-
> arch/arm64/Kconfig | 1 +
> arch/arm64/include/asm/kexec.h | 5 +
> 2 files changed, 6 insertions(+)
Reviewed-by: Thiago Jung Bauermann
--
Thiago Jung Bauermann
IBM Linux Technology Center
Ram Pai writes:
> On Wed, Dec 23, 2020 at 09:06:01PM -0300, Thiago Jung Bauermann wrote:
>>
>> Hi Ram,
>>
>> Thanks for reviewing this patch.
>>
>> Ram Pai writes:
>>
>> > On Fri, Dec 18, 2020 at 03:21:03AM -0300, Thiago Jung Bauermann
Lakshmi Ramasubramanian writes:
> On 12/22/20 4:19 PM, Thiago Jung Bauermann wrote:
>> Lakshmi Ramasubramanian writes:
>>
>>> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
>>> index 6ebefec616e4..7c3947ad3773 100644
>>> --
Hi Ram,
Thanks for reviewing this patch.
Ram Pai writes:
> On Fri, Dec 18, 2020 at 03:21:03AM -0300, Thiago Jung Bauermann wrote:
>> On server-class POWER machines, we don't need the SWIOTLB unless we're a
>> secure VM. Nevertheless, if CONFIG_SWIOTLB is e
bramanian
>> > > wrote:
>> > >>
>> > >> On 2/18/21 5:13 PM, Thiago Jung Bauermann wrote:
>> > >>>
>> > >>> Lakshmi Ramasubramanian writes:
>> > >>>
>> > >>
Lakshmi Ramasubramanian writes:
> On 2/19/21 6:25 AM, Thiago Jung Bauermann wrote:
>
> One small nit in the function header (please see below), but otherwise the
> change looks good.
>
> Reviewed-by: Lakshmi Ramasubramanian
Thanks for your review. I incorporated your sugges
space needed by the kdump kernel, and change the function name so that it
better reflects what the function is now doing.
Signed-off-by: Thiago Jung Bauermann
Reviewed-by: Lakshmi Ramasubramanian
---
arch/powerpc/include/asm/kexec.h | 2 +-
arch/powerpc/kexec/elf_64.c | 2 +-
arch/powerp
tion parameters for
> remove_ima_buffer() and arch_ima_add_kexec_buffer().
>
> Co-developed-by: Prakhar Srivastava
> Signed-off-by: Prakhar Srivastava
> Signed-off-by: Lakshmi Ramasubramanian
> Reviewed-by: Mimi Zohar
These warnings showed up when using `make W=1`, and this p
include/linux/kexec.h b/include/linux/kexec.h
> index 9e93bef52968..d0234c4815da 100644
> --- a/include/linux/kexec.h
> +++ b/include/linux/kexec.h
> @@ -407,6 +407,11 @@ static inline int kexec_crash_loaded(void) { return 0; }
> #define kexec_in_progress false
> #endif /* CONFIG_KEXEC_CORE */
>
> +#if defined(CONFIG_OF_FLATTREE)
This would also change to require CONFIG_KEXEC_FILE.
> +extern int delete_fdt_mem_rsv(void *fdt, unsigned long start,
> + unsigned long size);
> +#endif /* CONFIG_OF_FLATTREE */
> +
> #endif /* !defined(__ASSEBMLY__) */
>
> #endif /* LINUX_KEXEC_H */
--
Thiago Jung Bauermann
IBM Linux Technology Center
gt; Co-developed-by: Prakhar Srivastava
> Signed-off-by: Prakhar Srivastava
> Signed-off-by: Lakshmi Ramasubramanian
I'd personally squash this patch with the next one, but I'll leave it
just as a suggestion since maintainers are the ones who know best what
works well in this regar
a
> Signed-off-by: Prakhar Srivastava
> Signed-off-by: Lakshmi Ramasubramanian
Looks good. Thanks!
Reviewed-by: Thiago Jung Bauermann
> ---
> arch/powerpc/kexec/ima.c | 58 +---
> 1 file changed, 7 insertions(+), 51 deletions(-)
>
&
-by: Lakshmi Ramasubramanian
Looks good. Just minor comments below. Nevertheless:
Reviewed-by: Thiago Jung Bauermann
> ---
> arch/powerpc/include/asm/ima.h | 8 ++--
> arch/powerpc/kexec/ima.c | 26 --
> drivers/of/kexec.c | 29 +++
MA_KEXEC is enabled and remove "#ifdef CONFIG_IMA_KEXEC"
> in arch/powerpc/kexec/ima.c.
Nice.
> Co-developed-by: Prakhar Srivastava
> Signed-off-by: Prakhar Srivastava
> Signed-off-by: Lakshmi Ramasubramanian
> Reviewed-by: Mimi Zohar
Reviewed-by: Thiago Jung Bauermann
pc.
>
> Move arch_ima_add_kexec_buffer() to
> security/integrity/ima/ima_kexec.c so that it is accessible for
> other architectures as well.
>
> Signed-off-by: Lakshmi Ramasubramanian
Not sure if the maintainers will agree with me (see below), but FWIW:
Reviewed-by: Thiago Jung Bauermann
>
>
> Update CONFIG_KEXEC_FILE to select CONFIG_HAVE_IMA_KEXEC to indicate
> that the IMA measurement log information is present in the device tree
> for ARM64.
>
> Co-developed-by: Prakhar Srivastava
> Signed-off-by: Prakhar Srivastava
> Signed-off-by: Lakshmi Ramasubramani
e, let's avoid the SWIOTLB in those cases.
Fixes: eae9eec476d1 ("powerpc/pseries/svm: Allocate SWIOTLB buffer anywhere in
memory")
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/mm/mem.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/power
xes: 8fabc623238e ("powerpc: Ensure that swiotlb buffer is allocated from low
memory")
This is because reverting the commit above also solves the problem on the
machines where I've seen this issue.
--
Thiago Jung Bauermann
IBM Linux Technology Center
Konrad Rzeszutek Wilk writes:
> On Fri, Jan 08, 2021 at 09:27:01PM -0300, Thiago Jung Bauermann wrote:
>>
>> Ram Pai writes:
>>
>> > On Wed, Dec 23, 2020 at 09:06:01PM -0300, Thiago Jung Bauermann wrote:
>> >>
>> >> Hi Ram,
>> >
Mike Rapoport writes:
> On Sat, Jan 23, 2021 at 06:09:11PM -0800, Andrew Morton wrote:
>> On Fri, 22 Jan 2021 01:37:14 -0300 Thiago Jung Bauermann
>> wrote:
>>
>> > Mike Rapoport writes:
>> >
>> > > > Signed-off-by: Rom
gest just accepting the leak in this case. Fortunately, the
current implementations of arch_ima_add_kexec_buffer() are very simple
and cannot fail, so this is a theoretical problem.
--
Thiago Jung Bauermann
IBM Linux Technology Center
> Signed-off-by: Lakshmi Ramasubramanian
> Suggested-by: Tyler Hicks
> Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
Good catch.
Reviewed-by: Thiago Jung Bauermann
--
Thiago Jung Bauermann
IBM Linux Technology Center
Lakshmi Ramasubramanian writes:
> On 1/27/21 7:52 PM, Thiago Jung Bauermann wrote:
>> Will Deacon writes:
>>
>>> On Wed, Jan 27, 2021 at 09:59:38AM -0800, Lakshmi Ramasubramanian wrote:
>>>> On 1/27/21 8:52 AM, Will Deacon wrote:
>>>>
>&g
m this suggestion by Rob Herring:
> This could be taken a step further and do the allocation of the new
> FDT. The difference is arm64 uses vmalloc and powerpc uses kmalloc. The
> arm64 version also retries with a bigger allocation. That seems
> unnecessary.
in
https://lore.kernel.org/linux-integrity/20201211221006.1052453-3-r...@kernel.org/
The problem is that this patch implements only part of the suggestion,
which isn't useful in itself. So the patch series should either drop
this patch or consolidate the FDT allocation between the arches.
I just tested on powernv and pseries platforms and powerpc can use
vmalloc for the FDT buffer.
--
Thiago Jung Bauermann
IBM Linux Technology Center
Hello,
Am Freitag, 01 April 2016, 18:28:06 schrieb Thiago Jung Bauermann:
> Am Samstag, 02 April 2016, 03:51:21 schrieb kbuild test robot:
> > >> arch/powerpc/include/asm/ftrace.h:62:5: error: "CONFIG_PPC64" is not
> > >> defined [-Werror=undef]
> >
ftrace_match_adjust(str, search);
> /* use tmp_str and then ignore */
> kfree(str);
If you decide against either of my alternatives for using
arch__compare_symbol_names, I'll change arch_ftrace_match_adjust to work as
you suggested above in the next version of this patch.
> ** Disclaimer **
>
> Note, I just took the red-eye (2 hours of sleep on the plane) and
> waiting for my next flight. My focus may be off in this email.
Ouch. Thanks for having a look at the patch and responding to my ping!
--
[]'s
Thiago Jung Bauermann
IBM Linux Technology Center
Cc: Michael Ellerman
Cc: linuxppc-...@lists.ozlabs.org
Signed-off-by: Thiago Jung Bauermann
---
Notes:
Changes from v1 to v2:
- Use __weak mechanism instead of #ifdef.
- Return modified pointer instead of changing it in the argument.
arch/powerpc/kernel/ftrace.c | 10 ++
Cc: Michael Ellerman
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ftrace.h | 9 +
kernel/trace/ftrace.c | 13 +
2 files changed, 22 insertions(+)
diff --git a/arch/powerpc/include/asm/ftrace.h
b/arch/powerpc/include/asm/ftrace.h
index
cc1: all warnings being treated as errors
I forgot to use defined() in the #if expression. Here’s the fixed version.
--
[]'s
Thiago Jung Bauermann
IBM Linux Technology Center
8< 8< 8< 8<
>From 27660a3b6c4147f9e1811b103cc47a34a53817c1 Mon Sep 17 00:00:
Hello Michael,
Sorry for the delay in responding. We had some internal discussions on
this.
Michael S. Tsirkin writes:
> On Mon, Feb 04, 2019 at 04:14:20PM -0200, Thiago Jung Bauermann wrote:
>>
>> Hello Michael,
>>
>> Michael S. Tsirkin writes:
>>
>&g
el image signed with an
> appended signature and updates the existing test messages
> appropriately.
>
> Reviewed-by: Petr Vorel
> Signed-off-by: Mimi Zohar
Thanks for doing this!
Reviewed-by: Thiago Jung Bauermann
--
Thiago Jung Bauermann
IBM Linux Technology Center
+= vdso/ probes/
> obj-$(CONFIG_COMPAT_VDSO)+= vdso32/
> diff --git a/arch/arm64/kernel/ima_kexec.c b/arch/arm64/kernel/ima_kexec.c
> new file mode 100644
> index 0000..5ae0d776ec42
> --- /dev/null
> +++ b/arch/arm64/kernel/ima_kexec.c
> @@ -0,
uld go in drivers/of/fdt_ima.c?
--
Thiago Jung Bauermann
IBM Linux Technology Center
ecause
> sme_active() is x86 specific and can't be called from
> generic code on other platforms than x86.
>
> Fixes: 2cc13bb4f59f ("iommu: Disable passthrough mode when SME is active")
> Signed-off-by: Joerg Roedel
Thank you!
--
Thiago Jung Bauermann
IBM Linux Technology Center
Michael Ellerman writes:
> On Tue, 2019-08-20 at 02:13:12 UTC, Thiago Jung Bauermann wrote:
>> Introduce CONFIG_PPC_SVM to control support for secure guests and include
>> Ultravisor-related helpers when it is selected
>>
>> Signed-off-by: Thiago Jung Bauermann
>
Michael Ellerman writes:
> Thiago Jung Bauermann writes:
>> Michael Ellerman writes:
>>> Thiago Jung Bauermann writes:
>>>> From: Ryan Grimm
>>>> User space might want to know it's running in a secure VM. It can't do
>>>>
Michael Ellerman writes:
> Thiago Jung Bauermann writes:
>> Michael Ellerman writes:
>>> Thiago Jung Bauermann writes:
>>>> From: Anshuman Khandual
>>>>
>>>> LPPACA structures need to be shared with the host. Hence they need to be i
Hi Michael,
Michael Ellerman writes:
> Thiago Jung Bauermann writes:
>> Michael Ellerman writes:
>>> On Tue, 2019-08-20 at 02:13:12 UTC, Thiago Jung Bauermann wrote:
>>>> Introduce CONFIG_PPC_SVM to control support for secure guests and include
>>>
.
Fixes: 6a9c930bd775 ("powerpc/prom_init: Add the ESM call to prom_init")
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/elf.h | 3 +++
arch/powerpc/kernel/prom_init.c| 11 +++
arch/powerpc/kernel/prom_init_check.sh | 3 ++-
3 files c
Thiago Jung Bauermann writes:
> The ultravisor will do an integrity check of the kernel image but we
> relocated it so the check will fail. Restore the original image by
> relocating it back to the kernel virtual base address.
>
> This works because during build vmlinux is
Thiago Jung Bauermann writes:
> Thiago Jung Bauermann writes:
>
>> The ultravisor will do an integrity check of the kernel image but we
>> relocated it so the check will fail. Restore the original image by
>> relocating it back to the kernel virtual base address.
From: Ram Pai
These functions are used when the guest wants to grant the hypervisor
access to certain pages.
Signed-off-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ultravisor-api.h | 2 ++
arch/powerpc/include/asm/ultravisor.h | 24
e comments. ]
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/boot/main.c | 41 ++
arch/powerpc/boot/ops.h| 2 ++
arch/powerpc/boot/wrapper | 24 +---
arch/powerpc/boot/zImage.lds.S | 8 +++
4 files changed, 72 insert
Helps document what the hard-coded number means.
Also take the opportunity to fix an #endif comment.
Suggested-by: Alexey Kardashevskiy
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/kernel/paca.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/arch
, unsharing
of pages is skipped.
NOTE: While testing crashkernel, make sure at least 256M is reserved for
crashkernel. Otherwise SWIOTLB allocation will fail and crash kernel will
fail to boot.
Signed-off-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ultravisor
|
+---+---+---+---+
| 0 | 1 | 1 | Problem (HV) |
+---+---+---+---+
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Ram Pai
[ cclaudio: Update the commit message ]
Signed-off-by: Claudio Carvalho
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/reg.h
itching to secure mode.
Signed-off-by: Ram Pai
[ andmike: Generate an RTAS os-term hcall when the ESM ucall fails. ]
Signed-off-by: Michael Anderson
[ bauerman: Cleaned up the code a bit. ]
Signed-off-by: Thiago Jung Bauermann
---
.../admin-guide/kernel-parameters.txt | 5 +
arch/power
that reason, the ucall.S file is placed under
arch/powerpc/kernel.
If ultravisor is not enabled, the ucalls will be redirected to the
hypervisor which must handle/fail the call.
Thanks to inputs from Ram Pai and Michael Anderson.
Signed-off-by: Claudio Carvalho
Signed-off-by: Thiago Jung
here.
Introduce helper is_svm_platform() which uses the S bit of the MSR to tell
whether we're running as a secure guest.
Signed-off-by: Anshuman Khandual
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/svm.h | 26
arch/powerpc/kernel/paca.c
and UV_UNSHARE_PAGE
powerpc/pseries/svm: Unshare all pages before kexecing a new kernel
Ryan Grimm (2):
powerpc/pseries/svm: Export guest SVM status to user space via sysfs
powerpc/configs: Enable secure guest support in pseries and ppc64
defconfigs
Sukadev Bhattiprolu (3):
powerpc:
Introduce CONFIG_PPC_SVM to control support for secure guests and include
Ultravisor-related helpers when it is selected
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/asm-prototypes.h | 2 +-
arch/powerpc/kernel/Makefile | 4 +++-
arch/powerpc/platforms
ned-off-by: Ryan Grimm
Signed-off-by: Thiago Jung Bauermann
---
.../ABI/testing/sysfs-devices-system-cpu | 10 ++
arch/powerpc/kernel/sysfs.c | 20 +++
2 files changed, 30 insertions(+)
diff --git a/Documentation/ABI/testing/sysfs-devices-sys
, Ram Pai and Michael Anderson.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/platforms/pseries/smp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/pseries/smp.c
b/arch/powerpc/platforms/pseries/smp.c
o the
ARCH_HAS_MEM_ENCRYPT hooks and call swiotlb_update_mem_attributes() to
convert SWIOTLB's memory pool to shared memory.
Signed-off-by: Anshuman Khandual
[ bauerman: Use ARCH_HAS_MEM_ENCRYPT hooks to share swiotlb memory pool. ]
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/mem_encr
From: Anshuman Khandual
Secure guests need to share the DTL buffers with the hypervisor. To that
end, use a kmem_cache constructor which converts the underlying buddy
allocated SLUB cache pages into shared memory.
Signed-off-by: Anshuman Khandual
Signed-off-by: Thiago Jung Bauermann
---
arch
Secure guest memory is inacessible to devices so regular DMA isn't
possible.
In that case set devices' dma_map_ops to NULL so that the generic
DMA code path will use SWIOTLB to bounce buffers for DMA.
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/platforms/pseries/io
From: Ryan Grimm
Enables running as a secure guest in platforms with an Ultravisor.
Signed-off-by: Ryan Grimm
Signed-off-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/configs/ppc64_defconfig | 1 +
arch/powerpc/configs/pseries_defconfig | 1 +
2 files changed, 2
-by: Claudio Carvalho
Signed-off-by: Thiago Jung Bauermann
---
Documentation/powerpc/ultravisor.rst | 1055 ++
1 file changed, 1055 insertions(+)
diff --git a/Documentation/powerpc/ultravisor.rst
b/Documentation/powerpc/ultravisor.rst
new file mode 100644
index
Michael S. Tsirkin writes:
> On Mon, Jul 15, 2019 at 05:29:06PM -0300, Thiago Jung Bauermann wrote:
>>
>> Michael S. Tsirkin writes:
>>
>> > On Sun, Jul 14, 2019 at 02:51:18AM -0300, Thiago Jung Bauermann wrote:
>> >>
>> >>
>> &g
Michael S. Tsirkin writes:
> On Mon, Jul 15, 2019 at 07:03:03PM -0300, Thiago Jung Bauermann wrote:
>>
>> Michael S. Tsirkin writes:
>>
>> > On Mon, Jul 15, 2019 at 05:29:06PM -0300, Thiago Jung Bauermann wrote:
>> >>
>> >> Michael S.
Thomas Gleixner writes:
> On Fri, 12 Jul 2019, Thiago Jung Bauermann wrote:
>> diff --git a/include/linux/mem_encrypt.h b/include/linux/mem_encrypt.h
>> index b310a9c18113..f2e399fb626b 100644
>> --- a/include/linux/mem_encrypt.h
>> +++ b/include/linux/mem_en
Hello Alexey,
Thanks for your review!
Alexey Kardashevskiy writes:
> On 13/07/2019 16:00, Thiago Jung Bauermann wrote:
>> From: Ram Pai
>>
>> These functions are used when the guest wants to grant the hypervisor
>> access to certain pages.
>>
>> S
: Slightly reworded commit message and added Fixes: tag. ]
Fixes: d7b417fa08d1 ("x86/mm: Add DMA support for SEV memory encryption")
Signed-off-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
kernel/dma/direct.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
Notes:
1
: 6a1cac56f41f ("x86/kvm: Use __bss_decrypted attribute in shared
variables")
Signed-off-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
arch/x86/kernel/kvmclock.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Note: Found by code inspection. I don't have a way to test
Lendacky, Thomas writes:
> On 1/22/19 3:17 PM, Thiago Jung Bauermann wrote:
>> diff --git a/kernel/dma/direct.c b/kernel/dma/direct.c
>> index 355d16acee6d..bc78c37220ba 100644
>> --- a/kernel/dma/direct.c
>> +++ b/kernel/dma/direct.c
>> @@ -166,7 +166,7 @@ vo
lb code is used) can be made in
powerpc-specific code.
Of course, I also have patches (soon to be posted as RFC) which hook up
to the powerpc secure guest support code.
What do you think?
>From d0629a36a75c678b4a72b853f8f7f8c17eedd6b3 Mon Sep 17 00:00:00 2001
From: Thiago Jung Bauermann
Date
Fixing address of powerpc mailing list.
Thiago Jung Bauermann writes:
> Hello,
>
> With Christoph's rework of the DMA API that recently landed, the patch
> below is the only change needed in virtio to make it work in a POWER
> secure guest under the ultravisor.
>
>
5b6e..e4556132cbc4 100644
> --- a/tools/testing/selftests/Makefile
> +++ b/tools/testing/selftests/Makefile
> @@ -47,6 +47,7 @@ TARGETS += sysctl
> ifneq (1, $(quicktest))
> TARGETS += timers
> endif
> +TARGETS += tpm
This should be tpm2, right?
> TARGETS += user
> TARGETS += vm
> TARGETS += x86
--
Thiago Jung Bauermann
IBM Linux Technology Center
Hello Michael,
Michael S. Tsirkin writes:
> On Tue, Jan 29, 2019 at 03:42:44PM -0200, Thiago Jung Bauermann wrote:
>>
>> Fixing address of powerpc mailing list.
>>
>> Thiago Jung Bauermann writes:
>>
>> > Hello,
>> >
>> > With Chris
t;. Is
that it? Therefore it should be set because it's the sane thing to do?
--
Thiago Jung Bauermann
IBM Linux Technology Center
o
> that we don't need all this boilerplate code?
Yes, that's a good idea. Will do.
>> config PPC_SVM
>> bool "Secure virtual machine (SVM) support for POWER"
>> depends on PPC_PSERIES
>> +select SWIOTLB
>> +select ARCH_HAS_MEM_ENCRYPT
>> default n
>
> n is the default default, no need to explictly specify it.
Indeed. Changed for the next version.
--
Thiago Jung Bauermann
IBM Linux Technology Center
l when the ESM ucall fails. ]
Signed-off-by: Michael Anderson
[ Cleaned up the code a bit. ]
Signed-off-by: Thiago Jung Bauermann
---
.../admin-guide/kernel-parameters.txt | 5 +
arch/powerpc/include/asm/ultravisor-api.h | 1 +
arch/powerpc/kernel/prom_init.c
e wrapper
Ram Pai (2):
powerpc/prom_init: Add the ESM call to prom_init
powerpc/pseries/svm: Add helpers for UV_SHARE_PAGE and UV_UNSHARE_PAGE
Ryan Grimm (2):
powerpc/pseries/svm: Export guest SVM status to user space via sysfs
powerpc/configs: Enable secure guest support in pseries and
From: Ram Pai
These functions are used when the guest wants to grant the hypervisor
access to certain pages.
Signed-off-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ultravisor-api.h | 2 ++
arch/powerpc/include/asm/ultravisor.h | 14 ++
2
here.
Introduce helper is_svm_platform() which uses the S bit of the MSR to tell
whether we're running as a secure guest.
Signed-off-by: Anshuman Khandual
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/svm.h | 26
arch/powerpc/kernel/paca.c
Helps document what the hard-coded number means.
Also take the opportunity to fix an #endif comment.
Suggested-by: Alexey Kardashevskiy
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/kernel/paca.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/arch
0.
Signed-off-by: Ryan Grimm
Reviewed-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/kernel/sysfs.c | 29 +
1 file changed, 29 insertions(+)
diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c
index e8e93c2c7d03..8fdab134e9ae 10
Secure guest memory is inacessible to devices so regular DMA isn't
possible.
In that case set devices' dma_map_ops to NULL so that the generic
DMA code path will use SWIOTLB and DMA to bounce buffers.
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/platforms/pseries/iommu.c | 6
From: Ryan Grimm
Enables running as a secure guest in platforms with an Ultravisor.
Signed-off-by: Ryan Grimm
Signed-off-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/configs/ppc64_defconfig | 1 +
arch/powerpc/configs/pseries_defconfig | 1 +
2 files changed, 2
o the
ARCH_HAS_MEM_ENCRYPT hooks and call swiotlb_update_mem_attributes() to
convert SWIOTLB's memory pool to shared memory.
Signed-off-by: Anshuman Khandual
[ Use ARCH_HAS_MEM_ENCRYPT hooks to share swiotlb memory pool. ]
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/mem_encr
, Ram Pai and Michael Anderson.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/platforms/pseries/smp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/pseries/smp.c
b/arch/powerpc/platforms/pseries/smp.c
Introduce CONFIG_PPC_SVM to control support for secure guests and include
Ultravisor-related helpers when it is selected
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ultravisor.h | 2 +-
arch/powerpc/kernel/Makefile | 4 +++-
arch/powerpc/platforms/pseries
nts. ]
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/boot/main.c | 41 ++
arch/powerpc/boot/ops.h| 2 ++
arch/powerpc/boot/wrapper | 24 +---
arch/powerpc/boot/zImage.lds.S | 8 +++
4 files changed, 72 insertions(+),
From: Anshuman Khandual
Secure guests need to share the DTL buffers with the hypervisor. To that
end, use a kmem_cache constructor which converts the underlying buddy
allocated SLUB cache pages into shared memory.
Signed-off-by: Anshuman Khandual
Signed-off-by: Thiago Jung Bauermann
---
arch
Michael Ellerman writes:
> On Wed, 2019-05-22 at 22:01:58 UTC, Thiago Jung Bauermann wrote:
>> Commit b6664ba42f14 ("s390, kexec_file: drop arch_kexec_mem_walk()")
>> changed kexec_add_buffer() to skip searching for a memory location if
>> kexec_buf.mem is alread
powerpc and s390 are going to use this feature as well, so put it in a
generic location.
Signed-off-by: Thiago Jung Bauermann
---
arch/Kconfig | 3 +++
arch/x86/Kconfig | 4 +---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/Kconfig b/arch/Kconfig
index c47b328eada0
tive. Also, other architectures will have different names so
this gets unwieldy quickly.
Signed-off-by: Thiago Jung Bauermann
---
arch/x86/Kconfig | 1 +
arch/x86/include/asm/dma-mapping.h | 7 +++
arch/x86/include/asm/mem_encrypt.h | 10 ++
include/linux/mem
ebug Trace Log (DTL)
powerpc/pseries/svm: Force SWIOTLB for secure guests
Benjamin Herrenschmidt (1):
powerpc: Add support for adding an ESM blob to the zImage wrapper
Ram Pai (3):
powerpc/prom_init: Add the ESM call to prom_init
powerpc/pseries/svm: Add helpers for UV_SHARE_PAGE and UV_UN
Introduce CONFIG_PPC_SVM to control support for secure guests and include
Ultravisor-related helpers when it is selected
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ultravisor.h | 2 +-
arch/powerpc/kernel/Makefile | 4 +++-
arch/powerpc/platforms/pseries
l Anderson
[ bauerman: Cleaned up the code a bit. ]
Signed-off-by: Thiago Jung Bauermann
---
.../admin-guide/kernel-parameters.txt | 5 +
arch/powerpc/include/asm/ultravisor-api.h | 1 +
arch/powerpc/kernel/prom_init.c | 99 +++
3 files changed, 105 insertion
e comments. ]
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/boot/main.c | 41 ++
arch/powerpc/boot/ops.h| 2 ++
arch/powerpc/boot/wrapper | 24 +---
arch/powerpc/boot/zImage.lds.S | 8 +++
4 files changed, 72 insert
From: Ram Pai
These functions are used when the guest wants to grant the hypervisor
access to certain pages.
Signed-off-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ultravisor-api.h | 2 ++
arch/powerpc/include/asm/ultravisor.h | 15 +++
2
here.
Introduce helper is_svm_platform() which uses the S bit of the MSR to tell
whether we're running as a secure guest.
Signed-off-by: Anshuman Khandual
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/svm.h | 26
arch/powerpc/kernel/paca.c
From: Anshuman Khandual
Secure guests need to share the DTL buffers with the hypervisor. To that
end, use a kmem_cache constructor which converts the underlying buddy
allocated SLUB cache pages into shared memory.
Signed-off-by: Anshuman Khandual
Signed-off-by: Thiago Jung Bauermann
---
arch
, unsharing
of pages is skipped.
NOTE: While testing crashkernel, make sure at least 256M is reserved for
crashkernel. Otherwise SWIOTLB allocation will fail and crash kernel will
fail to boot.
Signed-off-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/ultravisor
, Ram Pai and Michael Anderson.
Signed-off-by: Sukadev Bhattiprolu
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/platforms/pseries/smp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/platforms/pseries/smp.c
b/arch/powerpc/platforms/pseries/smp.c
Secure guest memory is inacessible to devices so regular DMA isn't
possible.
In that case set devices' dma_map_ops to NULL so that the generic
DMA code path will use SWIOTLB and DMA to bounce buffers.
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/platforms/pseries/iommu.c | 6
Helps document what the hard-coded number means.
Also take the opportunity to fix an #endif comment.
Suggested-by: Alexey Kardashevskiy
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/kernel/paca.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/arch
0.
Signed-off-by: Ryan Grimm
Reviewed-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/kernel/sysfs.c | 29 +
1 file changed, 29 insertions(+)
diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c
index e2147d7c9e72..f7100ab77d29 10
From: Ryan Grimm
Enables running as a secure guest in platforms with an Ultravisor.
Signed-off-by: Ryan Grimm
Signed-off-by: Ram Pai
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/configs/ppc64_defconfig | 1 +
arch/powerpc/configs/pseries_defconfig | 1 +
2 files changed, 2
o the
ARCH_HAS_MEM_ENCRYPT hooks and call swiotlb_update_mem_attributes() to
convert SWIOTLB's memory pool to shared memory.
Signed-off-by: Anshuman Khandual
[ bauerman: Use ARCH_HAS_MEM_ENCRYPT hooks to share swiotlb memory pool. ]
Signed-off-by: Thiago Jung Bauermann
---
arch/powerpc/include/asm/mem_encr
201 - 300 of 674 matches
Mail list logo