Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp175462iob; Mon, 2 May 2022 16:19:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxEow8bufjwP4e96JDWXNHiYiak3ETmXrcRkpU1uLn13gB++3znXzSRyEIfLVo84O+CeVWG X-Received: by 2002:a63:8b4a:0:b0:3ab:255c:ff8e with SMTP id j71-20020a638b4a000000b003ab255cff8emr11226433pge.285.1651533552931; Mon, 02 May 2022 16:19:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651533552; cv=none; d=google.com; s=arc-20160816; b=KGqc7qt76Kl+pu+KDU+SrUMocTUzXoHWYbNMZTGg22KZikbKOZIIKR84H7msE44MZL MPcpzKD5oZ0HNQ3KX9h71+7DxmeAWGM4qLkpMCur+mMdw6pHKgVcQchz2VlPpSixe7j5 0Vqg3MEK+UAf8LFZWFIj7gg1+o9owhRi5YxyaxEAzEXzRrTatfTZdzWnWq4r8LatGDrb 4UBlm7ZObltQ5/5DUPZqLpLWDpz0OLODSIAGakKPA5Gj098N3ZjkUx2Y2bOyGy/kKB2b 6YAshuu0AQq3DEt49YScEWQHyXXEF2tFrRKysesgYiwIgViKQPhckB2F9yXdN9YX5mAN NzVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=erdqpZYLja6xDuoUNWXMJOEwQp9qkWbhvYqoJ4co3Os=; b=t2oN3uxUQR78Genrfb3qyXTV0UreGNadPe8/Ei0eFvSAzeJ+wUofaHK3TIVuZ/rX48 Y5nCYWhYvKCDlTvLaSXL6lZdpHLIXjNUH7AwMOL0F2yQOxRfQtxLgZbRB7UBYXXxp+cL R8fS26SfSPkn6nvmQh9VIBOA1d2Xg5YwLiZxVsvrnM5icAdMMrdPnSP7EDvKWqUFuLnc ApXC+L3WXWLLCoTFsVn4lvjcFGCPCEAWEDStHap6ds49JiCD6d5Q7mNrkxMwcw4ZB0iI CEZZfO3UO145wASnCOmdDwXJqkxzfwcZr+CZGgK5s2UdOKfay3cLOK2D+9MvC2Y+8Y7V 3uHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@eclypsium.com header.s=google header.b=Q8Uaonxz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=eclypsium.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id c33-20020a634e21000000b003aa663f5451si14753577pgb.744.2022.05.02.16.19.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 16:19:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@eclypsium.com header.s=google header.b=Q8Uaonxz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=eclypsium.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D99A231367; Mon, 2 May 2022 16:18:49 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1380447AbiD2UVF (ORCPT + 99 others); Fri, 29 Apr 2022 16:21:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1380427AbiD2UVE (ORCPT ); Fri, 29 Apr 2022 16:21:04 -0400 Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2988D9F3A3 for ; Fri, 29 Apr 2022 13:17:44 -0700 (PDT) Received: by mail-oi1-x22e.google.com with SMTP id r1so9481106oie.4 for ; Fri, 29 Apr 2022 13:17:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eclypsium.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=erdqpZYLja6xDuoUNWXMJOEwQp9qkWbhvYqoJ4co3Os=; b=Q8UaonxznDmVc5gYov0m3G8lVeCJ9Wb++XO9fsv/gUqnPbStpjqIwYe0Rw241Jt1og 1wa4l4d7Jn89Q6/jKFGGjyxze+q8g5RO76SUkMpqYIydbKVQsVVVkKPc4RTvRQrGXHMg 6JTEB1ypvif9eRNj71NjI2Evpbuj5TuoHjCM2lZRZVLUM639ACMhnI9YvSOUfv0Q7u2R NOE7GpoeOT13Bxh590c+Vl6CGhR853U0Cgerj84916BoD9SDlzZ/JWwExnQbAUqEej6c z6Hs34KYKYNJDv/dkHUIU5fef1Ko3XrI07IFdNKGHp6BSyhh3MIfVHVkDqFE5bZN8rGH nuJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=erdqpZYLja6xDuoUNWXMJOEwQp9qkWbhvYqoJ4co3Os=; b=1p3kOz88aHaQxOvEHUJyzmZFaXYgVkkeKY8bRGnHdh+unFENJdf8YfIW4QQECHgsA1 WSVG8HAhjmPQCvhVHkNYicQKjfI3GIl3SVI3DpTga+9/SOVcEDUHXSrjWeHRgsdMuzob t94xc71b31TXGuS8a+W92fsPUrGIJSWBQi/2+fAL5AQTaoledQGS4xQ41oSogxGeykUR +l1vM7KKrRBK6t5zk700Erg2LXUr66ZJTLVIXgNCRmj9e7DPltcSXsdeO97wO3FfLTsO Tlal59kgcmyKsYNECN4ZjDGqHtvDA2/yJSY78vER1640cnCqhgcj8c95Xoul8TGbj3WL xqNg== X-Gm-Message-State: AOAM533zd9gVRCPvXQKbjpQa392QVkg4Iws9gyxyw/dAOWFlWqeaPj3I hvwjOmDLSy2pDnQSRW0kv5GJ8t6My6ZhulC0upKBOuwYg2bqh1EXzb8NCClfx+hYlZYvrjAGINp Yb4pse1unyyX43fYtnuC0H9/LtPfUDSMF4ezm72vUsZosRJCdL89he73H8PS56WvTZUT2we5q0O Y2Xn6KEEed8NJ4IgzFJSY= X-Received: by 2002:a05:6808:1115:b0:2ec:e103:99c8 with SMTP id e21-20020a056808111500b002ece10399c8mr533592oih.194.1651263463240; Fri, 29 Apr 2022 13:17:43 -0700 (PDT) Received: from localhost ([181.97.174.128]) by smtp.gmail.com with ESMTPSA id r2-20020a05687002c200b000e99b1909d4sm2650005oaf.25.2022.04.29.13.17.36 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 29 Apr 2022 13:17:41 -0700 (PDT) From: Martin Fernandez To: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-mm@kvack.org Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, ardb@kernel.org, dvhart@infradead.org, andy@infradead.org, gregkh@linuxfoundation.org, rafael@kernel.org, rppt@kernel.org, akpm@linux-foundation.org, daniel.gutson@eclypsium.com, hughsient@gmail.com, alex.bazhaniuk@eclypsium.com, alison.schofield@intel.com, keescook@chromium.org, Martin Fernandez Subject: [PATCH v8 1/8] mm/memblock: Tag memblocks with crypto capabilities Date: Fri, 29 Apr 2022 17:17:10 -0300 Message-Id: <20220429201717.1946178-2-martin.fernandez@eclypsium.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220429201717.1946178-1-martin.fernandez@eclypsium.com> References: <20220429201717.1946178-1-martin.fernandez@eclypsium.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add the capability to mark regions of the memory memory_type able of hardware memory encryption. Also add the capability to query if all regions of a memory node are able to do hardware memory encryption to call it when initializing the nodes. Warn the user if a node has both encryptable and non-encryptable regions. Signed-off-by: Martin Fernandez --- include/linux/memblock.h | 5 ++++ mm/memblock.c | 62 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) diff --git a/include/linux/memblock.h b/include/linux/memblock.h index 50ad19662a32..00c4f1a20335 100644 --- a/include/linux/memblock.h +++ b/include/linux/memblock.h @@ -40,6 +40,7 @@ extern unsigned long long max_possible_pfn; * via a driver, and never indicated in the firmware-provided memory map as * system RAM. This corresponds to IORESOURCE_SYSRAM_DRIVER_MANAGED in the * kernel resource tree. + * @MEMBLOCK_CRYPTO_CAPABLE: capable of hardware encryption */ enum memblock_flags { MEMBLOCK_NONE = 0x0, /* No special request */ @@ -47,6 +48,7 @@ enum memblock_flags { MEMBLOCK_MIRROR = 0x2, /* mirrored region */ MEMBLOCK_NOMAP = 0x4, /* don't add to kernel direct mapping */ MEMBLOCK_DRIVER_MANAGED = 0x8, /* always detected via a driver */ + MEMBLOCK_CRYPTO_CAPABLE = 0x10, /* capable of hardware encryption */ }; /** @@ -120,6 +122,9 @@ int memblock_physmem_add(phys_addr_t base, phys_addr_t size); void memblock_trim_memory(phys_addr_t align); bool memblock_overlaps_region(struct memblock_type *type, phys_addr_t base, phys_addr_t size); +bool memblock_node_is_crypto_capable(int nid); +int memblock_mark_crypto_capable(phys_addr_t base, phys_addr_t size); +int memblock_clear_crypto_capable(phys_addr_t base, phys_addr_t size); int memblock_mark_hotplug(phys_addr_t base, phys_addr_t size); int memblock_clear_hotplug(phys_addr_t base, phys_addr_t size); int memblock_mark_mirror(phys_addr_t base, phys_addr_t size); diff --git a/mm/memblock.c b/mm/memblock.c index e4f03a6e8e56..d6399835b155 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -191,6 +191,40 @@ bool __init_memblock memblock_overlaps_region(struct memblock_type *type, return i < type->cnt; } +/** + * memblock_node_is_crypto_capable - get if whole node is capable + * of encryption + * @nid: number of node + * + * Iterate over all memory memblock_type and find if all regions under + * node @nid are capable of hardware encryption. + * + * Return: + * true if every region in @nid is capable of encryption, false + * otherwise. + */ +bool __init_memblock memblock_node_is_crypto_capable(int nid) +{ + struct memblock_region *region; + int crypto_capables = 0; + int not_crypto_capables = 0; + + for_each_mem_region(region) { + if (memblock_get_region_node(region) == nid) { + if (region->flags & MEMBLOCK_CRYPTO_CAPABLE) + crypto_capables++; + else + not_crypto_capables++; + } + } + + if (crypto_capables > 0 && not_crypto_capables > 0) + pr_warn("Node %d has %d regions that are encryptable and %d regions that aren't", + nid, not_crypto_capables, crypto_capables); + + return crypto_capables > 0 && not_crypto_capables == 0; +} + /** * __memblock_find_range_bottom_up - find free area utility in bottom-up * @start: start of candidate range @@ -891,6 +925,34 @@ static int __init_memblock memblock_setclr_flag(phys_addr_t base, return 0; } +/** + * memblock_mark_crypto_capable - Mark memory regions capable of hardware + * encryption with flag MEMBLOCK_CRYPTO_CAPABLE. + * @base: the base phys addr of the region + * @size: the size of the region + * + * Return: 0 on success, -errno on failure. + */ +int __init_memblock memblock_mark_crypto_capable(phys_addr_t base, + phys_addr_t size) +{ + return memblock_setclr_flag(base, size, 1, MEMBLOCK_CRYPTO_CAPABLE); +} + +/** + * memblock_clear_crypto_capable - Clear flag MEMBLOCK_CRYPTO for a + * specified region. + * @base: the base phys addr of the region + * @size: the size of the region + * + * Return: 0 on success, -errno on failure. + */ +int __init_memblock memblock_clear_crypto_capable(phys_addr_t base, + phys_addr_t size) +{ + return memblock_setclr_flag(base, size, 0, MEMBLOCK_CRYPTO_CAPABLE); +} + /** * memblock_mark_hotplug - Mark hotpluggable memory with flag MEMBLOCK_HOTPLUG. * @base: the base phys addr of the region -- 2.30.2