Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753286AbcKSSsl (ORCPT ); Sat, 19 Nov 2016 13:48:41 -0500 Received: from mail-by2nam01on0083.outbound.protection.outlook.com ([104.47.34.83]:53808 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752414AbcKSSsh (ORCPT ); Sat, 19 Nov 2016 13:48:37 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [RFC PATCH v3 11/20] x86: Add support for changing memory encryption attribute To: Borislav Petkov References: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net> <20161110003655.3280.57333.stgit@tlendack-t1.amdoffice.net> <20161117173945.gnar3arpyeeh5xm2@pd.tnic> CC: , , , , , , , , , Rik van Riel , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Larry Woodman , Ingo Molnar , Andy Lutomirski , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , Thomas Gleixner , Dmitry Vyukov From: Tom Lendacky Message-ID: <6f1a16e4-5a84-20c0-4bd3-3be5ed933800@amd.com> Date: Sat, 19 Nov 2016 12:48:27 -0600 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20161117173945.gnar3arpyeeh5xm2@pd.tnic> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BLUPR0301CA0039.namprd03.prod.outlook.com (10.162.113.177) To CY4PR12MB1144.namprd12.prod.outlook.com (10.168.164.136) X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;2:sDfd8wDY6n8Gh5BD4HFN3duZiu2AIQnjex+fBp8+OngUpSU7YoGKWVYIvlFGs2wfitFriaI55LgpNktX09GZCDYnQoL7tAyvHtF6lo7KzrB0O7GrTgdEW5LsOuqlgAB4QY4nvMSIc8Pi3/GEP90FOlIfqwZKmmlhgTllYz0xpvw=;3:pNZCyH9zS4lj0xThTT/lNv05GZvep2JN9pdX15k8lKU0CFzX/Se5mvJYHC+PaJAvAtHNKDFuMInRO26Ci1XPNKYlhcNCTrnsPzazux4BF5S+RaNeUiq1LjBrLR9I/MdJmpqXgmOUQst+eAg+/TzIeHZLu8AT+BnE6q877NlWKbw= X-MS-Office365-Filtering-Correlation-Id: 6ea13e9b-1542-4ffb-e88c-08d410acaa9f X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY4PR12MB1144; X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;25:SZCYLGshFe6/up5D2FNp80trBa//nsu64aWT9P+0Eqs4Jh4hXR0GQ5hNaXc3ccnxYmbmrziVxIBLXktuQ+foNxnvFwJM2wRjFkp8wenS2w3hwgn1bVYB10GuM0J67Hdm3EL/XgtM6oL4voTD0v0cdPfVueysxNJ3drmroZOrky3A+H1F014UpfdHQIssXFEqvZYNqiyZbo4yzRHZ5ps9ZGhKwpgg0hKiP7/xxeB73uCc8Zkjl9tPtapNa+BrVsDEB184bgmWU+OZ8cQnGxS7BRMGe3bcLpJK/CpkfSKEE8DYKNRjuasSSBRQyYB27WRS4bgp4H2LeEjj72vmpO1RI51CvN0c8qa6lUEowry0aKkffbIChqatnbJAlVAfFQDyWszbA58zVyVN/CbaEvkCAW33LuMprglxNiDYFRTbOYzVneyp95+QUen0uzwf1Yc2MzVUb4w17R2JHDX8sM3b5YMdnd68J8Q3n3tkqv4UpU+Lsot2vlX9f+IPAhXHpK2U3Ql6cGf8g/BOeQH2iocCQHy2OYWJuHSuyzMKIH9nVlIQwKV4xtjCr9y/JSr0cJ/OeMaqWkmXetCjZIscRFaH/43EC1zAHlbjMOBDQZQeXjAj0qg5CxLAoWzU74VC3WqR6r6UQfJ5Bbo1F3QNM9mFbc4HDQhF9eqpE9Fd9LWt+hQ54r5lBF9r7k630fvBRsj5nX372doWraPeSp9pwIP5Ntv61qSzXxKHYwlEfmISPSycDixwdssYKEDr3ezyqyz7SGuhmMExiV6c36ujo6GMZw== X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;31:CN5QqcLdy0k8ZE7z4+Wdw1+pyo+fU7jbDj9u5IaXq7jfX/jGYPZb6J4Vg2DgdaBfrm+PQHY1NPZ+WhZcjPEPfhX9CpkKOJYd2l8TfX6HgmJjt415vpgegAD1Q7Naz1i9/dseu9NjrJ6xMlvirDwUSg53N40TFP8zOAQd1mMNp5hSllN7PzYeJmrmNoHq4RwlZB8doq2yf1ggn8KlXgkUd9+fMDgdVEU7/5JXt8/wEjFoi4aK2LFlvJ/elSG4Cb2Y2JkFHrFyhdFGtenh9JRL2w==;20:gzouaV2Ch0bf5UjJVFwLZOwFJg8TqY9BBotPPjSa+99SdM5bqjWFNuHCigc/QOu1R/TDk3onidmt+buZR7nWlVwTAefXm6666Q4D5wcUZhIcoTvpUbCZmz+NLlWfG/F+2rR5vPbstJqoguv25hdF/jydD+AI92qsVjFu16ERyvBWMN87JtBa4LMVePgiHAbkYofjzZ2d9phf9jYIJKndC5wqe8JEx93ERKpRlekcCIu2ARFryGiGzVyCO+//ptzakkBu9Q0jYZ0GacLTaywU6m+prtX/PJXCKcqjxu4wgsl1NYFI1q0mslZ6bcD/IpsW7ji5CKkjwWWBhInuN13UhWTuYslX1UtXBFbvuLjy3KjAjZkcjZc6JYgigNXbocY86Kd4cGSdwKV6MuOBwJDWZ14EHdARwUhrpEQJazkJQ4rnsGpZ7uNv/xD9u3NwRA+xvQR2cAGtlDSkhoZ9EbuicEruDAxvVQmYB3D9oJWPQRLaaV/XZ0VLE4LKKTvOFyjt X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6060326)(6040307)(6045199)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(6061324)(6041248);SRVR:CY4PR12MB1144;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1144; X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;4:pD9xLPDSajD+/VG5yJ42fo4ibq/NFRS7trkcwygFJk1zBwUSGU/qOwmKrbeLyjyA1KD4HI+ZEPpmjfXYCPTt9aWxz1DKyJEOptp0Cq0EIOxPBjobyQPimkKnU7HXP2Cnupa6qX2hfEFCMsUXZxGzJtwVYHk9XNla+GSgfnCtFowxL9wixP11kztlWwMLS0tcHGXM9h9lPF1NY0FHpbRLufwfBjUo5tto5wYKYCoWQYdkkahznZ+yKOpj6X08bdOZGsXUTMTjz5AnE2qP9PcSTx10ju8B03LT8vlsWQ5DeTwJC5TsvfMjYBl61vjsWu1RKqQvV/AqlBwFQs/cYnDSagR4LCrIoPt3P60RCU7kWaKoGxpVPW4fm82xyJJNMwnnaSRB5drawh0zEeuPUNJqILUS5kk5F5KBqQ9lFy9O3AznsZnlCTxc4+CGDv1qBqnYykD/GvbhGb6MdYPQT2GxBJgQ8/jJUvoBdZggzYgr9OTzgXz66bh02cxmgVYCKC5v9rKmVGeWRyInk6hiJFqdIKFc5c0LD+w0dfK5YA2+8rA= X-Forefront-PRVS: 0131D22242 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(189002)(24454002)(377454003)(199003)(2906002)(305945005)(50986999)(105586002)(7846002)(23676002)(4326007)(189998001)(65806001)(106356001)(47776003)(5660300001)(33646002)(65826007)(7736002)(81166006)(31696002)(68736007)(229853002)(64126003)(6116002)(83506001)(50466002)(86362001)(65956001)(3846002)(36756003)(4001350100001)(77096005)(76176999)(2950100002)(97736004)(6916009)(6666003)(92566002)(110136003)(81156014)(31686004)(101416001)(66066001)(7416002)(8676002)(42186005)(230700001)(54356999)(38730400001)(21314002)(217873001);DIR:OUT;SFP:1101;SCL:1;SRVR:CY4PR12MB1144;H:[10.236.64.222];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQ0OzIzOklEQUM4RVZCWnFaN0V3em1kZ242Z2NuQ3NU?= =?utf-8?B?eWVlQjNEOTBvL25ud3ZxQUEvSzhET0dscHNkcGZQYWtITk4wS1MxYkRpanQ4?= =?utf-8?B?dUM3eERpMVREU1VBWUhYVVAzSGpNU0thS0dxb251ZldwWXNqY0M0dG5TY1Uv?= =?utf-8?B?UENoS2tTL2YzbUdjcnFUbG1UVFV6YnJlZ0wycVduZFdXanFIYmNQRHdlVVZy?= =?utf-8?B?SHo4eFVHcDVwTitYa1BDOGwyZlF2YjcwN3R5U1F3ZGJBVG9nbStVa2VqcHNL?= =?utf-8?B?WVJ0TGVBQ1cxaXpBNWVqNGVXblJjQlhzcnBkUHRuTnlRQ3JEZ0p3Qjc3bDAw?= =?utf-8?B?V3UwbGdSL1lXeVR4NHNmdUFZZ0ExbWZ0VmVVZ0RaelZpN0l1c1M2UXRSbVRI?= =?utf-8?B?STVwSVdNZjdNMnEzZjNpNWcrcEd3Uk5McnREV0ZjRzVIYzgvMkMxNWZVeHZN?= =?utf-8?B?N0g4ck91NXV3OU55dzZBTHpSOFduSTZTdkE5QWRMSjB3UVpkZmp1WWIwczNa?= =?utf-8?B?SUphQkdpa2hlNEJ0d3dFaW1Senh1cHhoL25jR0V3TWxDalY1clBpZlFvVmJp?= =?utf-8?B?Y1VUZVozRktwMkNWOXNyY2ZFVE1UNVFTbktXN3JyQitlSzFOV2RSbno3OXR3?= =?utf-8?B?cXBVUFN1bjlXcXlMZm1SMjYwcEpYR04zTlMreGpxcms5ZmdEclpTTFRYWEtp?= =?utf-8?B?UmhpNGl0R01CeGhlMi9GelpuSVp0K1hEaytTUGN3eWxOT29iOG5Dcm1pR1kw?= =?utf-8?B?S2Nva3B5YzBXMjR4OTFVU2ZlZndqdWlOczB4eWxhdDc3cnZ3N1JEaWoxcXpR?= =?utf-8?B?dEk0TllxUUFJYXlLR3RWcFZUb2FUemEwZXo4WE1qY21ocHlMWUY5cTcvWnpR?= =?utf-8?B?NXpoamVEajVHdUFWR3lVclFJZlAvZUNiZnc2L1hoYWVGdDl5NWgrU3BlQ1hs?= =?utf-8?B?S3ZZV0ZsTjl5V1E2d3pGTkFvZUxoS2hLaDFxdEFDam5SZEZqWUk5Sy80OS9m?= =?utf-8?B?Rms3SG5HYlZld0dxaTRrZUYwd09WMWlwTFU1M1VzeEZRTjA0T3RNT3l6NE9D?= =?utf-8?B?dmJJNTZEUDRTZmllYXN6Vm1TdTl0elA5K0ROWmdQaXlDd28ySDhiN1h6K2Jo?= =?utf-8?B?N0hoRnRzVnJXVFRtYjBXUW8zZTJzbUFQa1lXK3kyZXZzbkJHdUgzTlVLaVRG?= =?utf-8?B?WmtkNHMxWWlEeVZ1N1B0VFFaWmtEcmFxamZ3UkRXNkt5YXExSzRlWkhyRjR2?= =?utf-8?B?ajYzaGF4TUFOa0h5VmpBd3VrZTVFSThLWVpSQ0RjRmpTT1lCdmJoN2tQYktp?= =?utf-8?B?OU00VFZFSlJFMkpoTktBeHlDbVdDT0hhSjdDOWxoZWRpd2x6czJwbmJKRjU1?= =?utf-8?B?dnVQQ0FkYmdiNXNuWVRCSG1mSDBENUY4eEU5eDdzd3d6L3VOUW5DQVJjbjB5?= =?utf-8?B?amp1akJ3K0Z2K1JHbWZON1BjNklvSUV0QVhaQTY0UVJTNnMyT2dhNW96djF3?= =?utf-8?B?QmRPdWh4VnVzdXdtbzdkVWtyMEVDMTdYWVdSMW1NSi96NjRGUlBIY2lpM1Ix?= =?utf-8?B?OUQ2bVM2YVZiSXRRRFhWdU4wL2F0b1pwZWlmcVRyMk1XbTNwdWdkSm5LSkZq?= =?utf-8?B?ZEp0SzV1T3kvWWp0eVA5SXgxTEpxN0ZLVlp4M3d4WEk5NWkwMGxZREtwTEht?= =?utf-8?B?NnUyOG9pZXBLbWhSYm1oNlZ6RlpMQm5WUTFTcUFGelVKbENrdEdPSlBQelZ5?= =?utf-8?B?Z2dLeEkrMldMVlZ2bUxCVDBieUhtUlJmcXpvMTR0U21zdXlxMkJzTjFndlhq?= =?utf-8?B?cjQ4Q2R3UE4xWXhWSm1yUWQvaEJ5YU1pRWFHNWtmOHZNN2VLTHhhdmQ2RE13?= =?utf-8?Q?ehQJ4rkjzUA=3D?= X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;6:unxDcBPeH4/335HI9lX+PduHZRe3ypoOHrso5QOkVPT/+voLPfi0lDSok7OAZqek2uqIHmN+to6C/smyDB3VfKaRw9zRLWpYa56w8HINIaOdwAAXDMJyJO3xNmAIL/SogxR8ag4jfgZqmjbolCnunat9MvWqzQ+eFXTj8eof0D8e2XiukAZ5tIcjJvI39R5H57c+7Lqe4JxBYsrmrDYXPZNnuBTUysb+RRGkLQCk/UvncwnX6aP84ezwNIBvbYwOWsagZRG4oZrJLkEoO1PjwpcOV68skZpVUu30CGhdSHo5NRgg8usRogpyj7T10KlMN991po1zJGKxcIqnLg2XP8614WxFwLmFE7vmp5Us45CHIaCCT2tMh5eGjYWIUBFa;5:VC+87ocpoOeELBJDBP4G1B4+6eoleskLFZG60stlwK5J57vUZdgPHH1GPmVwl4t11kkLJEAxWzi1qfUSD95q3gcjF7eZSbai1sJoO993cN4+Eo6/Nb6uP2361qJrkPnxodOziwgZLlWItAcRW0+qb0pYmrU/fnurp5yh+9WSCzM=;24:w7uyLgfoqYJnQXTkOiYFO+k1Px2S3E3w954MGMXVK4T58n5ten8WkEPya6KwV5hnJVd7KBKNGEGirpQCOCgQr9y3+8kVIUDGMHv+P7OQoIk= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;7:yoZlGSo/ucBwQaDeVJUszY5DlVA8exusGjhqUsXIXFlw/Qc4qoqupZZ6f0qHvfJ6OnyreHFEcLtyC7ZZiNSV9DAPeuwX1ChjbHOSYtNFvkfP1isNqQTuhaio8D+JtqokmIMWwystKu4KMZNcb4km+JdlolX8NxslAOe4uQf1v96jFlhflZGavKQLetSExc2qPXd9PgV0/evgvGKPLIuUyZjym7YFOkAqcI7ZvKrcnqATCJPcfG6XGpm2Blhw5ywbLfXP41L5c+Gxevze7oQq8u9iXH27rQ/UJ8fB+Ew3ldbxUeoCXHc6wossufWQX38hccRdTBmI1u0T4q2pn3I1YV7LTubkD0T45ICLm36p8nk=;20:sdR5JUKGCEX7M8xBbOW+MnXVv6pyi9EpP0Hd4VEtSZZpkAaSz9xz1/HcL3B5viGRx/XQDdzf2iELRFbQcCK2UGk2CLacsfGSStHq2B61XfU1mJxSpOiTMw9HWK4A0rBvbL4BzacuWCtHtj8xnp/PQvbo2dg+SjJPP6Ke47ZK7xvlnSTbnQns5v6A5N3u7a5egDHSzKvfyy9ib7GAROpJYjDMOzmF3I8rvSrrrM0Q6RWaa0soLLrI0GaR2U1tR4zB X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2016 18:48:32.3206 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1144 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5777 Lines: 200 On 11/17/2016 11:39 AM, Borislav Petkov wrote: > On Wed, Nov 09, 2016 at 06:36:55PM -0600, Tom Lendacky wrote: >> This patch adds support to be change the memory encryption attribute for >> one or more memory pages. > > "Add support for changing ..." Yeah, I kind of messed up that description a bit! > >> Signed-off-by: Tom Lendacky >> --- >> arch/x86/include/asm/cacheflush.h | 3 + >> arch/x86/include/asm/mem_encrypt.h | 13 ++++++ >> arch/x86/mm/mem_encrypt.c | 43 +++++++++++++++++++++ >> arch/x86/mm/pageattr.c | 73 ++++++++++++++++++++++++++++++++++++ >> 4 files changed, 132 insertions(+) > > ... > >> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c >> index 411210d..41cfdf9 100644 >> --- a/arch/x86/mm/mem_encrypt.c >> +++ b/arch/x86/mm/mem_encrypt.c >> @@ -18,6 +18,7 @@ >> #include >> #include >> #include >> +#include >> >> extern pmdval_t early_pmd_flags; >> int __init __early_make_pgtable(unsigned long, pmdval_t); >> @@ -33,6 +34,48 @@ EXPORT_SYMBOL_GPL(sme_me_mask); >> /* Buffer used for early in-place encryption by BSP, no locking needed */ >> static char sme_early_buffer[PAGE_SIZE] __aligned(PAGE_SIZE); >> >> +int sme_set_mem_enc(void *vaddr, unsigned long size) >> +{ >> + unsigned long addr, numpages; >> + >> + if (!sme_me_mask) >> + return 0; > > So those interfaces look duplicated to me: you have exported > sme_set_mem_enc/sme_set_mem_unenc which take @size and then you have > set_memory_enc/set_memory_dec which take numpages. > > And then you're testing sme_me_mask in both. > > What I'd prefer to have is only *two* set_memory_enc/set_memory_dec > which take size in bytes and one workhorse __set_memory_enc_dec() which > does it all. The user shouldn't have to care about numpages or size or > whatever. > > Ok? Yup, makes sense. I'll redo this. > >> + >> + addr = (unsigned long)vaddr & PAGE_MASK; >> + numpages = PAGE_ALIGN(size) >> PAGE_SHIFT; >> + >> + /* >> + * The set_memory_xxx functions take an integer for numpages, make >> + * sure it doesn't exceed that. >> + */ >> + if (numpages > INT_MAX) >> + return -EINVAL; >> + >> + return set_memory_enc(addr, numpages); >> +} >> +EXPORT_SYMBOL_GPL(sme_set_mem_enc); >> + >> +int sme_set_mem_unenc(void *vaddr, unsigned long size) >> +{ >> + unsigned long addr, numpages; >> + >> + if (!sme_me_mask) >> + return 0; >> + >> + addr = (unsigned long)vaddr & PAGE_MASK; >> + numpages = PAGE_ALIGN(size) >> PAGE_SHIFT; >> + >> + /* >> + * The set_memory_xxx functions take an integer for numpages, make >> + * sure it doesn't exceed that. >> + */ >> + if (numpages > INT_MAX) >> + return -EINVAL; >> + >> + return set_memory_dec(addr, numpages); >> +} >> +EXPORT_SYMBOL_GPL(sme_set_mem_unenc); >> + >> /* >> * This routine does not change the underlying encryption setting of the >> * page(s) that map this memory. It assumes that eventually the memory is >> diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c >> index b8e6bb5..babf3a6 100644 >> --- a/arch/x86/mm/pageattr.c >> +++ b/arch/x86/mm/pageattr.c >> @@ -1729,6 +1729,79 @@ int set_memory_4k(unsigned long addr, int numpages) >> __pgprot(0), 1, 0, NULL); >> } >> >> +static int __set_memory_enc_dec(struct cpa_data *cpa) >> +{ >> + unsigned long addr; >> + int numpages; >> + int ret; >> + >> + /* People should not be passing in unaligned addresses */ >> + if (WARN_ONCE(*cpa->vaddr & ~PAGE_MASK, >> + "misaligned address: %#lx\n", *cpa->vaddr)) >> + *cpa->vaddr &= PAGE_MASK; >> + >> + addr = *cpa->vaddr; >> + numpages = cpa->numpages; >> + >> + /* Must avoid aliasing mappings in the highmem code */ >> + kmap_flush_unused(); >> + vm_unmap_aliases(); >> + >> + ret = __change_page_attr_set_clr(cpa, 1); >> + >> + /* Check whether we really changed something */ >> + if (!(cpa->flags & CPA_FLUSHTLB)) >> + goto out; > > That label is used only once - just "return ret;" here. Yup, will do. > >> + /* >> + * On success we use CLFLUSH, when the CPU supports it to >> + * avoid the WBINVD. >> + */ >> + if (!ret && static_cpu_has(X86_FEATURE_CLFLUSH)) >> + cpa_flush_range(addr, numpages, 1); >> + else >> + cpa_flush_all(1); >> + >> +out: >> + return ret; >> +} >> + >> +int set_memory_enc(unsigned long addr, int numpages) >> +{ >> + struct cpa_data cpa; >> + >> + if (!sme_me_mask) >> + return 0; >> + >> + memset(&cpa, 0, sizeof(cpa)); >> + cpa.vaddr = &addr; >> + cpa.numpages = numpages; >> + cpa.mask_set = __pgprot(_PAGE_ENC); >> + cpa.mask_clr = __pgprot(0); >> + cpa.pgd = init_mm.pgd; > > You could move that... > >> + >> + return __set_memory_enc_dec(&cpa); >> +} >> +EXPORT_SYMBOL(set_memory_enc); >> + >> +int set_memory_dec(unsigned long addr, int numpages) >> +{ >> + struct cpa_data cpa; >> + >> + if (!sme_me_mask) >> + return 0; >> + >> + memset(&cpa, 0, sizeof(cpa)); >> + cpa.vaddr = &addr; >> + cpa.numpages = numpages; >> + cpa.mask_set = __pgprot(0); >> + cpa.mask_clr = __pgprot(_PAGE_ENC); >> + cpa.pgd = init_mm.pgd; > > ... and that into __set_memory_enc_dec() too and pass in a "bool dec" or > "bool enc" or so which presets mask_set and mask_clr properly. > > See above. I think two functions exported to other in-kernel users are > more than enough. Should I move this functionality into the sme_set_mem_* functions or remove the sme_set_mem_* functions and use the set_memory_* functions directly. The latter means calculating the number of pages, but makes it clear that this works on a page level while the former keeps everything the mem_encrypt.c file (and I can change that to take in a page count so that it is clear about the page boundary usage). Thanks, Tom >