[PATCH v6 09/11] arm64: Enable memory encrypt for Realms
Gavin Shan
gshan at redhat.com
Mon Oct 7 19:56:36 PDT 2024
On 10/5/24 12:43 AM, Steven Price wrote:
> From: Suzuki K Poulose <suzuki.poulose at arm.com>
>
> Use the memory encryption APIs to trigger a RSI call to request a
> transition between protected memory and shared memory (or vice versa)
> and updating the kernel's linear map of modified pages to flip the top
> bit of the IPA. This requires that block mappings are not used in the
> direct map for realm guests.
>
> Signed-off-by: Suzuki K Poulose <suzuki.poulose at arm.com>
> Co-developed-by: Steven Price <steven.price at arm.com>
> Signed-off-by: Steven Price <steven.price at arm.com>
> Reviewed-by: Catalin Marinas <catalin.marinas at arm.com>
> ---
> Changes since v5:
> * Added comments and a WARN() in realm_set_memory_{en,de}crypted() to
> explain that memory is leaked if the transition fails. This means the
> callers no longer need to provide their own WARN.
> Changed since v4:
> * Reworked to use the new dispatcher for the mem_encrypt API
> Changes since v3:
> * Provide pgprot_{de,en}crypted() macros
> * Rename __set_memory_encrypted() to __set_memory_enc_dec() since it
> both encrypts and decrypts.
> Changes since v2:
> * Fix location of set_memory_{en,de}crypted() and export them.
> * Break-before-make when changing the top bit of the IPA for
> transitioning to/from shared.
> ---
> arch/arm64/Kconfig | 3 +
> arch/arm64/include/asm/mem_encrypt.h | 9 +++
> arch/arm64/include/asm/pgtable.h | 5 ++
> arch/arm64/include/asm/set_memory.h | 3 +
> arch/arm64/kernel/rsi.c | 16 +++++
> arch/arm64/mm/pageattr.c | 90 +++++++++++++++++++++++++++-
> 6 files changed, 123 insertions(+), 3 deletions(-)
>
Reviewed-by: Gavin Shan <gshan at redhat.com>
More information about the linux-arm-kernel
mailing list