Message ID | 20190521044912.1375-12-bauerman@linux.ibm.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | Secure Virtual Machine Enablement | expand |
Context | Check | Description |
---|---|---|
snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch next (8150a153c013aa2dd1ffae43370b89ac1347a7fb) |
snowpatch_ozlabs/apply_patch | fail | Failed to apply to any branch |
> diff --git a/arch/powerpc/include/asm/mem_encrypt.h b/arch/powerpc/include/asm/mem_encrypt.h > new file mode 100644 > index 000000000000..45d5e4d0e6e0 > --- /dev/null > +++ b/arch/powerpc/include/asm/mem_encrypt.h > @@ -0,0 +1,19 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* > + * SVM helper functions > + * > + * Copyright 2019 IBM Corporation > + */ > + > +#ifndef _ASM_POWERPC_MEM_ENCRYPT_H > +#define _ASM_POWERPC_MEM_ENCRYPT_H > + > +#define sme_me_mask 0ULL > + > +static inline bool sme_active(void) { return false; } > +static inline bool sev_active(void) { return false; } > + > +int set_memory_encrypted(unsigned long addr, int numpages); > +int set_memory_decrypted(unsigned long addr, int numpages); > + > +#endif /* _ASM_POWERPC_MEM_ENCRYPT_H */ S/390 seems to be adding a stub header just like this. Can you please clean up the Kconfig and generic headers bits for memory encryption so that we don't need all this boilerplate code? > config PPC_SVM > bool "Secure virtual machine (SVM) support for POWER" > depends on PPC_PSERIES > + select SWIOTLB > + select ARCH_HAS_MEM_ENCRYPT > default n n is the default default, no need to explictly specify it.
Hello Christoph, Thanks for reviewing the patch! Christoph Hellwig <hch@lst.de> writes: >> diff --git a/arch/powerpc/include/asm/mem_encrypt.h b/arch/powerpc/include/asm/mem_encrypt.h >> new file mode 100644 >> index 000000000000..45d5e4d0e6e0 >> --- /dev/null >> +++ b/arch/powerpc/include/asm/mem_encrypt.h >> @@ -0,0 +1,19 @@ >> +/* SPDX-License-Identifier: GPL-2.0+ */ >> +/* >> + * SVM helper functions >> + * >> + * Copyright 2019 IBM Corporation >> + */ >> + >> +#ifndef _ASM_POWERPC_MEM_ENCRYPT_H >> +#define _ASM_POWERPC_MEM_ENCRYPT_H >> + >> +#define sme_me_mask 0ULL >> + >> +static inline bool sme_active(void) { return false; } >> +static inline bool sev_active(void) { return false; } >> + >> +int set_memory_encrypted(unsigned long addr, int numpages); >> +int set_memory_decrypted(unsigned long addr, int numpages); >> + >> +#endif /* _ASM_POWERPC_MEM_ENCRYPT_H */ > > S/390 seems to be adding a stub header just like this. Can you please > clean up the Kconfig and generic headers bits for memory encryption so > that we don't need all this boilerplate code? Yes, that's a good idea. Will do. >> config PPC_SVM >> bool "Secure virtual machine (SVM) support for POWER" >> depends on PPC_PSERIES >> + select SWIOTLB >> + select ARCH_HAS_MEM_ENCRYPT >> default n > > n is the default default, no need to explictly specify it. Indeed. Changed for the next version.
diff --git a/arch/powerpc/include/asm/mem_encrypt.h b/arch/powerpc/include/asm/mem_encrypt.h new file mode 100644 index 000000000000..45d5e4d0e6e0 --- /dev/null +++ b/arch/powerpc/include/asm/mem_encrypt.h @@ -0,0 +1,19 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * SVM helper functions + * + * Copyright 2019 IBM Corporation + */ + +#ifndef _ASM_POWERPC_MEM_ENCRYPT_H +#define _ASM_POWERPC_MEM_ENCRYPT_H + +#define sme_me_mask 0ULL + +static inline bool sme_active(void) { return false; } +static inline bool sev_active(void) { return false; } + +int set_memory_encrypted(unsigned long addr, int numpages); +int set_memory_decrypted(unsigned long addr, int numpages); + +#endif /* _ASM_POWERPC_MEM_ENCRYPT_H */ diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig index 82c16aa4f1ce..41b10f3bc729 100644 --- a/arch/powerpc/platforms/pseries/Kconfig +++ b/arch/powerpc/platforms/pseries/Kconfig @@ -145,9 +145,14 @@ config PAPR_SCM help Enable access to hypervisor provided storage class memory. +config ARCH_HAS_MEM_ENCRYPT + def_bool n + config PPC_SVM bool "Secure virtual machine (SVM) support for POWER" depends on PPC_PSERIES + select SWIOTLB + select ARCH_HAS_MEM_ENCRYPT default n help Support secure guests on POWER. There are certain POWER platforms which diff --git a/arch/powerpc/platforms/pseries/svm.c b/arch/powerpc/platforms/pseries/svm.c index c508196f7c83..618622d636d5 100644 --- a/arch/powerpc/platforms/pseries/svm.c +++ b/arch/powerpc/platforms/pseries/svm.c @@ -7,8 +7,53 @@ */ #include <linux/mm.h> +#include <asm/machdep.h> +#include <asm/svm.h> +#include <asm/swiotlb.h> #include <asm/ultravisor.h> +static int __init init_svm(void) +{ + if (!is_secure_guest()) + return 0; + + /* Don't release the SWIOTLB buffer. */ + ppc_swiotlb_enable = 1; + + /* + * Since the guest memory is inaccessible to the host, devices always + * need to use the SWIOTLB buffer for DMA even if dma_capable() says + * otherwise. + */ + swiotlb_force = SWIOTLB_FORCE; + + /* Share the SWIOTLB buffer with the host. */ + swiotlb_update_mem_attributes(); + + return 0; +} +machine_early_initcall(pseries, init_svm); + +int set_memory_encrypted(unsigned long addr, int numpages) +{ + if (!PAGE_ALIGNED(addr)) + return -EINVAL; + + uv_unshare_page(PHYS_PFN(__pa(addr)), numpages); + + return 0; +} + +int set_memory_decrypted(unsigned long addr, int numpages) +{ + if (!PAGE_ALIGNED(addr)) + return -EINVAL; + + uv_share_page(PHYS_PFN(__pa(addr)), numpages); + + return 0; +} + /* There's one dispatch log per CPU. */ #define NR_DTL_PAGE (DISPATCH_LOG_BYTES * CONFIG_NR_CPUS / PAGE_SIZE)