x86, intel_txt: clean up the impact on generic code, unbreak non-x86
Move tboot.h from asm to linux to fix the build errors of intel_txt
patch on non-X86 platforms. Remove the tboot code from generic code
init/main.c and kernel/cpu.c.
Signed-off-by: Shane Wang <shane.wang@intel.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 738bdc6..b66f210 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -178,6 +178,10 @@
config ARCH_SUPPORTS_DEBUG_PAGEALLOC
def_bool y
+config HAVE_INTEL_TXT
+ def_bool y
+ depends on EXPERIMENTAL && DMAR && ACPI
+
# Use the generic interrupt handling code in kernel/irq/:
config GENERIC_HARDIRQS
bool
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
index 9de01c5..18ce5c0 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -3,6 +3,7 @@
#include <linux/init.h>
#include <linux/pm.h>
#include <linux/efi.h>
+#include <linux/tboot.h>
#include <acpi/reboot.h>
#include <asm/io.h>
#include <asm/apic.h>
@@ -24,8 +25,6 @@
# include <asm/iommu.h>
#endif
-#include <asm/tboot.h>
-
/*
* Power off function, if any
*/
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 80d6e9e..6ce0d6f 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -66,6 +66,7 @@
#include <linux/percpu.h>
#include <linux/crash_dump.h>
+#include <linux/tboot.h>
#include <video/edid.h>
@@ -145,8 +146,6 @@
struct boot_params boot_params;
#endif
-#include <asm/tboot.h>
-
/*
* Machine setup..
*/
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 61cc408..7d9d8ee 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -47,6 +47,7 @@
#include <linux/bootmem.h>
#include <linux/err.h>
#include <linux/nmi.h>
+#include <linux/tboot.h>
#include <asm/acpi.h>
#include <asm/desc.h>
@@ -62,7 +63,6 @@
#include <asm/vmi.h>
#include <asm/apic.h>
#include <asm/setup.h>
-#include <asm/tboot.h>
#include <asm/uv/uv.h>
#include <linux/mc146818rtc.h>
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
index c2e760c..86c9f91 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
@@ -22,11 +22,14 @@
#include <linux/dma_remapping.h>
#include <linux/init_task.h>
#include <linux/spinlock.h>
+#include <linux/delay.h>
#include <linux/sched.h>
#include <linux/init.h>
#include <linux/dmar.h>
+#include <linux/cpu.h>
#include <linux/pfn.h>
#include <linux/mm.h>
+#include <linux/tboot.h>
#include <asm/trampoline.h>
#include <asm/processor.h>
@@ -36,7 +39,6 @@
#include <asm/fixmap.h>
#include <asm/proto.h>
#include <asm/setup.h>
-#include <asm/tboot.h>
#include <asm/e820.h>
#include <asm/io.h>
@@ -154,13 +156,10 @@
return 0;
}
-void tboot_create_trampoline(void)
+static void tboot_create_trampoline(void)
{
u32 map_base, map_size;
- if (!tboot_enabled())
- return;
-
/* Create identity map for tboot shutdown code. */
map_base = PFN_DOWN(tboot->tboot_base);
map_size = PFN_UP(tboot->tboot_size);
@@ -295,21 +294,58 @@
tboot_shutdown(acpi_shutdown_map[sleep_state]);
}
-int tboot_wait_for_aps(int num_aps)
+static atomic_t ap_wfs_count;
+
+static int tboot_wait_for_aps(int num_aps)
{
unsigned long timeout;
+ timeout = AP_WAIT_TIMEOUT*HZ;
+ while (atomic_read((atomic_t *)&tboot->num_in_wfs) != num_aps &&
+ timeout) {
+ mdelay(1);
+ timeout--;
+ }
+
+ if (timeout)
+ pr_warning("tboot wait for APs timeout\n");
+
+ return !(atomic_read((atomic_t *)&tboot->num_in_wfs) == num_aps);
+}
+
+static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb,
+ unsigned long action, void *hcpu)
+{
+ switch (action) {
+ case CPU_DYING:
+ atomic_inc(&ap_wfs_count);
+ if (num_online_cpus() == 1)
+ if (tboot_wait_for_aps(atomic_read(&ap_wfs_count)))
+ return NOTIFY_BAD;
+ break;
+ }
+ return NOTIFY_OK;
+}
+
+static struct notifier_block tboot_cpu_notifier __cpuinitdata =
+{
+ .notifier_call = tboot_cpu_callback,
+};
+
+static __init int tboot_late_init(void)
+{
if (!tboot_enabled())
return 0;
- timeout = jiffies + AP_WAIT_TIMEOUT*HZ;
- while (atomic_read((atomic_t *)&tboot->num_in_wfs) != num_aps &&
- time_before(jiffies, timeout))
- cpu_relax();
+ tboot_create_trampoline();
- return time_before(jiffies, timeout) ? 0 : 1;
+ atomic_set(&ap_wfs_count, 0);
+ register_hotcpu_notifier(&tboot_cpu_notifier);
+ return 0;
}
+late_initcall(tboot_late_init);
+
/*
* TXT configuration registers (offsets from TXT_{PUB, PRIV}_CONFIG_REGS_BASE)
*/
diff --git a/drivers/acpi/acpica/hwsleep.c b/drivers/acpi/acpica/hwsleep.c
index 8c01dd3..cc22f9a 100644
--- a/drivers/acpi/acpica/hwsleep.c
+++ b/drivers/acpi/acpica/hwsleep.c
@@ -45,7 +45,7 @@
#include <acpi/acpi.h>
#include "accommon.h"
#include "actables.h"
-#include <asm/tboot.h>
+#include <linux/tboot.h>
#define _COMPONENT ACPI_HARDWARE
ACPI_MODULE_NAME("hwsleep")
diff --git a/drivers/pci/dmar.c b/drivers/pci/dmar.c
index 0cbc5fd..ab99783 100644
--- a/drivers/pci/dmar.c
+++ b/drivers/pci/dmar.c
@@ -33,7 +33,7 @@
#include <linux/timer.h>
#include <linux/irq.h>
#include <linux/interrupt.h>
-#include <asm/tboot.h>
+#include <linux/tboot.h>
#undef PREFIX
#define PREFIX "DMAR:"
diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c
index 2dc72a6..833509b 100644
--- a/drivers/pci/intel-iommu.c
+++ b/drivers/pci/intel-iommu.c
@@ -37,8 +37,8 @@
#include <linux/iommu.h>
#include <linux/intel-iommu.h>
#include <linux/sysdev.h>
+#include <linux/tboot.h>
#include <asm/cacheflush.h>
-#include <asm/tboot.h>
#include <asm/iommu.h>
#include "pci.h"
diff --git a/arch/x86/include/asm/tboot.h b/include/linux/tboot.h
similarity index 83%
rename from arch/x86/include/asm/tboot.h
rename to include/linux/tboot.h
index b13929d..bf2a0c7 100644
--- a/arch/x86/include/asm/tboot.h
+++ b/include/linux/tboot.h
@@ -20,10 +20,8 @@
*
*/
-#ifndef _ASM_TBOOT_H
-#define _ASM_TBOOT_H
-
-#include <acpi/acpi.h>
+#ifndef _LINUX_TBOOT_H
+#define _LINUX_TBOOT_H
/* these must have the values from 0-5 in this order */
enum {
@@ -36,7 +34,7 @@
};
#ifdef CONFIG_INTEL_TXT
-
+#include <acpi/acpi.h>
/* used to communicate between tboot and the launched kernel */
#define TB_KEY_SIZE 64 /* 512 bits */
@@ -144,54 +142,21 @@
}
extern void tboot_probe(void);
-extern void tboot_create_trampoline(void);
extern void tboot_shutdown(u32 shutdown_type);
extern void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control);
-extern int tboot_wait_for_aps(int num_aps);
extern struct acpi_table_header *tboot_get_dmar_table(
struct acpi_table_header *dmar_tbl);
extern int tboot_force_iommu(void);
-#else /* CONFIG_INTEL_TXT */
+#else
-static inline int tboot_enabled(void)
-{
- return 0;
-}
-
-static inline void tboot_probe(void)
-{
-}
-
-static inline void tboot_create_trampoline(void)
-{
-}
-
-static inline void tboot_shutdown(u32 shutdown_type)
-{
-}
-
-static inline void tboot_sleep(u8 sleep_state, u32 pm1a_control,
- u32 pm1b_control)
-{
-}
-
-static inline int tboot_wait_for_aps(int num_aps)
-{
- return 0;
-}
-
-static inline struct acpi_table_header *tboot_get_dmar_table(
- struct acpi_table_header *dmar_tbl)
-{
- return dmar_tbl;
-}
-
-static inline int tboot_force_iommu(void)
-{
- return 0;
-}
+#define tboot_probe() do { } while (0)
+#define tboot_shutdown(shutdown_type) do { } while (0)
+#define tboot_sleep(sleep_state, pm1a_control, pm1b_control) \
+ do { } while (0)
+#define tboot_get_dmar_table(dmar_tbl) (dmar_tbl)
+#define tboot_force_iommu() 0
#endif /* !CONFIG_INTEL_TXT */
-#endif /* _ASM_TBOOT_H */
+#endif /* _LINUX_TBOOT_H */
diff --git a/init/main.c b/init/main.c
index 56ada27c4..2c5ade79 100644
--- a/init/main.c
+++ b/init/main.c
@@ -73,7 +73,6 @@
#include <asm/io.h>
#include <asm/bugs.h>
#include <asm/setup.h>
-#include <asm/tboot.h>
#include <asm/sections.h>
#include <asm/cacheflush.h>
@@ -716,8 +715,6 @@
ftrace_init();
- tboot_create_trampoline();
-
/* Do the rest non-__init'ed, we're now alive */
rest_init();
}
diff --git a/kernel/cpu.c b/kernel/cpu.c
index ff071e0..67a6007 100644
--- a/kernel/cpu.c
+++ b/kernel/cpu.c
@@ -14,7 +14,6 @@
#include <linux/kthread.h>
#include <linux/stop_machine.h>
#include <linux/mutex.h>
-#include <asm/tboot.h>
#ifdef CONFIG_SMP
/* Serializes the updates to cpu_online_mask, cpu_present_mask */
@@ -377,7 +376,7 @@
int disable_nonboot_cpus(void)
{
- int cpu, first_cpu, error, num_cpus = 0;
+ int cpu, first_cpu, error;
error = stop_machine_create();
if (error)
@@ -392,7 +391,6 @@
for_each_online_cpu(cpu) {
if (cpu == first_cpu)
continue;
- num_cpus++;
error = _cpu_down(cpu, 1);
if (!error) {
cpumask_set_cpu(cpu, frozen_cpus);
@@ -403,8 +401,6 @@
break;
}
}
- /* ensure all CPUs have gone into wait-for-SIPI */
- error |= tboot_wait_for_aps(num_cpus);
if (!error) {
BUG_ON(num_online_cpus() > 1);
diff --git a/security/Kconfig b/security/Kconfig
index 6631774..5721847 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -115,7 +115,7 @@
config INTEL_TXT
bool "Enable Intel(R) Trusted Execution Technology (Intel(R) TXT)"
- depends on EXPERIMENTAL && X86 && DMAR && ACPI
+ depends on HAVE_INTEL_TXT
help
This option enables support for booting the kernel with the
Trusted Boot (tboot) module. This will utilize