Commit e7bafbf7 authored by Will Deacon's avatar Will Deacon
Browse files

arm64: mm: Add top-level dispatcher for internal mem_encrypt API 



Implementing the internal mem_encrypt API for arm64 depends entirely on
the Confidential Computing environment in which the kernel is running.

Introduce a simple dispatcher so that backend hooks can be registered
depending upon the environment in which the kernel finds itself.

Reviewed-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
Reviewed-by: default avatarSteven Price <steven.price@arm.com>
Acked-by: default avatarMarc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20240830130150.8568-4-will@kernel.org


Signed-off-by: default avatarWill Deacon <will@kernel.org>
parent a06c3fad

arch/arm64/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ config ARM64 
	select ARCH_HAS_KERNEL_FPU_SUPPORT if KERNEL_MODE_NEON

	select ARCH_HAS_KEEPINITRD

	select ARCH_HAS_MEMBARRIER_SYNC_CORE

	select ARCH_HAS_MEM_ENCRYPT

	select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS

	select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE

	select ARCH_HAS_PTE_DEVMAP

arch/arm64/include/asm/mem_encrypt.h

0 → 100644
+15 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0-only */

#ifndef __ASM_MEM_ENCRYPT_H

#define __ASM_MEM_ENCRYPT_H



struct arm64_mem_crypt_ops {

	int (*encrypt)(unsigned long addr, int numpages);

	int (*decrypt)(unsigned long addr, int numpages);

};



int arm64_mem_crypt_ops_register(const struct arm64_mem_crypt_ops *ops);



int set_memory_encrypted(unsigned long addr, int numpages);

int set_memory_decrypted(unsigned long addr, int numpages);



#endif	/* __ASM_MEM_ENCRYPT_H */

arch/arm64/include/asm/set_memory.h

+1 −0
Original line number Diff line number Diff line
@@ -3,6 +3,7 @@ 
#ifndef _ASM_ARM64_SET_MEMORY_H

#define _ASM_ARM64_SET_MEMORY_H



#include <asm/mem_encrypt.h>

#include <asm-generic/set_memory.h>



bool can_set_direct_map(void);

arch/arm64/mm/Makefile

+1 −1
Original line number Diff line number Diff line 
# SPDX-License-Identifier: GPL-2.0

obj-y				:= dma-mapping.o extable.o fault.o init.o \

				   cache.o copypage.o flush.o \

				   ioremap.o mmap.o pgd.o mmu.o \

				   ioremap.o mmap.o pgd.o mem_encrypt.o mmu.o \

				   context.o proc.o pageattr.o fixmap.o

obj-$(CONFIG_ARM64_CONTPTE)	+= contpte.o

obj-$(CONFIG_HUGETLB_PAGE)	+= hugetlbpage.o

arch/arm64/mm/mem_encrypt.c

0 → 100644
+50 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-only

/*

 * Implementation of the memory encryption/decryption API.

 *

 * Since the low-level details of the operation depend on the

 * Confidential Computing environment (e.g. pKVM, CCA, ...), this just

 * acts as a top-level dispatcher to whatever hooks may have been

 * registered.

 *

 * Author: Will Deacon <will@kernel.org>

 * Copyright (C) 2024 Google LLC

 *

 * "Hello, boils and ghouls!"

 */



#include <linux/bug.h>

#include <linux/compiler.h>

#include <linux/err.h>

#include <linux/mm.h>



#include <asm/mem_encrypt.h>



static const struct arm64_mem_crypt_ops *crypt_ops;



int arm64_mem_crypt_ops_register(const struct arm64_mem_crypt_ops *ops)

{

	if (WARN_ON(crypt_ops))

		return -EBUSY;



	crypt_ops = ops;

	return 0;

}



int set_memory_encrypted(unsigned long addr, int numpages)

{

	if (likely(!crypt_ops) || WARN_ON(!PAGE_ALIGNED(addr)))

		return 0;



	return crypt_ops->encrypt(addr, numpages);

}

EXPORT_SYMBOL_GPL(set_memory_encrypted);



int set_memory_decrypted(unsigned long addr, int numpages)

{

	if (likely(!crypt_ops) || WARN_ON(!PAGE_ALIGNED(addr)))

		return 0;



	return crypt_ops->decrypt(addr, numpages);

}

EXPORT_SYMBOL_GPL(set_memory_decrypted);