• Tom Lendacky's avatar
    x86/mm: Provide general kernel support for memory encryption · 21729f81
    Tom Lendacky authored
    Changes to the existing page table macros will allow the SME support to
    be enabled in a simple fashion with minimal changes to files that use these
    macros.  Since the memory encryption mask will now be part of the regular
    pagetable macros, we introduce two new macros (_PAGE_TABLE_NOENC and
    _KERNPG_TABLE_NOENC) to allow for early pagetable creation/initialization
    without the encryption mask before SME becomes active.  Two new pgprot()
    macros are defined to allow setting or clearing the page encryption mask.
    
    The FIXMAP_PAGE_NOCACHE define is introduced for use with MMIO.  SME does
    not support encryption for MMIO areas so this define removes the encryption
    mask from the page attribute.
    
    Two new macros are introduced (__sme_pa() / __sme_pa_nodebug()) to allow
    creating a physical address with the encryption mask.  These are used when
    working with the cr3 register so that the PGD can be encrypted. The current
    __va() macro is updated so that the virtual address is generated based off
    of the physical address without the encryption mask thus allowing the same
    virtual address to be generated regardless of whether encryption is enabled
    for that physical location or not.
    
    Also, an early initialization function is added for SME.  If SME is active,
    this function:
    
     - Updates the early_pmd_flags so that early page faults create mappings
       with the encryption mask.
    
     - Updates the __supported_pte_mask to include the encryption mask.
    
     - Updates the protection_map entries to include the encryption mask so
       that user-space allocations will automatically have the encryption mask
       applied.
    Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
    Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
    Cc: Alexander Potapenko <glider@google.com>
    Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Arnd Bergmann <arnd@arndb.de>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Brijesh Singh <brijesh.singh@amd.com>
    Cc: Dave Young <dyoung@redhat.com>
    Cc: Dmitry Vyukov <dvyukov@google.com>
    Cc: Jonathan Corbet <corbet@lwn.net>
    Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Cc: Larry Woodman <lwoodman@redhat.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Matt Fleming <matt@codeblueprint.co.uk>
    Cc: Michael S. Tsirkin <mst@redhat.com>
    Cc: Paolo Bonzini <pbonzini@redhat.com>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Radim Krčmář <rkrcmar@redhat.com>
    Cc: Rik van Riel <riel@redhat.com>
    Cc: Toshimitsu Kani <toshi.kani@hpe.com>
    Cc: kasan-dev@googlegroups.com
    Cc: kvm@vger.kernel.org
    Cc: linux-arch@vger.kernel.org
    Cc: linux-doc@vger.kernel.org
    Cc: linux-efi@vger.kernel.org
    Cc: linux-mm@kvack.org
    Link: http://lkml.kernel.org/r/b36e952c4c39767ae7f0a41cf5345adf27438480.1500319216.git.thomas.lendacky@amd.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
    21729f81
mem_encrypt.c 1.09 KB