| Message ID | 20220113213027.457282-2-martin.fernandez@eclypsium.com (mailing list archive) |
|---|---|
| State | Deferred, archived |
| Headers | show |
| Series | x86: Show in sysfs if a memory node is able to do encryption | expand |
On Thu, Jan 13, 2022 at 06:30:23PM -0300, Martin Fernandez wrote: > Add the capability to mark regions of the memory memory_type able of > hardware memory encryption. > > Also add the capability to query if all regions of a memory node are > able to do hardware memory encryption to call it when initializing the > nodes. > > Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com> > --- > include/linux/memblock.h | 5 ++++ > mm/memblock.c | 49 ++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 54 insertions(+) > > diff --git a/include/linux/memblock.h b/include/linux/memblock.h > index 9dc7cb239d21..374c03e10b2e 100644 > --- a/include/linux/memblock.h > +++ b/include/linux/memblock.h > @@ -41,6 +41,7 @@ extern unsigned long long max_possible_pfn; > * via a driver, and never indicated in the firmware-provided memory map as > * system RAM. This corresponds to IORESOURCE_SYSRAM_DRIVER_MANAGED in the > * kernel resource tree. > + * @MEMBLOCK_CRYPTO_CAPABLE: capable of hardware encryption > */ > enum memblock_flags { > MEMBLOCK_NONE = 0x0, /* No special request */ > @@ -48,6 +49,7 @@ enum memblock_flags { > MEMBLOCK_MIRROR = 0x2, /* mirrored region */ > MEMBLOCK_NOMAP = 0x4, /* don't add to kernel direct mapping */ > MEMBLOCK_DRIVER_MANAGED = 0x8, /* always detected via a driver */ > + MEMBLOCK_CRYPTO_CAPABLE = 0x10, /* capable of hardware encryption */ Nit: please keep the comments aligned with TAB. > }; > > /** > @@ -121,6 +123,9 @@ int memblock_physmem_add(phys_addr_t base, phys_addr_t size); > void memblock_trim_memory(phys_addr_t align); > bool memblock_overlaps_region(struct memblock_type *type, > phys_addr_t base, phys_addr_t size); > +bool memblock_node_is_crypto_capable(int nid); > +int memblock_mark_crypto_capable(phys_addr_t base, phys_addr_t size); > +int memblock_clear_crypto_capable(phys_addr_t base, phys_addr_t size); > int memblock_mark_hotplug(phys_addr_t base, phys_addr_t size); > int memblock_clear_hotplug(phys_addr_t base, phys_addr_t size); > int memblock_mark_mirror(phys_addr_t base, phys_addr_t size); > diff --git a/mm/memblock.c b/mm/memblock.c > index 1018e50566f3..61ec50647469 100644 > --- a/mm/memblock.c > +++ b/mm/memblock.c > @@ -191,6 +191,27 @@ bool __init_memblock memblock_overlaps_region(struct memblock_type *type, > return i < type->cnt; > } > > +/** > + * memblock_node_is_crypto_capable - get if whole node is capable > + * of encryption > + * @nid: number of node > + * > + * Iterate over all memory memblock_type and find if all regions under > + * node @nid are capable of hardware encryption. Please add Return: description, otherwise kernel-doc is unhappy > + */ > +bool __init_memblock memblock_node_is_crypto_capable(int nid) > +{ > + struct memblock_region *region; > + > + for_each_mem_region(region) { > + if ((memblock_get_region_node(region) == nid) && > + !(region->flags & MEMBLOCK_CRYPTO_CAPABLE)) > + return false; > + } As we discussed on v3, please add a printk if the same node has both crypto-capable and not crypto-capable regions. https://lore.kernel.org/all/Ya++1FwWzKr2wYQH@kernel.org/ > + > + return true; > +} > + > /** > * __memblock_find_range_bottom_up - find free area utility in bottom-up > * @start: start of candidate range > @@ -885,6 +906,34 @@ static int __init_memblock memblock_setclr_flag(phys_addr_t base, > return 0; > } > > +/** > + * memblock_mark_crypto_capable - Mark memory regions capable of hardware > + * encryption with flag MEMBLOCK_CRYPTO_CAPABLE. > + * @base: the base phys addr of the region > + * @size: the size of the region > + * > + * Return: 0 on success, -errno on failure. > + */ > +int __init_memblock memblock_mark_crypto_capable(phys_addr_t base, > + phys_addr_t size) > +{ > + return memblock_setclr_flag(base, size, 1, MEMBLOCK_CRYPTO_CAPABLE); > +} > + > +/** > + * memblock_clear_crypto_capable - Clear flag MEMBLOCK_CRYPTO for a > + * specified region. > + * @base: the base phys addr of the region > + * @size: the size of the region > + * > + * Return: 0 on success, -errno on failure. > + */ > +int __init_memblock memblock_clear_crypto_capable(phys_addr_t base, > + phys_addr_t size) > +{ > + return memblock_setclr_flag(base, size, 0, MEMBLOCK_CRYPTO_CAPABLE); > +} > + > /** > * memblock_mark_hotplug - Mark hotpluggable memory with flag MEMBLOCK_HOTPLUG. > * @base: the base phys addr of the region > -- > 2.30.2 >
On 1/14/22, Mike Rapoport <rppt@kernel.org> wrote: > On Thu, Jan 13, 2022 at 06:30:23PM -0300, Martin Fernandez wrote: >> Add the capability to mark regions of the memory memory_type able of >> hardware memory encryption. >> >> Also add the capability to query if all regions of a memory node are >> able to do hardware memory encryption to call it when initializing the >> nodes. >> >> Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com> >> --- >> include/linux/memblock.h | 5 ++++ >> mm/memblock.c | 49 ++++++++++++++++++++++++++++++++++++++++ >> 2 files changed, 54 insertions(+) >> >> diff --git a/include/linux/memblock.h b/include/linux/memblock.h >> index 9dc7cb239d21..374c03e10b2e 100644 >> --- a/include/linux/memblock.h >> +++ b/include/linux/memblock.h >> @@ -41,6 +41,7 @@ extern unsigned long long max_possible_pfn; >> * via a driver, and never indicated in the firmware-provided memory map >> as >> * system RAM. This corresponds to IORESOURCE_SYSRAM_DRIVER_MANAGED in >> the >> * kernel resource tree. >> + * @MEMBLOCK_CRYPTO_CAPABLE: capable of hardware encryption >> */ >> enum memblock_flags { >> MEMBLOCK_NONE = 0x0, /* No special request */ >> @@ -48,6 +49,7 @@ enum memblock_flags { >> MEMBLOCK_MIRROR = 0x2, /* mirrored region */ >> MEMBLOCK_NOMAP = 0x4, /* don't add to kernel direct mapping */ >> MEMBLOCK_DRIVER_MANAGED = 0x8, /* always detected via a driver */ >> + MEMBLOCK_CRYPTO_CAPABLE = 0x10, /* capable of hardware encryption */ > > Nit: please keep the comments aligned with TAB. > >> }; >> >> /** >> @@ -121,6 +123,9 @@ int memblock_physmem_add(phys_addr_t base, phys_addr_t >> size); >> void memblock_trim_memory(phys_addr_t align); >> bool memblock_overlaps_region(struct memblock_type *type, >> phys_addr_t base, phys_addr_t size); >> +bool memblock_node_is_crypto_capable(int nid); >> +int memblock_mark_crypto_capable(phys_addr_t base, phys_addr_t size); >> +int memblock_clear_crypto_capable(phys_addr_t base, phys_addr_t size); >> int memblock_mark_hotplug(phys_addr_t base, phys_addr_t size); >> int memblock_clear_hotplug(phys_addr_t base, phys_addr_t size); >> int memblock_mark_mirror(phys_addr_t base, phys_addr_t size); >> diff --git a/mm/memblock.c b/mm/memblock.c >> index 1018e50566f3..61ec50647469 100644 >> --- a/mm/memblock.c >> +++ b/mm/memblock.c >> @@ -191,6 +191,27 @@ bool __init_memblock memblock_overlaps_region(struct >> memblock_type *type, >> return i < type->cnt; >> } >> >> +/** >> + * memblock_node_is_crypto_capable - get if whole node is capable >> + * of encryption >> + * @nid: number of node >> + * >> + * Iterate over all memory memblock_type and find if all regions under >> + * node @nid are capable of hardware encryption. > > Please add Return: description, otherwise kernel-doc is unhappy > >> + */ >> +bool __init_memblock memblock_node_is_crypto_capable(int nid) >> +{ >> + struct memblock_region *region; >> + >> + for_each_mem_region(region) { >> + if ((memblock_get_region_node(region) == nid) && >> + !(region->flags & MEMBLOCK_CRYPTO_CAPABLE)) >> + return false; >> + } > > As we discussed on v3, please add a printk if the same node has both > crypto-capable and not crypto-capable regions. > > https://lore.kernel.org/all/Ya++1FwWzKr2wYQH@kernel.org/ > >> + >> + return true; >> +} >> + >> /** >> * __memblock_find_range_bottom_up - find free area utility in bottom-up >> * @start: start of candidate range >> @@ -885,6 +906,34 @@ static int __init_memblock >> memblock_setclr_flag(phys_addr_t base, >> return 0; >> } >> >> +/** >> + * memblock_mark_crypto_capable - Mark memory regions capable of >> hardware >> + * encryption with flag MEMBLOCK_CRYPTO_CAPABLE. >> + * @base: the base phys addr of the region >> + * @size: the size of the region >> + * >> + * Return: 0 on success, -errno on failure. >> + */ >> +int __init_memblock memblock_mark_crypto_capable(phys_addr_t base, >> + phys_addr_t size) >> +{ >> + return memblock_setclr_flag(base, size, 1, MEMBLOCK_CRYPTO_CAPABLE); >> +} >> + >> +/** >> + * memblock_clear_crypto_capable - Clear flag MEMBLOCK_CRYPTO for a >> + * specified region. >> + * @base: the base phys addr of the region >> + * @size: the size of the region >> + * >> + * Return: 0 on success, -errno on failure. >> + */ >> +int __init_memblock memblock_clear_crypto_capable(phys_addr_t base, >> + phys_addr_t size) >> +{ >> + return memblock_setclr_flag(base, size, 0, MEMBLOCK_CRYPTO_CAPABLE); >> +} >> + >> /** >> * memblock_mark_hotplug - Mark hotpluggable memory with flag >> MEMBLOCK_HOTPLUG. >> * @base: the base phys addr of the region >> -- >> 2.30.2 >> > > -- > Sincerely yours, > Mike. > Ok, will do. Thanks for the feedback.
diff --git a/include/linux/memblock.h b/include/linux/memblock.h index 9dc7cb239d21..374c03e10b2e 100644 --- a/include/linux/memblock.h +++ b/include/linux/memblock.h @@ -41,6 +41,7 @@ extern unsigned long long max_possible_pfn; * via a driver, and never indicated in the firmware-provided memory map as * system RAM. This corresponds to IORESOURCE_SYSRAM_DRIVER_MANAGED in the * kernel resource tree. + * @MEMBLOCK_CRYPTO_CAPABLE: capable of hardware encryption */ enum memblock_flags { MEMBLOCK_NONE = 0x0, /* No special request */ @@ -48,6 +49,7 @@ enum memblock_flags { MEMBLOCK_MIRROR = 0x2, /* mirrored region */ MEMBLOCK_NOMAP = 0x4, /* don't add to kernel direct mapping */ MEMBLOCK_DRIVER_MANAGED = 0x8, /* always detected via a driver */ + MEMBLOCK_CRYPTO_CAPABLE = 0x10, /* capable of hardware encryption */ }; /** @@ -121,6 +123,9 @@ int memblock_physmem_add(phys_addr_t base, phys_addr_t size); void memblock_trim_memory(phys_addr_t align); bool memblock_overlaps_region(struct memblock_type *type, phys_addr_t base, phys_addr_t size); +bool memblock_node_is_crypto_capable(int nid); +int memblock_mark_crypto_capable(phys_addr_t base, phys_addr_t size); +int memblock_clear_crypto_capable(phys_addr_t base, phys_addr_t size); int memblock_mark_hotplug(phys_addr_t base, phys_addr_t size); int memblock_clear_hotplug(phys_addr_t base, phys_addr_t size); int memblock_mark_mirror(phys_addr_t base, phys_addr_t size); diff --git a/mm/memblock.c b/mm/memblock.c index 1018e50566f3..61ec50647469 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -191,6 +191,27 @@ bool __init_memblock memblock_overlaps_region(struct memblock_type *type, return i < type->cnt; } +/** + * memblock_node_is_crypto_capable - get if whole node is capable + * of encryption + * @nid: number of node + * + * Iterate over all memory memblock_type and find if all regions under + * node @nid are capable of hardware encryption. + */ +bool __init_memblock memblock_node_is_crypto_capable(int nid) +{ + struct memblock_region *region; + + for_each_mem_region(region) { + if ((memblock_get_region_node(region) == nid) && + !(region->flags & MEMBLOCK_CRYPTO_CAPABLE)) + return false; + } + + return true; +} + /** * __memblock_find_range_bottom_up - find free area utility in bottom-up * @start: start of candidate range @@ -885,6 +906,34 @@ static int __init_memblock memblock_setclr_flag(phys_addr_t base, return 0; } +/** + * memblock_mark_crypto_capable - Mark memory regions capable of hardware + * encryption with flag MEMBLOCK_CRYPTO_CAPABLE. + * @base: the base phys addr of the region + * @size: the size of the region + * + * Return: 0 on success, -errno on failure. + */ +int __init_memblock memblock_mark_crypto_capable(phys_addr_t base, + phys_addr_t size) +{ + return memblock_setclr_flag(base, size, 1, MEMBLOCK_CRYPTO_CAPABLE); +} + +/** + * memblock_clear_crypto_capable - Clear flag MEMBLOCK_CRYPTO for a + * specified region. + * @base: the base phys addr of the region + * @size: the size of the region + * + * Return: 0 on success, -errno on failure. + */ +int __init_memblock memblock_clear_crypto_capable(phys_addr_t base, + phys_addr_t size) +{ + return memblock_setclr_flag(base, size, 0, MEMBLOCK_CRYPTO_CAPABLE); +} + /** * memblock_mark_hotplug - Mark hotpluggable memory with flag MEMBLOCK_HOTPLUG. * @base: the base phys addr of the region
Add the capability to mark regions of the memory memory_type able of hardware memory encryption. Also add the capability to query if all regions of a memory node are able to do hardware memory encryption to call it when initializing the nodes. Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com> --- include/linux/memblock.h | 5 ++++ mm/memblock.c | 49 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+)