On 10/5/24 12:43 AM, Steven Price wrote:
From: Suzuki K Poulose <suzuki.poulose@xxxxxxx>
Use the memory encryption APIs to trigger a RSI call to request a
transition between protected memory and shared memory (or vice versa)
and updating the kernel's linear map of modified pages to flip the top
bit of the IPA. This requires that block mappings are not used in the
direct map for realm guests.
Signed-off-by: Suzuki K Poulose <suzuki.poulose@xxxxxxx>
Co-developed-by: Steven Price <steven.price@xxxxxxx>
Signed-off-by: Steven Price <steven.price@xxxxxxx>
Reviewed-by: Catalin Marinas <catalin.marinas@xxxxxxx>
---
Changes since v5:
* Added comments and a WARN() in realm_set_memory_{en,de}crypted() to
explain that memory is leaked if the transition fails. This means the
callers no longer need to provide their own WARN.
Changed since v4:
* Reworked to use the new dispatcher for the mem_encrypt API
Changes since v3:
* Provide pgprot_{de,en}crypted() macros
* Rename __set_memory_encrypted() to __set_memory_enc_dec() since it
both encrypts and decrypts.
Changes since v2:
* Fix location of set_memory_{en,de}crypted() and export them.
* Break-before-make when changing the top bit of the IPA for
transitioning to/from shared.
---
arch/arm64/Kconfig | 3 +
arch/arm64/include/asm/mem_encrypt.h | 9 +++
arch/arm64/include/asm/pgtable.h | 5 ++
arch/arm64/include/asm/set_memory.h | 3 +
arch/arm64/kernel/rsi.c | 16 +++++
arch/arm64/mm/pageattr.c | 90 +++++++++++++++++++++++++++-
6 files changed, 123 insertions(+), 3 deletions(-)
Reviewed-by: Gavin Shan <gshan@xxxxxxxxxx>
