From patchwork Wed Nov 24 20:34:55 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martin Fernandez <martin.fernandez@eclypsium.com>
X-Patchwork-Id: 12637761
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BDD6FC433F5
	for <linux-mm@archiver.kernel.org>; Wed, 24 Nov 2021 20:36:08 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id E025D6B0078; Wed, 24 Nov 2021 15:35:49 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id DB1C16B007B; Wed, 24 Nov 2021 15:35:49 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id CA2376B007D; Wed, 24 Nov 2021 15:35:49 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0060.hostedemail.com
 [216.40.44.60])
	by kanga.kvack.org (Postfix) with ESMTP id BDE7D6B0078
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 15:35:49 -0500 (EST)
Received: from smtpin24.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 88A068D8DA
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 20:35:39 +0000 (UTC)
X-FDA: 78844979556.24.E2528ED
Received: from mail-ua1-f50.google.com (mail-ua1-f50.google.com
 [209.85.222.50])
	by imf24.hostedemail.com (Postfix) with ESMTP id B15FBB0000A9
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 20:35:35 +0000 (UTC)
Received: by mail-ua1-f50.google.com with SMTP id i6so7737325uae.6
        for <linux-mm@kvack.org>; Wed, 24 Nov 2021 12:35:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=eclypsium.com; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=A1xzUXa5x5Bog8pkez/HAfQHT5aX9xfLkxwoJiQMbWc=;
        b=R/VkjXX7MeaPnAJhsMccTmDjScX+FGCDi/gWTGbEyxNzjTrosEp2TMkxq4Q8QqnWX3
         EiR05kKzaCua2T5uLpS4x+98C9oM8i3LlhzcnBDeRGC24fGAoyeFvA1KVSV9AgEjeOVJ
         vH7np4lUkKx+qQHlPlhpJygvWwD869+WYK43+cFJ/C7Kd8v7ndmK5JMhk/uy9VzFsPCQ
         wXZsTrxo7Zt8TLdrpr5Nd9gnOKty6EwrQFR9x1l78oU9y4enfAPISe4cwYbaeioZHn+f
         mM5vGVQEMpumW+1F5JNtvk+ktfsQXcogAWs82IlNpm/nQEFmqB/in2eVlF72g+x7Orjp
         vNdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=A1xzUXa5x5Bog8pkez/HAfQHT5aX9xfLkxwoJiQMbWc=;
        b=4oupBKO9sR9yTqHYAxVPfN8besIx645DKg91Y1E/gln4Kz2REStb6dedDjbQ/OdATO
         1+606vcsBwBaMgVEIdN0qGJzToheOHnZcMMYhIo8M75MXez8feHFUT2NZacKmgSXAP3L
         N3/nIpkKvaOEHBHvkIaMlG6Kv0qdEOA/bLMj8FPBKKTuXiHXrgTfUZsaE5f8UlAdRg5B
         LRncf3Xj7vYDd2cBzg2F1LTmPTfpcwuSCLCLoeUnTtbiUe4CtXVgDans6vnHSBjSMSPC
         fNU/fSh/4dlucQp/28xMzFXJIt4YDRWw6p7ZRcgpnTgM3wF6ibq8LwwF0/FLEwaNNd8t
         QFOw==
X-Gm-Message-State: AOAM5326tgNAmtku6rlOP9j5+3DCykdxQG50glPKK2OeY/djRZgN3vJ8
	83ovw5dT+1hm8IgPIRmki4w31Q==
X-Google-Smtp-Source: 
 ABdhPJxrY7iEnE3QEj+1+FKnOjeDBmxUb2vIP8O2gzcsmt6jFXU8jIdP3ReeX+H4CHRVT1yoUpuYTQ==
X-Received: by 2002:a67:bc16:: with SMTP id t22mr27805377vsn.10.1637786138632;
        Wed, 24 Nov 2021 12:35:38 -0800 (PST)
Received: from localhost (7-153-16-190.fibertel.com.ar. [190.16.153.7])
        by smtp.gmail.com with ESMTPSA id
 t11sm479278vkt.34.2021.11.24.12.35.33
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 24 Nov 2021 12:35:38 -0800 (PST)
From: Martin Fernandez <martin.fernandez@eclypsium.com>
To: linux-efi@vger.kernel.org,
	platform-driver-x86@vger.kernel.org,
	linux-mm@kvack.org
Cc: tglx@linutronix.de,
	mingo@redhat.com,
	bp@alien8.de,
	x86@kernel.org,
	hpa@zytor.com,
	dave.hansen@linux.intel.com,
	luto@kernel.org,
	peterz@infradead.org,
	ardb@kernel.org,
	dvhart@infradead.org,
	andy@infradead.org,
	gregkh@linuxfoundation.org,
	rafael@kernel.org,
	daniel.gutson@eclypsium.com,
	hughsient@gmail.com,
	alison.schofield@intel.com,
	Martin Fernandez <martin.fernandez@eclypsium.com>
Subject: [PATCH v2 1/5] mm/memblock: Tag memblocks with crypto capabilities
Date: Wed, 24 Nov 2021 17:34:55 -0300
Message-Id: <20211124203459.4578-2-martin.fernandez@eclypsium.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20211124203459.4578-1-martin.fernandez@eclypsium.com>
References: <20211124203459.4578-1-martin.fernandez@eclypsium.com>
MIME-Version: 1.0
X-Rspamd-Server: rspam01
X-Rspamd-Queue-Id: B15FBB0000A9
X-Stat-Signature: iupc1acw91bqcmkp7kre7dspgjkje39s
Authentication-Results: imf24.hostedemail.com;
	dkim=pass header.d=eclypsium.com header.s=google header.b="R/VkjXX7";
	spf=pass (imf24.hostedemail.com: domain of martin.fernandez@eclypsium.com
 designates 209.85.222.50 as permitted sender)
 smtp.mailfrom=martin.fernandez@eclypsium.com;
	dmarc=pass (policy=quarantine) header.from=eclypsium.com
X-HE-Tag: 1637786135-733610
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Add the capability to mark regions of the memory memory_type able of
hardware memory encryption.

Also add the capability to query if all regions of a memory node are
able to do hardware memory encryption to call it when initializing the
nodes.

Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
---
 include/linux/memblock.h |  5 ++++
 mm/memblock.c            | 49 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)

diff --git a/include/linux/memblock.h b/include/linux/memblock.h
index 34de69b3b8ba..a54665863f80 100644
--- a/include/linux/memblock.h
+++ b/include/linux/memblock.h
@@ -31,6 +31,7 @@ extern unsigned long long max_possible_pfn;
  * @MEMBLOCK_HOTPLUG: hotpluggable region
  * @MEMBLOCK_MIRROR: mirrored region
  * @MEMBLOCK_NOMAP: don't add to kernel direct mapping and treat as
+ * @MEMBLOCK_CRYPTO_CAPABLE: capable of hardware encryption
  * reserved in the memory map; refer to memblock_mark_nomap() description
  * for further details
  */
@@ -39,6 +40,7 @@ enum memblock_flags {
 	MEMBLOCK_HOTPLUG	= 0x1,	/* hotpluggable region */
 	MEMBLOCK_MIRROR		= 0x2,	/* mirrored region */
 	MEMBLOCK_NOMAP		= 0x4,	/* don't add to kernel direct mapping */
+	MEMBLOCK_CRYPTO_CAPABLE = 0x8,  /* capable of hardware encryption */
 };
 
 /**
@@ -111,6 +113,9 @@ int memblock_physmem_add(phys_addr_t base, phys_addr_t size);
 void memblock_trim_memory(phys_addr_t align);
 bool memblock_overlaps_region(struct memblock_type *type,
 			      phys_addr_t base, phys_addr_t size);
+bool memblock_node_is_crypto_capable(int nid);
+int memblock_mark_crypto_capable(phys_addr_t base, phys_addr_t size);
+int memblock_clear_crypto_capable(phys_addr_t base, phys_addr_t size);
 int memblock_mark_hotplug(phys_addr_t base, phys_addr_t size);
 int memblock_clear_hotplug(phys_addr_t base, phys_addr_t size);
 int memblock_mark_mirror(phys_addr_t base, phys_addr_t size);
diff --git a/mm/memblock.c b/mm/memblock.c
index 5096500b2647..cd5553c3df5a 100644
--- a/mm/memblock.c
+++ b/mm/memblock.c
@@ -191,6 +191,27 @@ bool __init_memblock memblock_overlaps_region(struct memblock_type *type,
 	return i < type->cnt;
 }
 
+/**
+ * memblock_node_is_crypto_capable - get if whole node is capable
+ * of encryption
+ * @nid: number of node
+ *
+ * Iterate over all memory memblock_type and find if all regions under
+ * node @nid are capable of hardware encryption.
+ */
+bool __init_memblock memblock_node_is_crypto_capable(int nid)
+{
+	struct memblock_region *region;
+
+	for_each_mem_region(region) {
+		if ((memblock_get_region_node(region) == nid) &&
+		    !(region->flags & MEMBLOCK_CRYPTO_CAPABLE))
+			return false;
+	}
+
+	return true;
+}
+
 /**
  * __memblock_find_range_bottom_up - find free area utility in bottom-up
  * @start: start of candidate range
@@ -884,6 +905,34 @@ static int __init_memblock memblock_setclr_flag(phys_addr_t base,
 	return 0;
 }
 
+/**
+ * memblock_mark_crypto_capable - Mark memory regions capable of hardware
+ * encryption with flag MEMBLOCK_CRYPTO_CAPABLE.
+ * @base: the base phys addr of the region
+ * @size: the size of the region
+ *
+ * Return: 0 on success, -errno on failure.
+ */
+int __init_memblock memblock_mark_crypto_capable(phys_addr_t base,
+						 phys_addr_t size)
+{
+	return memblock_setclr_flag(base, size, 1, MEMBLOCK_CRYPTO_CAPABLE);
+}
+
+/**
+ * memblock_clear_crypto_capable - Clear flag MEMBLOCK_CRYPTO for a
+ * specified region.
+ * @base: the base phys addr of the region
+ * @size: the size of the region
+ *
+ * Return: 0 on success, -errno on failure.
+ */
+int __init_memblock memblock_clear_crypto_capable(phys_addr_t base,
+						  phys_addr_t size)
+{
+	return memblock_setclr_flag(base, size, 0, MEMBLOCK_CRYPTO_CAPABLE);
+}
+
 /**
  * memblock_mark_hotplug - Mark hotpluggable memory with flag MEMBLOCK_HOTPLUG.
  * @base: the base phys addr of the region

From patchwork Wed Nov 24 20:34:56 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martin Fernandez <martin.fernandez@eclypsium.com>
X-Patchwork-Id: 12637763
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F044EC433EF
	for <linux-mm@archiver.kernel.org>; Wed, 24 Nov 2021 20:36:45 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 06E046B007B; Wed, 24 Nov 2021 15:36:03 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id F392A6B007D; Wed, 24 Nov 2021 15:36:02 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D8CA16B007E; Wed, 24 Nov 2021 15:36:02 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0223.hostedemail.com
 [216.40.44.223])
	by kanga.kvack.org (Postfix) with ESMTP id C802B6B007B
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 15:36:02 -0500 (EST)
Received: from smtpin21.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 8801882D81
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 20:35:52 +0000 (UTC)
X-FDA: 78844980186.21.99239CA
Received: from mail-ua1-f41.google.com (mail-ua1-f41.google.com
 [209.85.222.41])
	by imf07.hostedemail.com (Postfix) with ESMTP id D7E7B10002D8
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 20:35:48 +0000 (UTC)
Received: by mail-ua1-f41.google.com with SMTP id l24so7798971uak.2
        for <linux-mm@kvack.org>; Wed, 24 Nov 2021 12:35:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=eclypsium.com; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=kKeQO5HIM6y0ycfWZfjEXt5cWodQspmVc0qLUoNycjw=;
        b=Cfr3vRCO2qArtB2zY1WwM4EzEzL0sTk9uNXAVtwdYprZbC1fHLFE1949XZ5h3knzR1
         3gV1+bojf02rCANR3bR81MWu48gca6FIIuY/geCf9sTHgQpoK1i+JzmA/vQQcYGExkjC
         1mCYw2rIQTUAmhtzD6NPGmIq2ij6ApLZUjcLPO/f8pK21guuKLwunwJ3bJLuVWJXUM2/
         7UN4tVR3zfc5npfEMmqKo040g+a2XChbbAGs8NA7MubO8qY+30I4K1bWbzV3PY1EAYEN
         mtNRlyvLk1Sq9p277fBJwfJYbw5CX2WUXHtlHT7vRvSJrMFL+r3Sy/smrxbV/ZXAv16A
         VNww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=kKeQO5HIM6y0ycfWZfjEXt5cWodQspmVc0qLUoNycjw=;
        b=eRtDEvliI69lifba0t6fccA6Yk0NLeVarE3SLDrB/IB8ZIfggamJzi/gV6/cIYV+sL
         Z2DiZl+tV51Z3btRtwVwEvs/PEQNLtfnBngKsoumJBeG9shpIQWxBCodWXlsuGbqH/31
         HrD9B9YeECEmyagbtdLkFVTgNoYxdCkrAXrdAOL4ahdP+lNZnqPha9ifS9nr/8ezt5Wt
         VjxhbSz25ah378RKS/dXt+je+0IvaRDFfu7KjM0GpZwUOMBKO9+eBjntBOMoWfj5XiZ1
         7EDIWFrILv2q8GSNx4NlFHd8wF87XuZeyojOQckgboGG38+uz2EBVruILQT1vVbi333H
         M90w==
X-Gm-Message-State: AOAM532ftz2kYn4crNoHh4uAICMOaLPk9WLC9D/LheKTWIJ9Ddv+Zzwj
	EVD9JdDNH3T0wOQBW6T8PjoWrQ==
X-Google-Smtp-Source: 
 ABdhPJy27G14bvEgPOr12Bgpg6q24+2aiosznoukbinhwt9NvM1t/b3YMAF/NwheI6DeiRVcv9hO4A==
X-Received: by 2002:a67:d31c:: with SMTP id a28mr29229200vsj.20.1637786151401;
        Wed, 24 Nov 2021 12:35:51 -0800 (PST)
Received: from localhost (7-153-16-190.fibertel.com.ar. [190.16.153.7])
        by smtp.gmail.com with ESMTPSA id
 g187sm668093vsc.10.2021.11.24.12.35.46
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 24 Nov 2021 12:35:51 -0800 (PST)
From: Martin Fernandez <martin.fernandez@eclypsium.com>
To: linux-efi@vger.kernel.org,
	platform-driver-x86@vger.kernel.org,
	linux-mm@kvack.org
Cc: tglx@linutronix.de,
	mingo@redhat.com,
	bp@alien8.de,
	x86@kernel.org,
	hpa@zytor.com,
	dave.hansen@linux.intel.com,
	luto@kernel.org,
	peterz@infradead.org,
	ardb@kernel.org,
	dvhart@infradead.org,
	andy@infradead.org,
	gregkh@linuxfoundation.org,
	rafael@kernel.org,
	daniel.gutson@eclypsium.com,
	hughsient@gmail.com,
	alison.schofield@intel.com,
	Martin Fernandez <martin.fernandez@eclypsium.com>
Subject: [PATCH v2 2/5] mm/mmzone: Tag pg_data_t with crypto capabilities
Date: Wed, 24 Nov 2021 17:34:56 -0300
Message-Id: <20211124203459.4578-3-martin.fernandez@eclypsium.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20211124203459.4578-1-martin.fernandez@eclypsium.com>
References: <20211124203459.4578-1-martin.fernandez@eclypsium.com>
MIME-Version: 1.0
X-Rspamd-Queue-Id: D7E7B10002D8
X-Stat-Signature: 1p3qsu78oczi6sk7jn65t4mdzjfbnha4
Authentication-Results: imf07.hostedemail.com;
	dkim=pass header.d=eclypsium.com header.s=google header.b=Cfr3vRCO;
	dmarc=pass (policy=quarantine) header.from=eclypsium.com;
	spf=pass (imf07.hostedemail.com: domain of martin.fernandez@eclypsium.com
 designates 209.85.222.41 as permitted sender)
 smtp.mailfrom=martin.fernandez@eclypsium.com
X-Rspamd-Server: rspam02
X-HE-Tag: 1637786148-660107
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Add a new member in the pg_data_t struct tell whether the node
corresponding to that pg_data_t is able to do hardware memory encryption.

This will be read from sysfs.

Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
---
 include/linux/mmzone.h | 3 +++
 mm/page_alloc.c        | 1 +
 2 files changed, 4 insertions(+)

diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
index 6a1d79d84675..e437d7ebd8cc 100644
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
@@ -855,6 +855,9 @@ typedef struct pglist_data {
 	struct task_struct *kcompactd;
 	bool proactive_compact_trigger;
 #endif
+
+	bool crypto_capable;
+
 	/*
 	 * This is a per-node reserve of pages that are not available
 	 * to userspace allocations.
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index b37435c274cf..a19d95bb5c0f 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -7575,6 +7575,7 @@ static void __init free_area_init_node(int nid)
 	pgdat->node_id = nid;
 	pgdat->node_start_pfn = start_pfn;
 	pgdat->per_cpu_nodestats = NULL;
+	pgdat->crypto_capable = memblock_node_is_crypto_capable(nid);
 
 	pr_info("Initmem setup node %d [mem %#018Lx-%#018Lx]\n", nid,
 		(u64)start_pfn << PAGE_SHIFT,

From patchwork Wed Nov 24 20:34:57 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martin Fernandez <martin.fernandez@eclypsium.com>
X-Patchwork-Id: 12637765
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 31551C433EF
	for <linux-mm@archiver.kernel.org>; Wed, 24 Nov 2021 20:37:21 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 921BD6B007D; Wed, 24 Nov 2021 15:36:13 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 8822F6B007E; Wed, 24 Nov 2021 15:36:13 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 6D62B6B0080; Wed, 24 Nov 2021 15:36:13 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0055.hostedemail.com
 [216.40.44.55])
	by kanga.kvack.org (Postfix) with ESMTP id 5B4B76B007D
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 15:36:13 -0500 (EST)
Received: from smtpin24.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 245568849E
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 20:36:03 +0000 (UTC)
X-FDA: 78844980564.24.43F4E6B
Received: from mail-ua1-f49.google.com (mail-ua1-f49.google.com
 [209.85.222.49])
	by imf07.hostedemail.com (Postfix) with ESMTP id A247E10000AC
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 20:35:59 +0000 (UTC)
Received: by mail-ua1-f49.google.com with SMTP id y5so7737717ual.7
        for <linux-mm@kvack.org>; Wed, 24 Nov 2021 12:36:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=eclypsium.com; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=w9yrnXVW7fLsQ4/ibJAh+IADQ8TwWuDDojbJ0M/0/YQ=;
        b=IeKkuqmpzc7FbuliSo1Jkk0NL2taaIL9TexbJpuO7ZfnxqvCCnopitrdpBqxhqfa/A
         ajbCs5QcgikFokXisFoykR36/mHxW7raz+YvC7Zj0gZEnARpRpTZeojOjHat2j2aBK1/
         AexHFUQoPNzcwmnixSLsjvcscdN1OrANqNg1vt4sUeUqkTcuHfIOHeBTzgv3QTER/fMo
         h7Ux1LzketDJiMswvVqeqSeM9o6D/rQY/pC9GDS1kKEzWdDNk7VHZSuRak3bUVkWY6es
         Q3B981PUoF41n39v7002Rk0Tzw14Xkc2t8ACUdfw2C+W5RIlrWeY13PWUdKBI59hEix1
         YOJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=w9yrnXVW7fLsQ4/ibJAh+IADQ8TwWuDDojbJ0M/0/YQ=;
        b=B0UfuBF5cSowSEih/HzkEjOwlpNtfTeh687yStyVjsXxqUBXl19FZY8cY+s8LXwVpg
         Y5oEtuP7pEpU1UWAJ+eE7RSYD3T9JucmudnMsUWKK6MYsrtGYInAnHcb0y28d26RgIfK
         GYvFF0KlNEMEKj0esGP4rpy4c6FJEln7VDX8WaCsKuNsUhOYSvWC8q9BjAPzx9dcXD6j
         sBy4BOCeJj1BLWkX+nZ2PHGY8BGGbQBW1vuKjq1L4ZWNq5/8mbIhgJFoyazorSREF3mp
         neWzxQsRh7HB/GRmO+7OGRCTNanPN/MmDhfN8huztHzhNIZerUfLEQGXVFCiHQGq12nP
         697A==
X-Gm-Message-State: AOAM53037tSGOas4/itjR71vFLlJ0ai9MLacsbAsdrb8vOL7KFFCTE18
	TCGiwHDfLS/aWvQaaKeT1uIYRWWW9hvOIHqt
X-Google-Smtp-Source: 
 ABdhPJw9o5WJJAkVra9gBNIjPVB8Rckw9rBSpE/TtszzPhkTaQOp/yrl/bbsNgkV50FMwbmiu18ifQ==
X-Received: by 2002:a67:ec94:: with SMTP id h20mr28122850vsp.59.1637786162106;
        Wed, 24 Nov 2021 12:36:02 -0800 (PST)
Received: from localhost (7-153-16-190.fibertel.com.ar. [190.16.153.7])
        by smtp.gmail.com with ESMTPSA id
 bl34sm570958vsb.31.2021.11.24.12.35.57
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 24 Nov 2021 12:36:01 -0800 (PST)
From: Martin Fernandez <martin.fernandez@eclypsium.com>
To: linux-efi@vger.kernel.org,
	platform-driver-x86@vger.kernel.org,
	linux-mm@kvack.org
Cc: tglx@linutronix.de,
	mingo@redhat.com,
	bp@alien8.de,
	x86@kernel.org,
	hpa@zytor.com,
	dave.hansen@linux.intel.com,
	luto@kernel.org,
	peterz@infradead.org,
	ardb@kernel.org,
	dvhart@infradead.org,
	andy@infradead.org,
	gregkh@linuxfoundation.org,
	rafael@kernel.org,
	daniel.gutson@eclypsium.com,
	hughsient@gmail.com,
	alison.schofield@intel.com,
	Martin Fernandez <martin.fernandez@eclypsium.com>
Subject: [PATCH v2 3/5] x86/e820: Tag e820_entry with crypto capabilities
Date: Wed, 24 Nov 2021 17:34:57 -0300
Message-Id: <20211124203459.4578-4-martin.fernandez@eclypsium.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20211124203459.4578-1-martin.fernandez@eclypsium.com>
References: <20211124203459.4578-1-martin.fernandez@eclypsium.com>
MIME-Version: 1.0
X-Stat-Signature: fhze4gf8ofs1he9ugmzcynrxjxi6yxux
X-Rspamd-Queue-Id: A247E10000AC
X-Rspamd-Server: rspam07
Authentication-Results: imf07.hostedemail.com;
	dkim=pass header.d=eclypsium.com header.s=google header.b=IeKkuqmp;
	spf=pass (imf07.hostedemail.com: domain of martin.fernandez@eclypsium.com
 designates 209.85.222.49 as permitted sender)
 smtp.mailfrom=martin.fernandez@eclypsium.com;
	dmarc=pass (policy=quarantine) header.from=eclypsium.com
X-HE-Tag: 1637786159-263922
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Add a new member in e820_entry to hold whether an entry is able to do
hardware memory encryption or not.

Add a new argument to __e820__range_add to accept this new
crypto_capable.

Add a new argument to __e820__update_range to be able to change a
region's crypto_capable member. Also, change its behavior a little,
before if you wanted to update a region with its same type it was a
BUG_ON; now if you call it with both old_type and new_type equals,
then the function won't change the types, just crypto_capable.

Change e820__update_table to handle merging and overlap problems
taking into account crypto_capable.

Add a function to mark a range as crypto, using __e820__range_update
in the background. This will be called when initializing EFI.

Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
---
 arch/x86/include/asm/e820/api.h   |  1 +
 arch/x86/include/asm/e820/types.h |  1 +
 arch/x86/kernel/e820.c            | 58 +++++++++++++++++++++++++------
 3 files changed, 49 insertions(+), 11 deletions(-)

diff --git a/arch/x86/include/asm/e820/api.h b/arch/x86/include/asm/e820/api.h
index e8f58ddd06d9..fdfe1c37dcfc 100644
--- a/arch/x86/include/asm/e820/api.h
+++ b/arch/x86/include/asm/e820/api.h
@@ -17,6 +17,7 @@ extern bool e820__mapped_all(u64 start, u64 end, enum e820_type type);
 extern void e820__range_add   (u64 start, u64 size, enum e820_type type);
 extern u64  e820__range_update(u64 start, u64 size, enum e820_type old_type, enum e820_type new_type);
 extern u64  e820__range_remove(u64 start, u64 size, enum e820_type old_type, bool check_type);
+extern u64  e820__range_mark_as_crypto(u64 start, u64 size);
 
 extern void e820__print_table(char *who);
 extern int  e820__update_table(struct e820_table *table);
diff --git a/arch/x86/include/asm/e820/types.h b/arch/x86/include/asm/e820/types.h
index 314f75d886d0..7b510dffd3b9 100644
--- a/arch/x86/include/asm/e820/types.h
+++ b/arch/x86/include/asm/e820/types.h
@@ -56,6 +56,7 @@ struct e820_entry {
 	u64			addr;
 	u64			size;
 	enum e820_type		type;
+	u8			crypto_capable;
 } __attribute__((packed));
 
 /*
diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
index bc0657f0deed..4581598690a9 100644
--- a/arch/x86/kernel/e820.c
+++ b/arch/x86/kernel/e820.c
@@ -163,7 +163,7 @@ int e820__get_entry_type(u64 start, u64 end)
 /*
  * Add a memory region to the kernel E820 map.
  */
-static void __init __e820__range_add(struct e820_table *table, u64 start, u64 size, enum e820_type type)
+static void __init __e820__range_add(struct e820_table *table, u64 start, u64 size, enum e820_type type, u8 crypto_capable)
 {
 	int x = table->nr_entries;
 
@@ -176,12 +176,13 @@ static void __init __e820__range_add(struct e820_table *table, u64 start, u64 si
 	table->entries[x].addr = start;
 	table->entries[x].size = size;
 	table->entries[x].type = type;
+	table->entries[x].crypto_capable = crypto_capable;
 	table->nr_entries++;
 }
 
 void __init e820__range_add(u64 start, u64 size, enum e820_type type)
 {
-	__e820__range_add(e820_table, start, size, type);
+	__e820__range_add(e820_table, start, size, type, 0);
 }
 
 static void __init e820_print_type(enum e820_type type)
@@ -211,6 +212,8 @@ void __init e820__print_table(char *who)
 			e820_table->entries[i].addr + e820_table->entries[i].size - 1);
 
 		e820_print_type(e820_table->entries[i].type);
+		if (e820_table->entries[i].crypto_capable)
+			pr_cont("; crypto-capable");
 		pr_cont("\n");
 	}
 }
@@ -327,6 +330,7 @@ int __init e820__update_table(struct e820_table *table)
 	unsigned long long last_addr;
 	u32 new_nr_entries, overlap_entries;
 	u32 i, chg_idx, chg_nr;
+	u8 current_crypto, last_crypto;
 
 	/* If there's only one memory region, don't bother: */
 	if (table->nr_entries < 2)
@@ -367,6 +371,7 @@ int __init e820__update_table(struct e820_table *table)
 	new_nr_entries = 0;	 /* Index for creating new map entries */
 	last_type = 0;		 /* Start with undefined memory type */
 	last_addr = 0;		 /* Start with 0 as last starting address */
+	last_crypto = 0;
 
 	/* Loop through change-points, determining effect on the new map: */
 	for (chg_idx = 0; chg_idx < chg_nr; chg_idx++) {
@@ -388,13 +393,17 @@ int __init e820__update_table(struct e820_table *table)
 		 * 1=usable, 2,3,4,4+=unusable)
 		 */
 		current_type = 0;
+		current_crypto = 1;
 		for (i = 0; i < overlap_entries; i++) {
+			current_crypto = current_crypto && overlap_list[i]->crypto_capable;
 			if (overlap_list[i]->type > current_type)
 				current_type = overlap_list[i]->type;
 		}
 
 		/* Continue building up new map based on this information: */
-		if (current_type != last_type || e820_nomerge(current_type)) {
+		if (current_type != last_type ||
+		    current_crypto != last_crypto ||
+		    e820_nomerge(current_type)) {
 			if (last_type != 0)	 {
 				new_entries[new_nr_entries].size = change_point[chg_idx]->addr - last_addr;
 				/* Move forward only if the new size was non-zero: */
@@ -406,9 +415,12 @@ int __init e820__update_table(struct e820_table *table)
 			if (current_type != 0)	{
 				new_entries[new_nr_entries].addr = change_point[chg_idx]->addr;
 				new_entries[new_nr_entries].type = current_type;
+				new_entries[new_nr_entries].crypto_capable = current_crypto;
+
 				last_addr = change_point[chg_idx]->addr;
 			}
 			last_type = current_type;
+			last_crypto = current_crypto;
 		}
 	}
 
@@ -459,14 +471,20 @@ static int __init append_e820_table(struct boot_e820_entry *entries, u32 nr_entr
 	return __append_e820_table(entries, nr_entries);
 }
 
+/*
+ * Update a memory range.
+ *
+ * If old_type and new_type are the same then ignore the types and
+ * just change crypto_capable.
+ */
 static u64 __init
-__e820__range_update(struct e820_table *table, u64 start, u64 size, enum e820_type old_type, enum e820_type new_type)
+__e820__range_update(struct e820_table *table, u64 start, u64 size, enum e820_type old_type, enum e820_type new_type, u8 crypto_capable)
 {
 	u64 end;
 	unsigned int i;
 	u64 real_updated_size = 0;
 
-	BUG_ON(old_type == new_type);
+	bool update_crypto = new_type == old_type;
 
 	if (size > (ULLONG_MAX - start))
 		size = ULLONG_MAX - start;
@@ -476,6 +494,8 @@ __e820__range_update(struct e820_table *table, u64 start, u64 size, enum e820_ty
 	e820_print_type(old_type);
 	pr_cont(" ==> ");
 	e820_print_type(new_type);
+	if (crypto_capable)
+		pr_cont("; crypto-capable");
 	pr_cont("\n");
 
 	for (i = 0; i < table->nr_entries; i++) {
@@ -483,22 +503,27 @@ __e820__range_update(struct e820_table *table, u64 start, u64 size, enum e820_ty
 		u64 final_start, final_end;
 		u64 entry_end;
 
-		if (entry->type != old_type)
+		if (entry->type != old_type && !update_crypto)
 			continue;
 
+		if (update_crypto)
+			new_type = entry->type;
+
 		entry_end = entry->addr + entry->size;
 
 		/* Completely covered by new range? */
 		if (entry->addr >= start && entry_end <= end) {
 			entry->type = new_type;
+			entry->crypto_capable = crypto_capable;
 			real_updated_size += entry->size;
 			continue;
 		}
 
 		/* New range is completely covered? */
 		if (entry->addr < start && entry_end > end) {
-			__e820__range_add(table, start, size, new_type);
-			__e820__range_add(table, end, entry_end - end, entry->type);
+			__e820__range_add(table, start, size, new_type, crypto_capable);
+			__e820__range_add(table, end, entry_end - end,
+					  entry->type, entry->crypto_capable);
 			entry->size = start - entry->addr;
 			real_updated_size += size;
 			continue;
@@ -510,7 +535,8 @@ __e820__range_update(struct e820_table *table, u64 start, u64 size, enum e820_ty
 		if (final_start >= final_end)
 			continue;
 
-		__e820__range_add(table, final_start, final_end - final_start, new_type);
+		__e820__range_add(table, final_start, final_end - final_start,
+				  new_type, crypto_capable);
 
 		real_updated_size += final_end - final_start;
 
@@ -527,14 +553,19 @@ __e820__range_update(struct e820_table *table, u64 start, u64 size, enum e820_ty
 	return real_updated_size;
 }
 
+u64 __init e820__range_mark_as_crypto(u64 start, u64 size)
+{
+	return __e820__range_update(e820_table, start, size, 0, 0, true);
+}
+
 u64 __init e820__range_update(u64 start, u64 size, enum e820_type old_type, enum e820_type new_type)
 {
-	return __e820__range_update(e820_table, start, size, old_type, new_type);
+	return __e820__range_update(e820_table, start, size, old_type, new_type, false);
 }
 
 static u64 __init e820__range_update_kexec(u64 start, u64 size, enum e820_type old_type, enum e820_type  new_type)
 {
-	return __e820__range_update(e820_table_kexec, start, size, old_type, new_type);
+	return __e820__range_update(e820_table_kexec, start, size, old_type, new_type, false);
 }
 
 /* Remove a range of memory from the E820 table: */
@@ -573,6 +604,9 @@ u64 __init e820__range_remove(u64 start, u64 size, enum e820_type old_type, bool
 		/* Is the new range completely covered? */
 		if (entry->addr < start && entry_end > end) {
 			e820__range_add(end, entry_end - end, entry->type);
+			if (entry->crypto_capable)
+				e820__range_mark_as_crypto(end, entry_end - end);
+
 			entry->size = start - entry->addr;
 			real_removed_size += size;
 			continue;
@@ -1322,6 +1356,8 @@ void __init e820__memblock_setup(void)
 			continue;
 
 		memblock_add(entry->addr, entry->size);
+		if (entry->crypto_capable)
+			memblock_mark_crypto_capable(entry->addr, entry->size);
 	}
 
 	/* Throw away partial pages: */

From patchwork Wed Nov 24 20:34:58 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martin Fernandez <martin.fernandez@eclypsium.com>
X-Patchwork-Id: 12637767
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 37BB8C433F5
	for <linux-mm@archiver.kernel.org>; Wed, 24 Nov 2021 20:37:54 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 0E6236B007E; Wed, 24 Nov 2021 15:36:27 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 06C406B0080; Wed, 24 Nov 2021 15:36:27 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E00776B0081; Wed, 24 Nov 2021 15:36:26 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0055.hostedemail.com
 [216.40.44.55])
	by kanga.kvack.org (Postfix) with ESMTP id CE7C66B007E
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 15:36:26 -0500 (EST)
Received: from smtpin13.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay01.hostedemail.com (Postfix) with ESMTP id 93032184967C1
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 20:36:16 +0000 (UTC)
X-FDA: 78844981152.13.F63F8F4
Received: from mail-vk1-f176.google.com (mail-vk1-f176.google.com
 [209.85.221.176])
	by imf29.hostedemail.com (Postfix) with ESMTP id 69EC29000266
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 20:36:13 +0000 (UTC)
Received: by mail-vk1-f176.google.com with SMTP id 84so2407572vkc.6
        for <linux-mm@kvack.org>; Wed, 24 Nov 2021 12:36:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=eclypsium.com; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=jY0dy/d5c8YPxh7NXvxGcRPu0/DQhp2j75dR0lO6H7o=;
        b=YKP1iGwN3dXHjgMjYuAi+DHERVJy5yD4KnnKwrrB8Vw3N9k95iuo+Uf6w1JpvVRCKO
         ypKQBdwzMGajAa/dYvxHesztyscRflbsqWDCEEDVSvuk3jaiGSCyU7Ndc3B9oVGs8KVL
         oJuaCHLwPOAtE4iy7/Rwet/lvfXVqiwfXn84SrBZTMEgDrzrfVjRejCi9zFZAHjBrAv/
         p43qJ+VwLr2gPe5XzhN5cqiqGcvM1QqM5h38aFAyI17GjiItGVs+l4IteLsLN+q6DHWM
         026avAx6elQMgxDoM+7TO2JzlYy567x3+N8gxH0MRR5EFU9UVTgrourfXEYlL7XZxMDA
         ZKpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=jY0dy/d5c8YPxh7NXvxGcRPu0/DQhp2j75dR0lO6H7o=;
        b=f2+hV68P9sNV3evnPz+61DicXxDic/5w6WuSLVh7RIQwpnXX6/3jdZ9csWAuqeLpvp
         5ej/JD+UOng8yW6Xh/lOiZUDCU8Hmif2i79zD7gi3VUzMzXPF0hOmVoXBz5wFZczX7LB
         cInPN9XesmjozSDzw28Bn66/uaSu4sI7tcI/wN+FZOfxDh0mr61qSdhoaqAYAz9MZF1Q
         uMNfgdA/7HT4MiLrSg0Pr9prObjgFR1Ryb9i0wYZKQJEiSQvi1mzDTu9GlYKsYIg2BVw
         qy/W3toDxxytWcRVF626dTY+arpME7ewLflp843DGAi2yixO4z6AwIj+O03jmwHhWTGs
         dbXg==
X-Gm-Message-State: AOAM530rFOAOIB9yehbHA9XxAgPfH5NH0nKwDu9MKiG0q597LWFev2xP
	wZ2g32z+SHD7SiG1AJSaq8rUeg==
X-Google-Smtp-Source: 
 ABdhPJzR0bwHzxnrsklT2ho3w5z0D589l6rvGmOY2zbPVUFKORG+kRx9hLglmOnTJtr7RU8cnD8Qdg==
X-Received: by 2002:a1f:9f04:: with SMTP id i4mr4918531vke.33.1637786175500;
        Wed, 24 Nov 2021 12:36:15 -0800 (PST)
Received: from localhost (7-153-16-190.fibertel.com.ar. [190.16.153.7])
        by smtp.gmail.com with ESMTPSA id c9sm601971uaf.12.2021.11.24.12.36.10
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 24 Nov 2021 12:36:15 -0800 (PST)
From: Martin Fernandez <martin.fernandez@eclypsium.com>
To: linux-efi@vger.kernel.org,
	platform-driver-x86@vger.kernel.org,
	linux-mm@kvack.org
Cc: tglx@linutronix.de,
	mingo@redhat.com,
	bp@alien8.de,
	x86@kernel.org,
	hpa@zytor.com,
	dave.hansen@linux.intel.com,
	luto@kernel.org,
	peterz@infradead.org,
	ardb@kernel.org,
	dvhart@infradead.org,
	andy@infradead.org,
	gregkh@linuxfoundation.org,
	rafael@kernel.org,
	daniel.gutson@eclypsium.com,
	hughsient@gmail.com,
	alison.schofield@intel.com,
	Martin Fernandez <martin.fernandez@eclypsium.com>
Subject: [PATCH v2 4/5] x86/efi: Tag e820_entries as crypto capable from EFI
 memmap
Date: Wed, 24 Nov 2021 17:34:58 -0300
Message-Id: <20211124203459.4578-5-martin.fernandez@eclypsium.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20211124203459.4578-1-martin.fernandez@eclypsium.com>
References: <20211124203459.4578-1-martin.fernandez@eclypsium.com>
MIME-Version: 1.0
X-Rspamd-Server: rspam12
X-Rspamd-Queue-Id: 69EC29000266
Authentication-Results: imf29.hostedemail.com;
	dkim=pass header.d=eclypsium.com header.s=google header.b=YKP1iGwN;
	dmarc=pass (policy=quarantine) header.from=eclypsium.com;
	spf=pass (imf29.hostedemail.com: domain of martin.fernandez@eclypsium.com
 designates 209.85.221.176 as permitted sender)
 smtp.mailfrom=martin.fernandez@eclypsium.com
X-Stat-Signature: h8tgn4oui5wr4q4nsnjubmp6iaefz5xh
X-HE-Tag: 1637786173-704586
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Add a function to iterate over the EFI Memory Map and mark the regions
tagged with EFI_MEMORY_CPU_CRYPTO in the e820_table; and call it from
efi_init if add_efi_memmap is disabled.

Also modify do_add_efi_memmap to mark the regions there.

Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
---
 arch/x86/platform/efi/efi.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index 147c30a81f15..8f52cde61688 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -184,6 +184,8 @@ static void __init do_add_efi_memmap(void)
 		}
 
 		e820__range_add(start, size, e820_type);
+		if (md->attribute & EFI_MEMORY_CPU_CRYPTO)
+			e820__range_mark_as_crypto(start, size);
 	}
 	e820__update_table(e820_table);
 }
@@ -441,6 +443,22 @@ static int __init efi_config_init(const efi_config_table_type_t *arch_tables)
 	return ret;
 }
 
+static void __init efi_mark_e820_regions_as_crypto_capable(void)
+{
+	efi_memory_desc_t *md;
+
+	for_each_efi_memory_desc(md) {
+		if (md->attribute & EFI_MEMORY_CPU_CRYPTO)
+			e820__range_mark_as_crypto(md->phys_addr, md->num_pages << EFI_PAGE_SHIFT);
+	}
+
+	/*
+	 * We added and modified regions so it's good to update the
+	 * table to merge/sort
+	 */
+	e820__update_table(e820_table);
+}
+
 void __init efi_init(void)
 {
 	if (IS_ENABLED(CONFIG_X86_32) &&
@@ -494,6 +512,13 @@ void __init efi_init(void)
 	set_bit(EFI_RUNTIME_SERVICES, &efi.flags);
 	efi_clean_memmap();
 
+	/*
+	 * If add_efi_memmap then there is no need to mark the regions
+	 * again
+	 */
+	if (!add_efi_memmap)
+		efi_mark_e820_regions_as_crypto_capable();
+
 	if (efi_enabled(EFI_DBG))
 		efi_print_memmap();
 }

From patchwork Wed Nov 24 20:34:59 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Martin Fernandez <martin.fernandez@eclypsium.com>
X-Patchwork-Id: 12637781
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D36D4C433EF
	for <linux-mm@archiver.kernel.org>; Wed, 24 Nov 2021 20:39:00 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 2DF206B0081; Wed, 24 Nov 2021 15:36:39 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 266E96B0082; Wed, 24 Nov 2021 15:36:39 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 0BAC96B0083; Wed, 24 Nov 2021 15:36:39 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0063.hostedemail.com
 [216.40.44.63])
	by kanga.kvack.org (Postfix) with ESMTP id ED4C06B0081
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 15:36:38 -0500 (EST)
Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id B527086E7F
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 20:36:28 +0000 (UTC)
X-FDA: 78844981656.16.AB38BFF
Received: from mail-ua1-f45.google.com (mail-ua1-f45.google.com
 [209.85.222.45])
	by imf12.hostedemail.com (Postfix) with ESMTP id 60C0C10003D7
	for <linux-mm@kvack.org>; Wed, 24 Nov 2021 20:36:28 +0000 (UTC)
Received: by mail-ua1-f45.google.com with SMTP id j14so7695071uan.10
        for <linux-mm@kvack.org>; Wed, 24 Nov 2021 12:36:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=eclypsium.com; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=a0bmQaOoWIKx1kavxDMlDEybQyi0u9rYz3ceRUr9+6k=;
        b=GXpulxUj/NTga06qjAE3HAjBWugm4oEzvW5KpfiAJvK6BjAZFCdV0CgjcB63DmEMHE
         E+dopXfEybcehbx/aOprHRE+ktamblL+WWYge6sP3tdkSKbK8Do14ykXWh5Ra+OURbwW
         KMGSRf0D8RIbTUOeEUjIoDMnt5YaOfEC6aXa2XwnWaLgujtezW0W4ltSpQ9OP1Rpzm2j
         LeT3Y7HCpscglgNU60UIZisIp5NqmxxLaJDBDNe/B0g85VFCCqN5238L4jhygqH5VZEh
         6QEOyMGoCLfB39NSPrMeFGEevI07bksUFAORTDZ+fO5iBhHuCP+/dB+329koc2bR35C2
         k+ug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=a0bmQaOoWIKx1kavxDMlDEybQyi0u9rYz3ceRUr9+6k=;
        b=lBEC/YmFwxYI1/Wj5Gje0sI8CLtVtQQPfZlQo/FOcScacoxD1ghqNGCNYzOev+l4Fc
         AfTKaPCdhopupirFjxyRB7JTbgG5DgUvKU1+pvt3KPedUo2W4wuRZE6JE7BdEzToiFdP
         7oUd30NsR1kHj2ffcLxsTOhaai4Zkf40TZkwP1Zn9fq9oByZxnO6OwYZrKHWV0FuLmFe
         73kp5UQEqhWUkfLsnehYVhhU65Kr548x4X42lIdaTwImPAhFfXiqkI/9Y/X+eBXTMHNv
         csymymxW372649nOOJUVD9bMVvXe0gGcL7OM5gN0eQte30NnaUWtCywthkwOgz9ogpC9
         sn2g==
X-Gm-Message-State: AOAM532X/QlrUtpFlqkFWMXsDPqDDR7bsvfmcYrjr5JDbG6inXlO+Q1M
	Uu/m3s0OBzjKD1MLAo9tfu8l7A==
X-Google-Smtp-Source: 
 ABdhPJwnwownuw1qWugehWIJfRfCAs5vic5yWR6x7sRWk1I0s28pWe14YmN8T1VHJJPqK28xF5g/7w==
X-Received: by 2002:a9f:3e43:: with SMTP id c3mr15227660uaj.29.1637786187676;
        Wed, 24 Nov 2021 12:36:27 -0800 (PST)
Received: from localhost (7-153-16-190.fibertel.com.ar. [190.16.153.7])
        by smtp.gmail.com with ESMTPSA id
 q20sm616962uae.17.2021.11.24.12.36.22
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 24 Nov 2021 12:36:27 -0800 (PST)
From: Martin Fernandez <martin.fernandez@eclypsium.com>
To: linux-efi@vger.kernel.org,
	platform-driver-x86@vger.kernel.org,
	linux-mm@kvack.org
Cc: tglx@linutronix.de,
	mingo@redhat.com,
	bp@alien8.de,
	x86@kernel.org,
	hpa@zytor.com,
	dave.hansen@linux.intel.com,
	luto@kernel.org,
	peterz@infradead.org,
	ardb@kernel.org,
	dvhart@infradead.org,
	andy@infradead.org,
	gregkh@linuxfoundation.org,
	rafael@kernel.org,
	daniel.gutson@eclypsium.com,
	hughsient@gmail.com,
	alison.schofield@intel.com,
	Martin Fernandez <martin.fernandez@eclypsium.com>
Subject: [PATCH v2 5/5] drivers/node: Show in sysfs node's crypto capabilities
Date: Wed, 24 Nov 2021 17:34:59 -0300
Message-Id: <20211124203459.4578-6-martin.fernandez@eclypsium.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20211124203459.4578-1-martin.fernandez@eclypsium.com>
References: <20211124203459.4578-1-martin.fernandez@eclypsium.com>
MIME-Version: 1.0
X-Stat-Signature: ncn8fz6enzrmysegcrud8cb3iuspru59
X-Rspamd-Queue-Id: 60C0C10003D7
X-Rspamd-Server: rspam07
Authentication-Results: imf12.hostedemail.com;
	dkim=pass header.d=eclypsium.com header.s=google header.b=GXpulxUj;
	spf=pass (imf12.hostedemail.com: domain of martin.fernandez@eclypsium.com
 designates 209.85.222.45 as permitted sender)
 smtp.mailfrom=martin.fernandez@eclypsium.com;
	dmarc=pass (policy=quarantine) header.from=eclypsium.com
X-HE-Tag: 1637786188-276430
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Show in each node in sysfs if its memory is able to do be encrypted by
the CPU, ie. if all its memory is marked with EFI_MEMORY_CPU_CRYPTO in
the EFI memory map.

Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
---
 Documentation/ABI/testing/sysfs-devices-node | 10 ++++++++++
 drivers/base/node.c                          | 10 ++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 Documentation/ABI/testing/sysfs-devices-node

diff --git a/Documentation/ABI/testing/sysfs-devices-node b/Documentation/ABI/testing/sysfs-devices-node
new file mode 100644
index 000000000000..ab46fdd3f6a8
--- /dev/null
+++ b/Documentation/ABI/testing/sysfs-devices-node
@@ -0,0 +1,10 @@
+What:		/sys/devices/system/node/nodeX/crypto_capable
+Date:		October 2021
+Contact:	Martin Fernandez <martin.fernandez@eclypsium.com>
+Users:		fwupd
+Description:
+		This value is 1 if all system memory in this node is
+		marked with EFI_MEMORY_CPU_CRYPTO, indicating that the
+		system memory is capable of being protected with the
+		CPU’s memory cryptographic capabilities. It is 0
+		otherwise.
\ No newline at end of file
diff --git a/drivers/base/node.c b/drivers/base/node.c
index c56d34f8158f..4e6ef86f4523 100644
--- a/drivers/base/node.c
+++ b/drivers/base/node.c
@@ -560,11 +560,21 @@ static ssize_t node_read_distance(struct device *dev,
 }
 static DEVICE_ATTR(distance, 0444, node_read_distance, NULL);
 
+static ssize_t crypto_capable_show(struct device *dev,
+				   struct device_attribute *attr, char *buf)
+{
+	struct pglist_data *pgdat = NODE_DATA(dev->id);
+
+	return sysfs_emit(buf, "%d\n", pgdat->crypto_capable);
+}
+static DEVICE_ATTR_RO(crypto_capable);
+
 static struct attribute *node_dev_attrs[] = {
 	&dev_attr_meminfo.attr,
 	&dev_attr_numastat.attr,
 	&dev_attr_distance.attr,
 	&dev_attr_vmstat.attr,
+	&dev_attr_crypto_capable.attr,
 	NULL
 };