review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
	Tue, 22 Feb 2022 18:57:40 +0000 (21:57 +0300)
committer	Borislav Petkov <bp@suse.de>
	Wed, 23 Feb 2022 18:14:29 +0000 (19:14 +0100)
commit	b577f542f93cbba57f8d6185ef1fb13a41ddf162
tree	d64dab5aa4ad840955371fc024c3e0037929f682	tree \| snapshot
parent	655a0fa34b4f7ac6e2b1406fab15e52a7b6accb1	commit \| diff

x86/coco: Add API to handle encryption mask

AMD SME/SEV uses a bit in the page table entries to indicate that the
page is encrypted and not accessible to the VMM.

TDX uses a similar approach, but the polarity of the mask is opposite to
AMD: if the bit is set the page is accessible to VMM.

Provide vendor-neutral API to deal with the mask: cc_mkenc() and
cc_mkdec() modify given address to make it encrypted/decrypted. It can
be applied to phys_addr_t, pgprotval_t or page table entry value.

pgprot_encrypted() and pgprot_decrypted() reimplemented using new
helpers.

The implementation will be extended to cover TDX.

pgprot_decrypted() is used by drivers (i915, virtio_gpu, vfio).
cc_mkdec() called by pgprot_decrypted(). Export cc_mkdec().

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/r/20220222185740.26228-5-kirill.shutemov@linux.intel.com

arch/x86/coco/core.c		diff \| blob \| history
arch/x86/include/asm/coco.h		diff \| blob \| history
arch/x86/include/asm/pgtable.h		diff \| blob \| history
arch/x86/mm/mem_encrypt_identity.c		diff \| blob \| history
arch/x86/mm/pat/set_memory.c		diff \| blob \| history