From a1269d243a9bf24335a1402deded6213b8988a83 Mon Sep 17 00:00:00 2001 From: "Herton R. Krzesinski" Date: Tue, 23 Aug 2022 15:39:16 +0000 Subject: [PATCH] kernel-5.14.0-154.el9 * Tue Aug 23 2022 Herton R. Krzesinski [5.14.0-154.el9] - Revert "x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV" (John Allen) [2081424] - virt: sev-guest: Pass the appropriate argument type to iounmap() (John Allen) [2081424] - x86/boot: Fix the setup data types max limit (John Allen) [2081424] - x86/compressed/64: Add identity mappings for setup_data entries (John Allen) [2081424] - x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (John Allen) [2081424] - x86/sev: Mark the code returning to user space as syscall gap (John Allen) [2081424] - x86/sev: Annotate stack change in the #VC handler (John Allen) [2081424] - x86/sev: Remove duplicated assignment to variable info (John Allen) [2081424] - x86/sev: Fix address space sparse warning (John Allen) [2081424] - x86/sev: Get the AP jump table address from secrets page (John Allen) [2081424] - x86/sev: Add missing __init annotations to SEV init routines (John Allen) [2081424] - virt: sevguest: Rename the sevguest dir and files to sev-guest (John Allen) [2081424] - virt: sevguest: Change driver name to reflect generic SEV support (John Allen) [2081424] - x86/boot: Put globals that are accessed early into the .data section (John Allen) [2081424] - virt: sevguest: Fix bool function returning negative value (John Allen) [2081424] - virt: sevguest: Fix return value check in alloc_shared_pages() (John Allen) [2081424] - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (John Allen) [2081424] - x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (John Allen) [2081424] - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (John Allen) [2081424] - virt: sevguest: Add support to get extended report (John Allen) [2081424] - virt: sevguest: Add support to derive key (John Allen) [2081424] - redhat/configs: enable CONFIG_SEV_GUEST (John Allen) [2081424] - virt: Add SEV-SNP guest driver (John Allen) [2081424] - x86/sev: Register SEV-SNP guest request platform device (John Allen) [2081424] - x86/sev: Provide support for SNP guest request NAEs (John Allen) [2081424] - x86/sev: Add a sev= cmdline option (John Allen) [2081424] - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (John Allen) [2081424] - x86/sev: Add SEV-SNP feature detection/setup (John Allen) [2081424] - x86/compressed/64: Add identity mapping for Confidential Computing blob (John Allen) [2081424] - x86/compressed: Export and rename add_identity_map() (John Allen) [2081424] - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (John Allen) [2081424] - x86/compressed: Add SEV-SNP feature detection/setup (John Allen) [2081424] - x86/boot: Add a pointer to Confidential Computing blob in bootparams (John Allen) [2081424] - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (John Allen) [2081424] - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (John Allen) [2081424] - KVM: x86: Move lookup of indexed CPUID leafs to helper (John Allen) [2081424] - x86/boot: Add Confidential Computing type to setup_data (John Allen) [2081424] - x86/compressed/acpi: Move EFI kexec handling into common code (John Allen) [2081424] - x86/compressed/acpi: Move EFI vendor table lookup to helper (John Allen) [2081424] - x86/compressed/acpi: Move EFI config table lookup to helper (John Allen) [2081424] - x86/compressed/acpi: Move EFI system table lookup to helper (John Allen) [2081424] - x86/compressed/acpi: Move EFI detection to helper (John Allen) [2081424] - x86/head/64: Re-enable stack protection (John Allen) [2081424] - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (John Allen) [2081424] - x86/mm: Validate memory when changing the C-bit (John Allen) [2081424] - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (John Allen) [2081424] - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (John Allen) [2081424] - x86/sev: Add helper for validating pages in early enc attribute changes (John Allen) [2081424] - x86/sev: Register GHCB memory when SEV-SNP is active (John Allen) [2081424] - x86/compressed: Register GHCB memory when SEV-SNP is active (John Allen) [2081424] - x86/compressed: Add helper for validating pages in the decompression stage (John Allen) [2081424] - x86/sev: Check the VMPL level (John Allen) [2081424] - x86/sev: Add a helper for the PVALIDATE instruction (John Allen) [2081424] - x86/sev: Check SEV-SNP features support (John Allen) [2081424] - x86/sev: Save the negotiated GHCB version (John Allen) [2081424] - x86/sev: Define the Linux-specific guest termination reasons (John Allen) [2081424] - x86/mm: Extend cc_attr to include AMD SEV-SNP (John Allen) [2081424] - x86/sev: Detect/setup SEV/SME features earlier in boot (John Allen) [2081424] - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (John Allen) [2081424] - x86/boot: Use MSR read/write helpers instead of inline assembly (John Allen) [2081424] - x86/boot: Introduce helpers for MSR reads/writes (John Allen) [2081424] - KVM: SVM: Update the SEV-ES save area mapping (John Allen) [2081424] - KVM: SVM: Create a separate mapping for the GHCB save area (John Allen) [2081424] - KVM: SVM: Create a separate mapping for the SEV-ES save area (John Allen) [2081424] - KVM: SVM: Define sev_features and vmpl field in the VMSA (John Allen) [2081424] - x86/mm/cpa: Generalize __set_memory_enc_pgtable() (John Allen) [2081424] - x86/coco: Add API to handle encryption mask (John Allen) [2081424] - x86/cc: Move arch/x86/{kernel/cc_platform.c => coco/core.c} (John Allen) [2081424] - x86/sev: Move common memory encryption code to mem_encrypt.c (John Allen) [2081424] - x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c (John Allen) [2081424] - x86/sev: Remove do_early_exception() forward declarations (John Allen) [2081424] - x86/head64: Carve out the guest encryption postprocessing into a helper (John Allen) [2081424] - x86/sev: Get rid of excessive use of defines (John Allen) [2081424] - x86/sev: Shorten GHCB terminate macro names (John Allen) [2081424] - x86/sev: Make the #VC exception stacks part of the default stacks storage (John Allen) [2081424] - tools headers UAPI: Synch KVM's svm.h header with the kernel (John Allen) [2081424] Resolves: rhbz#2081424 Signed-off-by: Herton R. Krzesinski --- Makefile.rhelver | 2 +- kernel-x86_64-debug-rhel.config | 1 + kernel-x86_64-rhel.config | 1 + kernel.spec | 88 +++++++++++++++++++++++++++++++-- sources | 6 +-- 5 files changed, 89 insertions(+), 9 deletions(-) diff --git a/Makefile.rhelver b/Makefile.rhelver index d1b4bfd..9ad990c 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 1 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 153 +RHEL_RELEASE = 154 # # ZSTREAM diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config index a102a49..3347b1c 100644 --- a/kernel-x86_64-debug-rhel.config +++ b/kernel-x86_64-debug-rhel.config @@ -4848,6 +4848,7 @@ CONFIG_SERIO_LIBPS2=y CONFIG_SERIO_RAW=m CONFIG_SERIO_SERPORT=m CONFIG_SERIO=y +CONFIG_SEV_GUEST=m # CONFIG_SFC_FALCON is not set CONFIG_SFC=m CONFIG_SFC_MCDI_LOGGING=y diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config index b355375..0768fec 100644 --- a/kernel-x86_64-rhel.config +++ b/kernel-x86_64-rhel.config @@ -4827,6 +4827,7 @@ CONFIG_SERIO_LIBPS2=y CONFIG_SERIO_RAW=m CONFIG_SERIO_SERPORT=m CONFIG_SERIO=y +CONFIG_SEV_GUEST=m # CONFIG_SFC_FALCON is not set CONFIG_SFC=m CONFIG_SFC_MCDI_LOGGING=y diff --git a/kernel.spec b/kernel.spec index bdcb4e3..bf48bb4 100755 --- a/kernel.spec +++ b/kernel.spec @@ -121,13 +121,13 @@ Summary: The Linux kernel %define kversion 5.14 %define rpmversion 5.14.0 -%define pkgrelease 153.el9 +%define pkgrelease 154.el9 # This is needed to do merge window version magic %define patchlevel 14 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 153%{?buildid}%{?dist} +%define specrelease 154%{?buildid}%{?dist} %define pkg_release %{specrelease} @@ -679,7 +679,7 @@ BuildRequires: lld # exact git commit you can run # # xzcat -qq ${TARBALL} | git get-tar-commit-id -Source0: linux-5.14.0-153.el9.tar.xz +Source0: linux-5.14.0-154.el9.tar.xz Source1: Makefile.rhelver @@ -1351,8 +1351,8 @@ ApplyOptionalPatch() fi } -%setup -q -n kernel-5.14.0-153.el9 -c -mv linux-5.14.0-153.el9 linux-%{KVERREL} +%setup -q -n kernel-5.14.0-154.el9 -c +mv linux-5.14.0-154.el9 linux-%{KVERREL} cd linux-%{KVERREL} cp -a %{SOURCE1} . @@ -3018,6 +3018,84 @@ fi # # %changelog +* Tue Aug 23 2022 Herton R. Krzesinski [5.14.0-154.el9] +- Revert "x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV" (John Allen) [2081424] +- virt: sev-guest: Pass the appropriate argument type to iounmap() (John Allen) [2081424] +- x86/boot: Fix the setup data types max limit (John Allen) [2081424] +- x86/compressed/64: Add identity mappings for setup_data entries (John Allen) [2081424] +- x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (John Allen) [2081424] +- x86/sev: Mark the code returning to user space as syscall gap (John Allen) [2081424] +- x86/sev: Annotate stack change in the #VC handler (John Allen) [2081424] +- x86/sev: Remove duplicated assignment to variable info (John Allen) [2081424] +- x86/sev: Fix address space sparse warning (John Allen) [2081424] +- x86/sev: Get the AP jump table address from secrets page (John Allen) [2081424] +- x86/sev: Add missing __init annotations to SEV init routines (John Allen) [2081424] +- virt: sevguest: Rename the sevguest dir and files to sev-guest (John Allen) [2081424] +- virt: sevguest: Change driver name to reflect generic SEV support (John Allen) [2081424] +- x86/boot: Put globals that are accessed early into the .data section (John Allen) [2081424] +- virt: sevguest: Fix bool function returning negative value (John Allen) [2081424] +- virt: sevguest: Fix return value check in alloc_shared_pages() (John Allen) [2081424] +- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (John Allen) [2081424] +- x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (John Allen) [2081424] +- virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (John Allen) [2081424] +- virt: sevguest: Add support to get extended report (John Allen) [2081424] +- virt: sevguest: Add support to derive key (John Allen) [2081424] +- redhat/configs: enable CONFIG_SEV_GUEST (John Allen) [2081424] +- virt: Add SEV-SNP guest driver (John Allen) [2081424] +- x86/sev: Register SEV-SNP guest request platform device (John Allen) [2081424] +- x86/sev: Provide support for SNP guest request NAEs (John Allen) [2081424] +- x86/sev: Add a sev= cmdline option (John Allen) [2081424] +- x86/sev: Use firmware-validated CPUID for SEV-SNP guests (John Allen) [2081424] +- x86/sev: Add SEV-SNP feature detection/setup (John Allen) [2081424] +- x86/compressed/64: Add identity mapping for Confidential Computing blob (John Allen) [2081424] +- x86/compressed: Export and rename add_identity_map() (John Allen) [2081424] +- x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (John Allen) [2081424] +- x86/compressed: Add SEV-SNP feature detection/setup (John Allen) [2081424] +- x86/boot: Add a pointer to Confidential Computing blob in bootparams (John Allen) [2081424] +- x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (John Allen) [2081424] +- x86/sev: Move MSR-based VMGEXITs for CPUID to helper (John Allen) [2081424] +- KVM: x86: Move lookup of indexed CPUID leafs to helper (John Allen) [2081424] +- x86/boot: Add Confidential Computing type to setup_data (John Allen) [2081424] +- x86/compressed/acpi: Move EFI kexec handling into common code (John Allen) [2081424] +- x86/compressed/acpi: Move EFI vendor table lookup to helper (John Allen) [2081424] +- x86/compressed/acpi: Move EFI config table lookup to helper (John Allen) [2081424] +- x86/compressed/acpi: Move EFI system table lookup to helper (John Allen) [2081424] +- x86/compressed/acpi: Move EFI detection to helper (John Allen) [2081424] +- x86/head/64: Re-enable stack protection (John Allen) [2081424] +- x86/sev: Use SEV-SNP AP creation to start secondary CPUs (John Allen) [2081424] +- x86/mm: Validate memory when changing the C-bit (John Allen) [2081424] +- x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (John Allen) [2081424] +- x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (John Allen) [2081424] +- x86/sev: Add helper for validating pages in early enc attribute changes (John Allen) [2081424] +- x86/sev: Register GHCB memory when SEV-SNP is active (John Allen) [2081424] +- x86/compressed: Register GHCB memory when SEV-SNP is active (John Allen) [2081424] +- x86/compressed: Add helper for validating pages in the decompression stage (John Allen) [2081424] +- x86/sev: Check the VMPL level (John Allen) [2081424] +- x86/sev: Add a helper for the PVALIDATE instruction (John Allen) [2081424] +- x86/sev: Check SEV-SNP features support (John Allen) [2081424] +- x86/sev: Save the negotiated GHCB version (John Allen) [2081424] +- x86/sev: Define the Linux-specific guest termination reasons (John Allen) [2081424] +- x86/mm: Extend cc_attr to include AMD SEV-SNP (John Allen) [2081424] +- x86/sev: Detect/setup SEV/SME features earlier in boot (John Allen) [2081424] +- x86/compressed/64: Detect/setup SEV/SME features earlier during boot (John Allen) [2081424] +- x86/boot: Use MSR read/write helpers instead of inline assembly (John Allen) [2081424] +- x86/boot: Introduce helpers for MSR reads/writes (John Allen) [2081424] +- KVM: SVM: Update the SEV-ES save area mapping (John Allen) [2081424] +- KVM: SVM: Create a separate mapping for the GHCB save area (John Allen) [2081424] +- KVM: SVM: Create a separate mapping for the SEV-ES save area (John Allen) [2081424] +- KVM: SVM: Define sev_features and vmpl field in the VMSA (John Allen) [2081424] +- x86/mm/cpa: Generalize __set_memory_enc_pgtable() (John Allen) [2081424] +- x86/coco: Add API to handle encryption mask (John Allen) [2081424] +- x86/cc: Move arch/x86/{kernel/cc_platform.c => coco/core.c} (John Allen) [2081424] +- x86/sev: Move common memory encryption code to mem_encrypt.c (John Allen) [2081424] +- x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c (John Allen) [2081424] +- x86/sev: Remove do_early_exception() forward declarations (John Allen) [2081424] +- x86/head64: Carve out the guest encryption postprocessing into a helper (John Allen) [2081424] +- x86/sev: Get rid of excessive use of defines (John Allen) [2081424] +- x86/sev: Shorten GHCB terminate macro names (John Allen) [2081424] +- x86/sev: Make the #VC exception stacks part of the default stacks storage (John Allen) [2081424] +- tools headers UAPI: Synch KVM's svm.h header with the kernel (John Allen) [2081424] + * Tue Aug 23 2022 Herton R. Krzesinski [5.14.0-153.el9] - selftests: netfilter: add test case for nf trace infrastructure (Florian Westphal) [2112751] - netfilter: nf_tables: fix crash when nf_trace is enabled (Florian Westphal) [2112751] diff --git a/sources b/sources index c022aee..ece3c7a 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-5.14.0-153.el9.tar.xz) = bf7ea912d750902d4fe3abbfe117f12d167e290e2c4e582be8edda6fb3a991a2c8424e119c1a2cc2285e2878bde85631fd96c0d52ec29ea4c70e3f23b9a5cfc0 -SHA512 (kernel-abi-stablelists-5.14.0-153.el9.tar.bz2) = 42a4626c09dadf1e572f3955afba0e19913deea6a5c4204e75191c69b179a0ffea8c825aa52960f39abe13681d8633af4757f48b924a1b3902950323ee876301 -SHA512 (kernel-kabi-dw-5.14.0-153.el9.tar.bz2) = d17de1badc8a73b1620baf27ed7eb6ef24961974d40f09f944c586251b93dede3569e9c9b70ec05c8e714b05289f6b1c27618c73ef5f7e94db30f12ef987a339 +SHA512 (linux-5.14.0-154.el9.tar.xz) = 6e61f5fa250196df162e8ccf5d60347b0c71f96ea051eccdad36d510b1c00b8a555da546a37dc6845ba1971d92f076fc0db1ebdab5f89f0527db443c50a455ca +SHA512 (kernel-abi-stablelists-5.14.0-154.el9.tar.bz2) = e944eca08b8e1fee3122aa14df5559e49ee9910700fafa829303b21dcc3f279264d7c8224aef9fc4b98d42c0ec4a153b543638a382f18198074ba8daa57f2d3e +SHA512 (kernel-kabi-dw-5.14.0-154.el9.tar.bz2) = 9ab07294b81e0fa4977f7f66f975108274716ea2ce13cd51bfd77a879fabd4f696e51bb2593abd2a029d05ae609123f94ac2a73f2b268e164ac2100d19df69c0