2 * AMD Memory Encryption Support
4 * Copyright (C) 2016 Advanced Micro Devices, Inc.
6 * Author: Tom Lendacky <thomas.lendacky@amd.com>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
13 #define DISABLE_BRANCH_PROFILING
15 #include <linux/linkage.h>
16 #include <linux/init.h>
18 #include <linux/dma-direct.h>
19 #include <linux/swiotlb.h>
20 #include <linux/mem_encrypt.h>
22 #include <asm/tlbflush.h>
23 #include <asm/fixmap.h>
24 #include <asm/setup.h>
25 #include <asm/bootparam.h>
26 #include <asm/set_memory.h>
27 #include <asm/cacheflush.h>
28 #include <asm/processor-flags.h>
30 #include <asm/cmdline.h>
32 #include "mm_internal.h"
35 * Since SME related variables are set early in the boot process they must
36 * reside in the .data section so as not to be zeroed out when the .bss
37 * section is later cleared.
39 u64 sme_me_mask
__section(.data
) = 0;
40 EXPORT_SYMBOL(sme_me_mask
);
41 DEFINE_STATIC_KEY_FALSE(sev_enable_key
);
42 EXPORT_SYMBOL_GPL(sev_enable_key
);
44 bool sev_enabled
__section(.data
);
46 /* Buffer used for early in-place encryption by BSP, no locking needed */
47 static char sme_early_buffer
[PAGE_SIZE
] __aligned(PAGE_SIZE
);
50 * This routine does not change the underlying encryption setting of the
51 * page(s) that map this memory. It assumes that eventually the memory is
52 * meant to be accessed as either encrypted or decrypted but the contents
53 * are currently not in the desired state.
55 * This routine follows the steps outlined in the AMD64 Architecture
56 * Programmer's Manual Volume 2, Section 7.10.8 Encrypt-in-Place.
58 static void __init
__sme_early_enc_dec(resource_size_t paddr
,
59 unsigned long size
, bool enc
)
70 * There are limited number of early mapping slots, so map (at most)
74 len
= min_t(size_t, sizeof(sme_early_buffer
), size
);
77 * Create mappings for the current and desired format of
78 * the memory. Use a write-protected mapping for the source.
80 src
= enc
? early_memremap_decrypted_wp(paddr
, len
) :
81 early_memremap_encrypted_wp(paddr
, len
);
83 dst
= enc
? early_memremap_encrypted(paddr
, len
) :
84 early_memremap_decrypted(paddr
, len
);
87 * If a mapping can't be obtained to perform the operation,
88 * then eventual access of that area in the desired mode
94 * Use a temporary buffer, of cache-line multiple size, to
95 * avoid data corruption as documented in the APM.
97 memcpy(sme_early_buffer
, src
, len
);
98 memcpy(dst
, sme_early_buffer
, len
);
100 early_memunmap(dst
, len
);
101 early_memunmap(src
, len
);
108 void __init
sme_early_encrypt(resource_size_t paddr
, unsigned long size
)
110 __sme_early_enc_dec(paddr
, size
, true);
113 void __init
sme_early_decrypt(resource_size_t paddr
, unsigned long size
)
115 __sme_early_enc_dec(paddr
, size
, false);
118 static void __init
__sme_early_map_unmap_mem(void *vaddr
, unsigned long size
,
121 unsigned long paddr
= (unsigned long)vaddr
- __PAGE_OFFSET
;
122 pmdval_t pmd_flags
, pmd
;
124 /* Use early_pmd_flags but remove the encryption mask */
125 pmd_flags
= __sme_clr(early_pmd_flags
);
128 pmd
= map
? (paddr
& PMD_MASK
) + pmd_flags
: 0;
129 __early_make_pgtable((unsigned long)vaddr
, pmd
);
133 size
= (size
<= PMD_SIZE
) ? 0 : size
- PMD_SIZE
;
136 __native_flush_tlb();
139 void __init
sme_unmap_bootdata(char *real_mode_data
)
141 struct boot_params
*boot_data
;
142 unsigned long cmdline_paddr
;
147 /* Get the command line address before unmapping the real_mode_data */
148 boot_data
= (struct boot_params
*)real_mode_data
;
149 cmdline_paddr
= boot_data
->hdr
.cmd_line_ptr
| ((u64
)boot_data
->ext_cmd_line_ptr
<< 32);
151 __sme_early_map_unmap_mem(real_mode_data
, sizeof(boot_params
), false);
156 __sme_early_map_unmap_mem(__va(cmdline_paddr
), COMMAND_LINE_SIZE
, false);
159 void __init
sme_map_bootdata(char *real_mode_data
)
161 struct boot_params
*boot_data
;
162 unsigned long cmdline_paddr
;
167 __sme_early_map_unmap_mem(real_mode_data
, sizeof(boot_params
), true);
169 /* Get the command line address after mapping the real_mode_data */
170 boot_data
= (struct boot_params
*)real_mode_data
;
171 cmdline_paddr
= boot_data
->hdr
.cmd_line_ptr
| ((u64
)boot_data
->ext_cmd_line_ptr
<< 32);
176 __sme_early_map_unmap_mem(__va(cmdline_paddr
), COMMAND_LINE_SIZE
, true);
179 void __init
sme_early_init(void)
186 early_pmd_flags
= __sme_set(early_pmd_flags
);
188 __supported_pte_mask
= __sme_set(__supported_pte_mask
);
190 /* Update the protection map with memory encryption mask */
191 for (i
= 0; i
< ARRAY_SIZE(protection_map
); i
++)
192 protection_map
[i
] = pgprot_encrypted(protection_map
[i
]);
195 swiotlb_force
= SWIOTLB_FORCE
;
198 static void __init
__set_clr_pte_enc(pte_t
*kpte
, int level
, bool enc
)
200 pgprot_t old_prot
, new_prot
;
201 unsigned long pfn
, pa
, size
;
206 pfn
= pte_pfn(*kpte
);
207 old_prot
= pte_pgprot(*kpte
);
210 pfn
= pmd_pfn(*(pmd_t
*)kpte
);
211 old_prot
= pmd_pgprot(*(pmd_t
*)kpte
);
214 pfn
= pud_pfn(*(pud_t
*)kpte
);
215 old_prot
= pud_pgprot(*(pud_t
*)kpte
);
223 pgprot_val(new_prot
) |= _PAGE_ENC
;
225 pgprot_val(new_prot
) &= ~_PAGE_ENC
;
227 /* If prot is same then do nothing. */
228 if (pgprot_val(old_prot
) == pgprot_val(new_prot
))
231 pa
= pfn
<< page_level_shift(level
);
232 size
= page_level_size(level
);
235 * We are going to perform in-place en-/decryption and change the
236 * physical page attribute from C=1 to C=0 or vice versa. Flush the
237 * caches to ensure that data gets accessed with the correct C-bit.
239 clflush_cache_range(__va(pa
), size
);
241 /* Encrypt/decrypt the contents in-place */
243 sme_early_encrypt(pa
, size
);
245 sme_early_decrypt(pa
, size
);
247 /* Change the page encryption mask. */
248 new_pte
= pfn_pte(pfn
, new_prot
);
249 set_pte_atomic(kpte
, new_pte
);
252 static int __init
early_set_memory_enc_dec(unsigned long vaddr
,
253 unsigned long size
, bool enc
)
255 unsigned long vaddr_end
, vaddr_next
;
256 unsigned long psize
, pmask
;
257 int split_page_size_mask
;
262 vaddr_end
= vaddr
+ size
;
264 for (; vaddr
< vaddr_end
; vaddr
= vaddr_next
) {
265 kpte
= lookup_address(vaddr
, &level
);
266 if (!kpte
|| pte_none(*kpte
)) {
271 if (level
== PG_LEVEL_4K
) {
272 __set_clr_pte_enc(kpte
, level
, enc
);
273 vaddr_next
= (vaddr
& PAGE_MASK
) + PAGE_SIZE
;
277 psize
= page_level_size(level
);
278 pmask
= page_level_mask(level
);
281 * Check whether we can change the large page in one go.
282 * We request a split when the address is not aligned and
283 * the number of pages to set/clear encryption bit is smaller
284 * than the number of pages in the large page.
286 if (vaddr
== (vaddr
& pmask
) &&
287 ((vaddr_end
- vaddr
) >= psize
)) {
288 __set_clr_pte_enc(kpte
, level
, enc
);
289 vaddr_next
= (vaddr
& pmask
) + psize
;
294 * The virtual address is part of a larger page, create the next
295 * level page table mapping (4K or 2M). If it is part of a 2M
296 * page then we request a split of the large page into 4K
297 * chunks. A 1GB large page is split into 2M pages, resp.
299 if (level
== PG_LEVEL_2M
)
300 split_page_size_mask
= 0;
302 split_page_size_mask
= 1 << PG_LEVEL_2M
;
304 kernel_physical_mapping_init(__pa(vaddr
& pmask
),
305 __pa((vaddr_end
& pmask
) + psize
),
306 split_page_size_mask
);
316 int __init
early_set_memory_decrypted(unsigned long vaddr
, unsigned long size
)
318 return early_set_memory_enc_dec(vaddr
, size
, false);
321 int __init
early_set_memory_encrypted(unsigned long vaddr
, unsigned long size
)
323 return early_set_memory_enc_dec(vaddr
, size
, true);
327 * SME and SEV are very similar but they are not the same, so there are
328 * times that the kernel will need to distinguish between SME and SEV. The
329 * sme_active() and sev_active() functions are used for this. When a
330 * distinction isn't needed, the mem_encrypt_active() function can be used.
332 * The trampoline code is a good example for this requirement. Before
333 * paging is activated, SME will access all memory as decrypted, but SEV
334 * will access all memory as encrypted. So, when APs are being brought
335 * up under SME the trampoline area cannot be encrypted, whereas under SEV
336 * the trampoline area must be encrypted.
338 bool sme_active(void)
340 return sme_me_mask
&& !sev_enabled
;
342 EXPORT_SYMBOL(sme_active
);
344 bool sev_active(void)
346 return sme_me_mask
&& sev_enabled
;
348 EXPORT_SYMBOL(sev_active
);
350 /* Architecture __weak replacement functions */
351 void __init
mem_encrypt_init(void)
356 /* Call into SWIOTLB to update the SWIOTLB DMA buffers */
357 swiotlb_update_mem_attributes();
360 * With SEV, DMA operations cannot use encryption, we need to use
361 * SWIOTLB to bounce buffer DMA operation.
364 dma_ops
= &swiotlb_dma_ops
;
367 * With SEV, we need to unroll the rep string I/O instructions.
370 static_branch_enable(&sev_enable_key
);
372 pr_info("AMD %s active\n",
373 sev_active() ? "Secure Encrypted Virtualization (SEV)"
374 : "Secure Memory Encryption (SME)");