mem_encrypt.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt

mem_encrypt.c (2038B)

      1// SPDX-License-Identifier: GPL-2.0-only
      2/*
      3 * Memory Encryption Support Common Code
      4 *
      5 * Copyright (C) 2016 Advanced Micro Devices, Inc.
      6 *
      7 * Author: Tom Lendacky <thomas.lendacky@amd.com>
      8 */
      9
     10#include <linux/dma-direct.h>
     11#include <linux/dma-mapping.h>
     12#include <linux/swiotlb.h>
     13#include <linux/cc_platform.h>
     14#include <linux/mem_encrypt.h>
     15
     16/* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */
     17bool force_dma_unencrypted(struct device *dev)
     18{
     19	/*
     20	 * For SEV, all DMA must be to unencrypted addresses.
     21	 */
     22	if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
     23		return true;
     24
     25	/*
     26	 * For SME, all DMA must be to unencrypted addresses if the
     27	 * device does not support DMA to addresses that include the
     28	 * encryption mask.
     29	 */
     30	if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
     31		u64 dma_enc_mask = DMA_BIT_MASK(__ffs64(sme_me_mask));
     32		u64 dma_dev_mask = min_not_zero(dev->coherent_dma_mask,
     33						dev->bus_dma_limit);
     34
     35		if (dma_dev_mask <= dma_enc_mask)
     36			return true;
     37	}
     38
     39	return false;
     40}
     41
     42static void print_mem_encrypt_feature_info(void)
     43{
     44	pr_info("Memory Encryption Features active:");
     45
     46	if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
     47		pr_cont(" Intel TDX\n");
     48		return;
     49	}
     50
     51	pr_cont(" AMD");
     52
     53	/* Secure Memory Encryption */
     54	if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
     55		/*
     56		 * SME is mutually exclusive with any of the SEV
     57		 * features below.
     58		 */
     59		pr_cont(" SME\n");
     60		return;
     61	}
     62
     63	/* Secure Encrypted Virtualization */
     64	if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
     65		pr_cont(" SEV");
     66
     67	/* Encrypted Register State */
     68	if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
     69		pr_cont(" SEV-ES");
     70
     71	/* Secure Nested Paging */
     72	if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
     73		pr_cont(" SEV-SNP");
     74
     75	pr_cont("\n");
     76}
     77
     78/* Architecture __weak replacement functions */
     79void __init mem_encrypt_init(void)
     80{
     81	if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT))
     82		return;
     83
     84	/* Call into SWIOTLB to update the SWIOTLB DMA buffers */
     85	swiotlb_update_mem_attributes();
     86
     87	print_mem_encrypt_feature_info();
     88}