Google Git
Sign in
android-kvm / linux / refs/heads/smostafa/android15-6.6-dev-assign-rework / . / arch / arm64 / mm / mem_encrypt.c
blob: 53a2acaf1bb4d475e2358f0669ef8edc010d81c4 [file] [log] [blame] [edit]
/* SPDX-License-Identifier: GPL-2.0-only */
/*
* Implementation of the memory encryption/decryption API.
*
* Amusingly, no crypto is actually performed. Rather, we call into the
* hypervisor component of KVM to expose pages selectively to the host
* for virtio "DMA" operations. In other words, "encrypted" pages are
* not accessible to the host, whereas "decrypted" pages are.
*
* Author: Will Deacon <will@kernel.org>
*/
#include <linux/arm-smccc.h>
#include <linux/mem_encrypt.h>
#include <linux/memory.h>
#include <linux/mm.h>
#include <linux/set_memory.h>
#include <linux/types.h>
#include <asm/hypervisor.h>
#ifndef ARM_SMCCC_KVM_FUNC_HYP_MEMINFO
#define ARM_SMCCC_KVM_FUNC_HYP_MEMINFO 2
#define ARM_SMCCC_VENDOR_HYP_KVM_HYP_MEMINFO_FUNC_ID \
ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
ARM_SMCCC_SMC_64, \
ARM_SMCCC_OWNER_VENDOR_HYP, \
ARM_SMCCC_KVM_FUNC_HYP_MEMINFO)
#endif /* ARM_SMCCC_KVM_FUNC_HYP_MEMINFO */
#ifndef ARM_SMCCC_KVM_FUNC_MEM_SHARE
#define ARM_SMCCC_KVM_FUNC_MEM_SHARE 3
#define ARM_SMCCC_VENDOR_HYP_KVM_MEM_SHARE_FUNC_ID \
ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
ARM_SMCCC_SMC_64, \
ARM_SMCCC_OWNER_VENDOR_HYP, \
ARM_SMCCC_KVM_FUNC_MEM_SHARE)
#endif /* ARM_SMCCC_KVM_FUNC_MEM_SHARE */
#ifndef ARM_SMCCC_KVM_FUNC_MEM_UNSHARE
#define ARM_SMCCC_KVM_FUNC_MEM_UNSHARE 4
#define ARM_SMCCC_VENDOR_HYP_KVM_MEM_UNSHARE_FUNC_ID \
ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, \
ARM_SMCCC_SMC_64, \
ARM_SMCCC_OWNER_VENDOR_HYP, \
ARM_SMCCC_KVM_FUNC_MEM_UNSHARE)
#endif /* ARM_SMCCC_KVM_FUNC_MEM_UNSHARE */
static unsigned long memshare_granule_sz;
static bool memshare_has_range;
bool mem_encrypt_active(void)
{
return memshare_granule_sz;
}
EXPORT_SYMBOL(mem_encrypt_active);
void kvm_init_memshare_services(void)
{
int i;
struct arm_smccc_res res;
const u32 funcs[] = {
ARM_SMCCC_KVM_FUNC_HYP_MEMINFO,
ARM_SMCCC_KVM_FUNC_MEM_SHARE,
ARM_SMCCC_KVM_FUNC_MEM_UNSHARE,
};
long ret;
for (i = 0; i < ARRAY_SIZE(funcs); ++i) {
if (!kvm_arm_hyp_service_available(funcs[i]))
return;
}
arm_smccc_1_1_invoke(ARM_SMCCC_VENDOR_HYP_KVM_HYP_MEMINFO_FUNC_ID,
0, 0, 0, &res);
ret = (long)res.a0;
if (ret < 0)
return;
memshare_has_range = res.a1 & KVM_FUNC_HAS_RANGE;
memshare_granule_sz = ret;
}
static int __invoke_memshare(unsigned long addr, int nr_granules, int func_id,
u64 *nr_xcrypted)
{
u64 nr_granules_arg = memshare_has_range ? nr_granules : 0;
struct arm_smccc_res res;
arm_smccc_1_1_invoke(func_id, virt_to_phys((void *)addr),
nr_granules_arg, 0, &res);
if (WARN_ON(res.a0 != SMCCC_RET_SUCCESS))
return -EPERM;
*nr_xcrypted = memshare_has_range ? res.a1 : 1;
return 0;
}
static int set_memory_xcrypted(u32 func_id, unsigned long start, int numpages)
{
int nr_granules;
if (!memshare_granule_sz)
return 0;
if (WARN_ON(!PAGE_ALIGNED(start)))
return -EINVAL;
/* Prevent over-sharing when memshare_granule_sz > PAGE_SIZE */
if (!IS_ALIGNED(start, memshare_granule_sz) ||
(PAGE_SIZE * numpages) % memshare_granule_sz)
return -ERANGE;
nr_granules = (numpages * PAGE_SIZE) / memshare_granule_sz;
while (nr_granules > 0) {
u64 nr_xcrypted;
int ret;
ret = __invoke_memshare(start, nr_granules, func_id, &nr_xcrypted);
if (ret)
return ret;
WARN_ON(nr_xcrypted > nr_granules);
nr_granules -= nr_xcrypted;
start += nr_xcrypted * memshare_granule_sz;
}
return 0;
}
int set_memory_encrypted(unsigned long addr, int numpages)
{
return set_memory_xcrypted(ARM_SMCCC_VENDOR_HYP_KVM_MEM_UNSHARE_FUNC_ID,
addr, numpages);
}
EXPORT_SYMBOL_GPL(set_memory_encrypted);
int set_memory_decrypted(unsigned long addr, int numpages)
{
return set_memory_xcrypted(ARM_SMCCC_VENDOR_HYP_KVM_MEM_SHARE_FUNC_ID,
addr, numpages);
}
EXPORT_SYMBOL_GPL(set_memory_decrypted);