linux-next: manual merge of the kvm tree with Linus' tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

Today's linux-next merge of the kvm tree got a conflict in:

  Documentation/virtual/kvm/api.txt

between commit:

  3214d01f139b ("KVM: PPC: Book3S: Provide information about hardware/firmware CVE workarounds")

from Linus' tree and commit:

  5acc5c063196 ("KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl")

from the kvm tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc Documentation/virtual/kvm/api.txt
index fc3ae951bc07,e5f1743e0b3e..000000000000
--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@@ -3403,52 -3403,56 +3403,102 @@@ invalid, if invalid pages are written t
  or if no page table is present for the addresses (e.g. when using
  hugepages).
  
 +4.108 KVM_PPC_GET_CPU_CHAR
 +
 +Capability: KVM_CAP_PPC_GET_CPU_CHAR
 +Architectures: powerpc
 +Type: vm ioctl
 +Parameters: struct kvm_ppc_cpu_char (out)
 +Returns: 0 on successful completion
 +	 -EFAULT if struct kvm_ppc_cpu_char cannot be written
 +
 +This ioctl gives userspace information about certain characteristics
 +of the CPU relating to speculative execution of instructions and
 +possible information leakage resulting from speculative execution (see
 +CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754).  The information is
 +returned in struct kvm_ppc_cpu_char, which looks like this:
 +
 +struct kvm_ppc_cpu_char {
 +	__u64	character;		/* characteristics of the CPU */
 +	__u64	behaviour;		/* recommended software behaviour */
 +	__u64	character_mask;		/* valid bits in character */
 +	__u64	behaviour_mask;		/* valid bits in behaviour */
 +};
 +
 +For extensibility, the character_mask and behaviour_mask fields
 +indicate which bits of character and behaviour have been filled in by
 +the kernel.  If the set of defined bits is extended in future then
 +userspace will be able to tell whether it is running on a kernel that
 +knows about the new bits.
 +
 +The character field describes attributes of the CPU which can help
 +with preventing inadvertent information disclosure - specifically,
 +whether there is an instruction to flash-invalidate the L1 data cache
 +(ori 30,30,0 or mtspr SPRN_TRIG2,rN), whether the L1 data cache is set
 +to a mode where entries can only be used by the thread that created
 +them, whether the bcctr[l] instruction prevents speculation, and
 +whether a speculation barrier instruction (ori 31,31,0) is provided.
 +
 +The behaviour field describes actions that software should take to
 +prevent inadvertent information disclosure, and thus describes which
 +vulnerabilities the hardware is subject to; specifically whether the
 +L1 data cache should be flushed when returning to user mode from the
 +kernel, and whether a speculation barrier should be placed between an
 +array bounds check and the array access.
 +
 +These fields use the same bit definitions as the new
 +H_GET_CPU_CHARACTERISTICS hypercall.
 +
+ 4.109 KVM_MEMORY_ENCRYPT_OP
+ 
+ Capability: basic
+ Architectures: x86
+ Type: system
+ Parameters: an opaque platform specific structure (in/out)
+ Returns: 0 on success; -1 on error
+ 
+ If the platform supports creating encrypted VMs then this ioctl can be used
+ for issuing platform-specific memory encryption commands to manage those
+ encrypted VMs.
+ 
+ Currently, this ioctl is used for issuing Secure Encrypted Virtualization
+ (SEV) commands on AMD Processors. The SEV commands are defined in
+ Documentation/virtual/kvm/amd-memory-encryption.txt.
+ 
+ 4.110 KVM_MEMORY_ENCRYPT_REG_REGION
+ 
+ Capability: basic
+ Architectures: x86
+ Type: system
+ Parameters: struct kvm_enc_region (in)
+ Returns: 0 on success; -1 on error
+ 
+ This ioctl can be used to register a guest memory region which may
+ contain encrypted data (e.g. guest RAM, SMRAM etc).
+ 
+ It is used in the SEV-enabled guest. When encryption is enabled, a guest
+ memory region may contain encrypted data. The SEV memory encryption
+ engine uses a tweak such that two identical plaintext pages, each at
+ different locations will have differing ciphertexts. So swapping or
+ moving ciphertext of those pages will not result in plaintext being
+ swapped. So relocating (or migrating) physical backing pages for the SEV
+ guest will require some additional steps.
+ 
+ Note: The current SEV key management spec does not provide commands to
+ swap or migrate (move) ciphertext pages. Hence, for now we pin the guest
+ memory region registered with the ioctl.
+ 
+ 4.111 KVM_MEMORY_ENCRYPT_UNREG_REGION
+ 
+ Capability: basic
+ Architectures: x86
+ Type: system
+ Parameters: struct kvm_enc_region (in)
+ Returns: 0 on success; -1 on error
+ 
+ This ioctl can be used to unregister the guest memory region registered
+ with KVM_MEMORY_ENCRYPT_REG_REGION ioctl above.
+ 
  5. The kvm_run structure
  ------------------------
  



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux