_gqgZiMW8zz@gondor.apana.org.au/ Drop sign/verify support from virtio crypto. There's no strong reason to also remove encrypt/decrypt support, so keep it. A key selling point of virtio crypto is to allow guest access to crypto accelerators on the host. So far the only akcipher algorithm supported by virtio crypto is RSA. Dropping sign/verify merely means that the PKCS#1 padding is now always generated or verified inside the guest, but the actual signature generation/verification (which is an RSA decrypt/encrypt operation) may still use an accelerator on the host. Generating or verifying the PKCS#1 padding is cheap, so a hardware accelerator won't be of much help there. Which begs the question whether virtio crypto support for sign/verify makes sense at all. It would make sense for the sign operation if the host has a security chip to store asymmetric private keys. But the kernel doesn't even have an asymmetric_key_subtype yet for hardware-based private keys. There's at least one rudimentary driver for such chips (atmel-ecc.c for ATECC508A), but it doesn't implement the sign operation. The kernel would first have to grow support for a hardware asymmetric_key_subtype and at least one driver implementing the sign operation before exposure to guests via virtio makes sense. Signed-off-by: Lukas Wunner <lukas@wunner.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
…rash
hygon inclusion
category: bugfix
--------------------------------
long data sm2 encryption may cause out of bounds memory access
Fixes: acafe30ff58a ("crypto: ccp: Support SM2 algorithm for hygon ccp.")
Signed-off-by: liulanyi <liulanyi@hygon.cn>
Signed-off-by: yangdepei <yangdepei@hygon.cn>
(cherry picked from commit 11d188b)
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: feature -------------------------------- change command queue size to 8192 to support multipule cmd in hygon ccp Signed-off-by: Yabin Li <liyabin@hygon.cn> Signed-off-by: yangdepei <yangdepei@hygon.cn> (cherry picked from commit 79c6196) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: feature -------------------------------- optimize sm3 processing performance, the physical page of each sg list corresponds to a CCP cmd, all cmd prepared, then start ccp. Signed-off-by: Yabin Li <liyabin@hygon.cn> Signed-off-by: yangdepei <yangdepei@hygon.cn> (cherry picked from commit 7f18fe7) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: feature -------------------------------- optimize sm4 processing performance by starting ccp only after all cmd has been prepared Signed-off-by: Yabin Li <liyabin@hygon.cn> Signed-off-by: yangdepei <yangdepei@hygon.cn> (cherry picked from commit bca09bd) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion
category: bugfix
--------------------------------
remove the repeated sm4-hs mode definition, otherwise, it
will caused ccp-crypto module load err in the following
version of kernel-6.6, eg. 6.6.20
Fixes: 474d2ff69261 ("crypto: ccp: Support SM4 algorithm for hygon ccp.")
Signed-off-by: yangdepei <yangdepei@hygon.cn>
(cherry picked from commit 1ebe003)
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: feature -------------------------------- 1. support sm2 on 4th cpu 2. create new ccp-dev-v5.c file for hygon ccp only 3. restore original ccp-dev-v5.c file Signed-off-by: yangdepei <yangdepei@hygon.cn> (cherry picked from commit 42d2b65) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
…rnel space
hygon inclusion
category: feature
---------------------------
Add a self-defined mutex to support concurrent psp access between kernel
space and user space.
Signed-off-by: xiongmengbiao <xiongmengbiao@hygon.cn>
[move mutex patch sev_platform_shutdown to sev_firmware_shutdown
@@ -2838,9 +2866,18 @@ static void __sev_firmware_shutdown(struct sev_device *sev, bool panic)
static void sev_firmware_shutdown(struct sev_device *sev)
{
- mutex_lock(&sev_cmd_mutex);
+ if (is_vendor_hygon()) {
+ if (psp_mutex_lock_timeout(&hygon_psp_hooks.psp_misc->data_pg_aligned->mb_mutex,
+ PSP_MUTEX_TIMEOUT) != 1)
+ return -EBUSY;
+ } else {
:
]
Link: deepin-community#386
(cherry picked from commit 75f7390)
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
Conflicts:
drivers/crypto/ccp/sev-dev.c
hygon inclusion category: feature --------------------------- Add ioctl interface to control the state of self-defined mutex in user and kernel space. By default, when psp user-mode driver is not used, the self-defined mutex is disabled, and the kernel's native private lock is utilized instead. Signed-off-by: xiongmengbiao <xiongmengbiao@hygon.cn> Link: deepin-community#386 (cherry picked from commit 87c2f52) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: drivers/crypto/ccp/psp-dev.c drivers/crypto/ccp/sev-dev.c
hygon inclusion category: feature --------------------------- Support the PSP virtualization basic framework. The guest uses the vmmcall instruction to interact with KVM, which then forwards the data to the PSP device driver and sends it to the PSP hardware. Signed-off-by: niuyongwen <niuyongwen@hygon.cn> Link: deepin-community#386 (cherry picked from commit abe09b8) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/kvm/Makefile arch/x86/kvm/x86.c
hygon inclusion category: feature --------------------------- Allow the guest to execute Trusted Key Management (TKM) commands in user mode. Each TKM command data block is transferred to KVM using the vmmcall instruction and processed through the following three steps: 1. Obtain the VM command and preprocess the pointer mapping table information in the command buffer 2. The command that has been converted will interact with the channel of the psp through the driver and try to obtain the execution result 3. The executed command data is recovered according to the multilevel pointer of the mapping table, and then returned to the VM Signed-off-by: niuyongwen <niuyongwen@hygon.cn> Link: deepin-community#386 (cherry picked from commit 907e2fa) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: feature --------------------------- Add `vpsp_add_vid` and `vpsp_del_vid` to receive VID information in host user mode. Generally, these ioctl calls should be initiated from the QEMU process. When sending data to the PSP hardware, place the VID in the bit 56 to bit 63 range of the physical address. The PSP hardware will then access different key spaces based on the VID. Signed-off-by: xiongmengbiao <xiongmengbiao@hygon.cn> Link: deepin-community#386 (cherry picked from commit f5402ac) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: drivers/crypto/ccp/hygon/psp-dev.c
hygon inclusion category: feature --------------------------- If the guest does not explicitly specify a VID via `vpsp_add_vid`, VID 0 will be used by default, sharing the key space with the host. A `vpsp_set_default_vid_permission` ioctl call has been added to control the behavior of the default VID. If the default VID permission is set to "not allowed," any guest that does not explicitly specify a VID will be denied access to the TKM function. Signed-off-by: xiongmengbiao <xiongmengbiao@hygon.cn> Link: deepin-community#386 (cherry picked from commit 726db88) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
… module hygon inclusion category: feature --------------------------- Because the KVM module calls certain interfaces from the ccp module, such as vpsp_try_do_cmd, it is necessary to load the ccp module before loading kvm. However, on CPUs other than Hygon, the ccp module might not be loaded, which would prevent the kvm module from loading. Therefore, we use function hooks to call functions from the ccp module. Now the module dependencies are as follows: [root@centos-7-8 ~]# lsmod | grep kvm kvm_amd 200704 0 kvm 1339392 1 kvm_amd ccp 352256 1 kvm_amd irqbypass 12288 2 vfio_pci_core,kvm Signed-off-by: xiongmengbiao <xiongmengbiao@hygon.cn> Link: deepin-community#386 (cherry picked from commit d97fda9) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: arch/x86/kvm/Makefile
…emmory for tkm hygon inclusion category: bugfix --------------------------- When deleting a VID, `memcpy` is used to move data within the array and overwrite the deleted VID entry. However, `memcpy` does not handle overlapping memory regions correctly within the array. Therefore, `memmove` should be used instead. Signed-off-by: niuyongwen <niuyongwen@hygon.cn> Link: deepin-community#386 (cherry picked from commit a67f9aa) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
Log:
[fix psp-dev.c
drivers/crypto/ccp/hygon/psp-dev.c:25:10: error: no previous prototype for ‘atomic64_exchange’ [-Werror=missing-prototypes]
25 | uint64_t atomic64_exchange(uint64_t *dst, uint64_t val)
| ^~~~~~~~~~~~~~~~~
drivers/crypto/ccp/hygon/psp-dev.c:30:5: error: no previous prototype for ‘psp_mutex_init’ [-Werror=missing-prototypes]
30 | int psp_mutex_init(struct psp_mutex *mutex)
| ^~~~~~~~~~~~~~
drivers/crypto/ccp/hygon/vpsp.c:108:21: error: no previous prototype for ‘map_tbl_dump’ [-Werror=missing-prototypes]
108 | void __maybe_unused map_tbl_dump(const char *title, struct addr_map_tbls *tbls)
| ^~~~~~~~~~~~
drivers/crypto/ccp/hygon/vpsp.c:121:21: error: no previous prototype for ‘g2h_tbl_dump’ [-Werror=missing-prototypes]
121 | void __maybe_unused g2h_tbl_dump(const char *title, struct gpa2hva_tbls *tbls)
| ^~~~~~~~~~~~
cc1: all warnings being treated as errors
make[5]: *** [scripts/Makefile.build:287:drivers/crypto/ccp/hygon/vpsp.o] 错误 1
make[5]: *** 正在等待未完成的任务....
drivers/crypto/ccp/hygon/psp-dev.c:188:6: error: no previous prototype for ‘vpsp_set_default_vid_permission’ [-Werror=missing-prototypes]
188 | void vpsp_set_default_vid_permission(uint32_t is_allow)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/crypto/ccp/hygon/psp-dev.c:495:5: error: no previous prototype for ‘__vpsp_do_cmd_locked’ [-Werror=missing-prototypes]
495 | int __vpsp_do_cmd_locked(uint32_t vid, int cmd, void *data, int *psp_ret)
| ^~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors ]
Link: deepin-community#386
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: bugfix --------------------------- The Hygon platform indirectly accesses the `sev_cmd_mutex` variable through `hygon_psp_hooks`. However, on non-Hygon platforms (such as AMD), `hygon_psp_hooks` is not initialized, so `sev_cmd_mutex` should be accessed directly. Signed-off-by: xiongmengbiao <xiongmengbiao@hygon.cn> Link: deepin-community#425 (cherry picked from commit b338d3a) Signed-off-by: Wentao Guan <guanwentao@uniontech.com> Conflicts: drivers/crypto/ccp/sev-dev.c
hygon inclusion category: bugfix CVE: NA --------------------------- When running the kernel which is compiled with the config CONFIG_CRYPTO_DEV_CCP_DD=y, the S4 resume process will change the TMR region, but the CSV firmware still keeps TMR region information as before. This will lead to kernel PANIC when the system resumed from S4. To address this issue, we provide PM callbacks, the callbacks will be called during S4 and resume from S4. Signed-off-by: baizhaowei <baizhaowei@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#501 (cherry picked from commit b81ee1c) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
hygon inclusion category: bugfix CVE: NA --------------------------- The commit 973eb41 ("crypto: ccp: Fix S4 kernel panic issue on HYGON psp") introduced a HYGON-specific PM interface to resolve S4 issues. This commit assumed that the file .../hygon/sp-dev.c depended on CONFIG_CRYPTO_DEV_SP_PSP, which was incorrect because sp-dev.c serves as an abstraction for all secure processors. Consequently, we encountered compile errors on the aarch64 platform. To address these issues, we removed the dependency of .../hygon/sp-dev.c on CONFIG_CRYPTO_DEV_SP_PSP. Additionally, HYGON_PSP2CPU_CMD is depends on CONFIG_CRYPTO_DEV_SP_PSP, so we moved the related function declarations to resolve some compilation issues. Fixes: 973eb41 ("crypto: ccp: Fix S4 kernel panic issue on HYGON psp") Fixes: a4a33c4 ("crypto: ccp: Add another mailbox interrupt support for PSP sending command to X86") Signed-off-by: hanliyang <hanliyang@hygon.cn> Link: deepin-community#513 (cherry picked from commit 334a3b2) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
opsiff
force-pushed
the
linux-6.18.y-2026-01-05-part4
branch
from
60aa687 to
be86911
Compare
There was a problem hiding this comment.
Pull request overview
This pull request introduces comprehensive support for Hygon processors, including CSV (China Secure Virtualization) security features, cryptographic algorithm support (SM2/SM3/SM4), TDM (Trusted Dynamic Measurement), and various platform-specific drivers. The changes span kernel memory management, cryptographic subsystems, virtualization infrastructure, and device drivers.
Key changes:
- Adds Hygon CSV security virtualization support with guest/host implementations
- Implements SM2/SM3/SM4 cryptographic algorithms for Hygon CCP hardware
- Introduces TDM framework for trusted measurement and kernel protection
- Adds OWNERS files for code review management across multiple subsystems
- Extends CMA (Contiguous Memory Allocator) to support dynamic area allocation
- Integrates Phytium hardware support with proper dependency management
Reviewed changes
Copilot reviewed 102 out of 105 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| mm/cma.c, mm/cma.h | Converts static CMA areas to dynamic allocation with expanded capacity |
| include/linux/psp-hygon.h | Defines CSV command structures and virtual PSP interfaces |
| drivers/crypto/ccp/hygon/* | Implements Hygon-specific PSP, CSV, TDM drivers and ring buffer support |
| drivers/crypto/ccp/ccp-ops.c | Adds SM2/SM3/SM4 cryptographic engine operations |
| include/uapi/linux/kvm.h | Extends KVM API with CSV-specific commands and structures |
| drivers/virt/coco/csv-guest/* | Implements CSV guest driver for attestation |
| Multiple OWNERS files | Establishes code review ownership across subsystems |
Comments suppressed due to low confidence (5)
mm/cma.c:1
- Missing
inttype specifier forcma_area_count. While some compilers may accept this as defaulting toint, it's not valid C and should be explicitly declared asunsigned int.
include/linux/psp-hygon.h:1 - The
__maybe_unusedattribute is unnecessary for static inline stub functions that are defined in headers. These functions will only be compiled if used, so the attribute adds no value.
drivers/virt/coco/csv-guest/csv-guest.c:1 - Device file permissions 0777 allow any user to read/write/execute. This is a security risk for a device handling attestation. Should be restricted to 0600 or 0660 with appropriate group ownership.
drivers/crypto/ccp/hygon/psp-dev.h:1 - Inconsistent use of
__maybe_unused. The attribute appears on line 373 but the function declaration continues on line 374. This should be on the same line or usestatic inlineinstead for stub functions.
drivers/net/can/phytium/phytium_can_platform.c:1 - Using
# ifdefwith a space after#is non-standard. Should be#ifdefwithout the space for consistency with kernel coding style.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Due to github rebase merge limit, submit part4 from linux-6.6.y, linux-6.12.y and build fix.
Hao Feng (1):
crypto: ccp: Add support to detect CCP devices on Hygon 2nd and 3rd
CPUs
Li Wencheng (1):
dt-bindings: phytmac: Add bindings for Phytium MAC 1.0 and 2.0
WangYuli (4):
x86: config: Increase maximum number of CPUs to 512
deepin: Add OWNERS for deepin kernel
can: phytium: Use phytium_can_of_ids only when CONFIG_OF enabled
spi: Introduce dependencise for Phytium to avoid warnings
Wentao Guan (8):
crypto: ccp: Adapt for kernel >=6.11
KVM: SVM: convert to fd_file()
KVM: SEV: hygon: Use long-term pin when registering encrypted memory
regions
config: enable support for MT7925
tpm: hygon: Add bufsiz parameter to tpm_c_send()
tpm: hygon: don't bother with removal of files in directory we'll be
removing
crypto: hygon - Drop sign/verify operations
drivers/crypto/ccp: fix hygon ccp build for 6.18
Xiangyu Xu (1):
crypto: ccp: Fix a problem that vq thread may stuck when do multi
process test.
Xin Jiang (5):
crypto: ccp: Add support to detect CCP devices on Hygon 4th CPUs
Documentation/arch/x86: Add HYGON secure virtualization description
crypto: ccp: Define CSV3 key management command id
x86/mm: Manage CSV3 guest's private memory by CMA
crypto: ccp: Add SET_SMR/SET_SMCR commands for CSV3
Yabin Li (8):
crypto: ccp: Support SM2 algorithm for hygon ccp.
crypto: ccp: Support SM3 algorithm for hygon ccp.
crypto: ccp: Support SM4 algorithm for hygon ccp.
crypto: ccp: It prompt ILLEGAL_MEM_ADDR when using PSPCCP.
crypto: ccp: Only handle interrupts by completion.
crypto: ccp: Modify value of COMMANDS_PER_QUEUE from 16 to 8192.
crypto: ccp: Process multiple VQ commands once for SM3 ccp.
crypto: ccp: Process multiple VQ commands once for SM4/SM4-CTR ccp.
baizhaowei (1):
crypto: ccp: Fix S4 kernel panic issue on HYGON psp
chench (2):
crypto: ccp: Add a new interface for X86 sending command to PSP
crypto: ccp: Add another mailbox interrupt support for PSP sending
command to X86
chench00 (4):
crypto: tdm: Add Hygon TDM driver
crypto: tdm: Support dynamic protection for SCT and IDT by HYGON TDM
linux: tpm: add Hygon TPM2 driver
linux: tcm: add Hygon TCM2 driver
fangbaoshun (11):
crypto: ccp: Implement CSV_HGSC_CERT_IMPORT ioctl command
driver/virt/coco: Add HYGON CSV Guest dirver.
crypto: ccp: Introduce init and free helpers to manage CSV RING_BUFFER
queues
crypto: ccp: Add support for enqueue command pointers in CSV
RING_BUFFER mode
crypto: ccp: Add support for dequeue status in CSV RING_BUFFER mode
crypto: ccp: Add support to switch to CSV RING_BUFFER mode
crypto: ccp: Add support for issue commands in CSV RING_BUFFER mode
KVM: SVM: Add KVM_CSV_COMMAND_BATCH command for applying CSV
RING_BUFFER mode
KVM: SVM: Prepare memory pool to allocate buffers for
KVM_CSV_COMMAND_BATCH
KVM: SVM: Add SEND_UPDATE_DATA command helper to support
KVM_CSV_COMMAND_BATCH
KVM: SVM: Add RECEIVE_UPDATE_DATA command helper to support
KVM_CSV_COMMAND_BATCH
hanliyang (35):
crypto: ccp: Introduce hygon specific interface to support driver
crypto: ccp: Fixup the capability of Hygon PSP during initialization
x86/mm: Provide a Kconfig entry to build the HYGON memory encryption
support into the kernel
crypto: ccp: Fix compile error on csv_cmd_buffer_len()
x86/mm: Print CSV info into the kernel log
crypto: ccp: Print Hygon CSV API version when CSV support is detected
KVM: SVM: Print Hygon CSV support info if support is detected
x86/cpu: Detect memory encryption features on Hygon CPUs
x86/cpufeatures: Add CPUID_8C86_0000_EDX CPUID leaf
x86/cpufeatures: Add CSV3 CPU feature
x86/cpu/hygon: Clear SME feature flag when not in use
deepin_x86_desktop_defconfig: Set CONFIG_HYGON_CSV by default
x86/cpufeatures: Rename X86_FEATURE_SM{3,4} to
X86_FEATURE_HYGON_SM{3,4}
crypto: ccp: Fix compile error on file csv-dev.h
KVM: x86: Support VM_ATTESTATION hypercall
crypto: ccp: Support DOWNLOAD_FIRMWARE when detect CSV
crypto: ccp: Implement CSV_PLATFORM_INIT ioctl command
crypto: ccp: Implement CSV_PLATFORM_SHUTDOWN ioctl command
crypto: ccp: Implement CSV_DOWNLOAD_FIRMWARE ioctl command
crypto: ccp: Fix definition of struct sev_data_send_update_vmsa
KVM: SVM: Add KVM_SEV_SEND_UPDATE_VMSA command
KVM: SVM: Add KVM_SEV_RECEIVE_UPDATE_VMSA command
KVM: x86: Restore control registers in _set_sregs() to support CSV2
guest live migration
KVM: SVM: Export MSR_AMD64_SEV_ES_GHCB to userspace for CSV2 guest
KVM: x86: Introduce control{pre,post}_system_reset ioctl interfaces
KVM: SVM: Add support for rebooting CSV2 guest
KVM: SVM: Force flush caches before reboot CSV guest
deepin_x86_desktop_defconfig: Set CONFIG_CSV_GUEST=m by default
KVM: SVM: CSV: Explicitly enable LBR Virtualization after succeed to
RECEIVE_UPDATE_VMSA
KVM: SVM: Fix the available ASID range for CSV2 guest
x86/csv2: Keep in atomic context when holding ghcb page if the #VC
comes from userspace
x86/head/64: Flush caches for .bss..decrypted section after CR3
switches to early_top_pgt
KVM: SVM: Unmap ghcb pages if they're still mapped when destroy guest
KVM: SVM: Add support for different CSV guests to reuse the same ASID
crypto: ccp: Fix some compile errors on Hygon interfaces
leoliu-oc (4):
x86/mce: Add NMIs setup in machine_check func
x86/mce/zhaoxin: Update mcelog to decode PCIE, ZDI/ZPI and DRAM errors
perf/x86/zhaoxin: fix warning log issue on KH-40000
x86/hpet: Read HPET directly if panic in progress
niuyongwen (3):
arch/x86/kvm: Support psp virtualization
arch/x86/kvm: Support tkm virtualization
drivers/crypto/ccp: memmove is used instead of memcpy in overlapped
memmory for tkm
xiongmengbiao (6):
drivers/crypto/ccp: concurrent psp access support between user and
kernel space
drivers/crypto/ccp: Add psp mutex enable ioctl support
drivers/crypto/ccp: support tkm key isolation
drivers/crypto/ccp: Allow VM without a configured vid to use TKM
drivers/crypto/ccp: Eliminate dependence of the kvm module on the ccp
module
crypto: ccp: fix the sev_do_cmd panic on non-Hygon platforms
yangdepei (5):
crypto: ccp: fix sm2 not return due to wrong complete callback
parameter
crypto: ccp: fix sm2 test failed in testmgr because of missing DER
coding
crypto: ccp: fix bug that SM2 encryption of long data causes kernel
crash
crypto: ccp: remove repeated sm4-hs mode
crypto: ccp: support sm2 on Hygon generation 4th CPU
.../arch/x86/hygon-secure-virtualization.rst | 100 ++
.../devicetree/bindings/net/phytmac.yaml | 36 +
Documentation/virt/coco/csv-guest.rst | 33 +
MAINTAINERS | 5 +
.../configs/deepin_arm64_desktop_defconfig | 2 +
arch/loongarch/OWNERS | 5 +
.../deepin_loongarch_desktop_defconfig | 2 +
arch/mips/OWNERS | 5 +
arch/x86/Kconfig | 25 +
arch/x86/coco/sev/vc-handle.c | 13 +
arch/x86/configs/deepin_x86_desktop_defconfig | 6 +
arch/x86/events/zhaoxin/core.c | 2 +-
arch/x86/events/zhaoxin/uncore.c | 17 +-
arch/x86/events/zhaoxin/uncore.h | 6 +-
arch/x86/include/asm/cpufeature.h | 2 +
arch/x86/include/asm/cpufeatures.h | 8 +-
arch/x86/include/asm/csv.h | 53 +
arch/x86/include/asm/kvm-x86-ops.h | 3 +
arch/x86/include/asm/kvm_host.h | 9 +
arch/x86/include/asm/mce.h | 4 +-
arch/x86/include/asm/mem_encrypt.h | 6 +
arch/x86/include/asm/processor-hygon.h | 23 +
arch/x86/kernel/acpi/apei.c | 14 +-
arch/x86/kernel/cpu/hygon.c | 65 +
arch/x86/kernel/cpu/mce/apei.c | 18 +-
arch/x86/kernel/cpu/mce/core.c | 6 +
arch/x86/kernel/cpu/proc.c | 10 +-
arch/x86/kernel/head64.c | 110 ++
arch/x86/kernel/head_64.S | 10 +
arch/x86/kernel/hpet.c | 6 +
arch/x86/kernel/setup.c | 5 +
arch/x86/kvm/Kconfig | 10 +
arch/x86/kvm/Makefile | 3 +
arch/x86/kvm/svm/csv.c | 1117 ++++++++++++
arch/x86/kvm/svm/csv.h | 150 ++
arch/x86/kvm/svm/sev.c | 211 ++-
arch/x86/kvm/svm/svm.c | 82 +-
arch/x86/kvm/svm/svm.h | 6 +
arch/x86/kvm/vmx/vmx.c | 1 +
arch/x86/kvm/x86.c | 68 +-
arch/x86/mm/Makefile | 2 +
arch/x86/mm/mem_encrypt.c | 8 +
arch/x86/mm/mem_encrypt_hygon.c | 412 +++++
deepin/OWNERS | 26 +
drivers/OWNERS | 5 +
drivers/acpi/apei/apei-base.c | 3 +-
drivers/acpi/apei/ghes.c | 19 +-
drivers/bluetooth/OWNERS | 4 +
drivers/char/tpm/Kconfig | 24 +
drivers/char/tpm/Makefile | 2 +
drivers/char/tpm/tcm_hygon.c | 226 +++
drivers/char/tpm/tpm_hygon.c | 186 ++
drivers/crypto/ccp/Kconfig | 34 +
drivers/crypto/ccp/Makefile | 27 +-
drivers/crypto/ccp/ccp-crypto-main.c | 23 +
drivers/crypto/ccp/ccp-crypto-sm2-hygon.c | 1038 +++++++++++
drivers/crypto/ccp/ccp-crypto-sm3-hygon.c | 489 +++++
drivers/crypto/ccp/ccp-crypto-sm4-hygon.c | 308 ++++
drivers/crypto/ccp/ccp-crypto.h | 105 ++
drivers/crypto/ccp/ccp-dev.h | 44 +
drivers/crypto/ccp/ccp-ops.c | 526 ++++++
drivers/crypto/ccp/ccp_sm2_sign.asn1 | 4 +
drivers/crypto/ccp/hygon/ccp-dev-v5.c | 1236 +++++++++++++
drivers/crypto/ccp/hygon/csv-dev.c | 1191 ++++++++++++
drivers/crypto/ccp/hygon/csv-dev.h | 51 +
drivers/crypto/ccp/hygon/psp-dev.c | 775 ++++++++
drivers/crypto/ccp/hygon/psp-dev.h | 75 +
drivers/crypto/ccp/hygon/ring-buffer.c | 153 ++
drivers/crypto/ccp/hygon/ring-buffer.h | 27 +
drivers/crypto/ccp/hygon/sp-dev.c | 81 +
drivers/crypto/ccp/hygon/sp-dev.h | 50 +
drivers/crypto/ccp/hygon/sp-pci.c | 134 ++
drivers/crypto/ccp/hygon/tdm-dev.c | 1595 +++++++++++++++++
drivers/crypto/ccp/hygon/tdm-dev.h | 504 ++++++
drivers/crypto/ccp/hygon/tdm-kernel-guard.c | 352 ++++
drivers/crypto/ccp/hygon/vpsp.c | 641 +++++++
drivers/crypto/ccp/psp-dev.c | 50 +-
drivers/crypto/ccp/sev-dev.c | 155 +-
drivers/crypto/ccp/sev-dev.h | 5 +
drivers/crypto/ccp/sp-dev.h | 5 +
drivers/crypto/ccp/sp-pci.c | 12 +
drivers/gpu/OWNERS | 5 +
drivers/net/OWNERS | 4 +
.../net/can/phytium/phytium_can_platform.c | 4 +
drivers/spi/Kconfig | 2 +
drivers/virt/Kconfig | 2 +
drivers/virt/coco/Makefile | 1 +
drivers/virt/coco/csv-guest/Kconfig | 12 +
drivers/virt/coco/csv-guest/Makefile | 2 +
drivers/virt/coco/csv-guest/csv-guest.c | 98 +
drivers/virt/coco/csv-guest/csv-guest.h | 42 +
drivers/watchdog/stXISsHW | 0
include/acpi/apei.h | 2 +-
include/linux/ccp.h | 207 +++
include/linux/cma.h | 1 +
include/linux/psp-hygon.h | 435 +++++
include/linux/psp-sev.h | 2 +
include/uapi/linux/kvm.h | 45 +
include/uapi/linux/kvm_para.h | 2 +
include/uapi/linux/psp-hygon.h | 58 +
mm/OWNERS | 4 +
mm/cma.c | 30 +-
mm/cma.h | 2 +-
net/OWNERS | 4 +
security/OWNERS | 4 +
105 files changed, 13752 insertions(+), 80 deletions(-)
create mode 100644 Documentation/arch/x86/hygon-secure-virtualization.rst
create mode 100644 Documentation/devicetree/bindings/net/phytmac.yaml
create mode 100644 Documentation/virt/coco/csv-guest.rst
create mode 100644 arch/loongarch/OWNERS
create mode 100644 arch/mips/OWNERS
create mode 100644 arch/x86/include/asm/csv.h
create mode 100644 arch/x86/include/asm/processor-hygon.h
create mode 100644 arch/x86/kvm/svm/csv.c
create mode 100644 arch/x86/kvm/svm/csv.h
create mode 100644 arch/x86/mm/mem_encrypt_hygon.c
create mode 100644 deepin/OWNERS
create mode 100644 drivers/OWNERS
create mode 100644 drivers/bluetooth/OWNERS
create mode 100644 drivers/char/tpm/tcm_hygon.c
create mode 100644 drivers/char/tpm/tpm_hygon.c
create mode 100644 drivers/crypto/ccp/ccp-crypto-sm2-hygon.c
create mode 100644 drivers/crypto/ccp/ccp-crypto-sm3-hygon.c
create mode 100644 drivers/crypto/ccp/ccp-crypto-sm4-hygon.c
create mode 100644 drivers/crypto/ccp/ccp_sm2_sign.asn1
create mode 100644 drivers/crypto/ccp/hygon/ccp-dev-v5.c
create mode 100644 drivers/crypto/ccp/hygon/csv-dev.c
create mode 100644 drivers/crypto/ccp/hygon/csv-dev.h
create mode 100644 drivers/crypto/ccp/hygon/psp-dev.c
create mode 100644 drivers/crypto/ccp/hygon/psp-dev.h
create mode 100644 drivers/crypto/ccp/hygon/ring-buffer.c
create mode 100644 drivers/crypto/ccp/hygon/ring-buffer.h
create mode 100644 drivers/crypto/ccp/hygon/sp-dev.c
create mode 100644 drivers/crypto/ccp/hygon/sp-dev.h
create mode 100644 drivers/crypto/ccp/hygon/sp-pci.c
create mode 100644 drivers/crypto/ccp/hygon/tdm-dev.c
create mode 100644 drivers/crypto/ccp/hygon/tdm-dev.h
create mode 100644 drivers/crypto/ccp/hygon/tdm-kernel-guard.c
create mode 100644 drivers/crypto/ccp/hygon/vpsp.c
create mode 100644 drivers/gpu/OWNERS
create mode 100644 drivers/net/OWNERS
create mode 100644 drivers/virt/coco/csv-guest/Kconfig
create mode 100644 drivers/virt/coco/csv-guest/Makefile
create mode 100644 drivers/virt/coco/csv-guest/csv-guest.c
create mode 100644 drivers/virt/coco/csv-guest/csv-guest.h
create mode 100644 drivers/watchdog/stXISsHW
create mode 100644 include/linux/psp-hygon.h
create mode 100644 include/uapi/linux/psp-hygon.h
create mode 100644 mm/OWNERS
create mode 100644 net/OWNERS
create mode 100644 security/OWNERS