x86/mm/mem_encrypt.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Memory Encryption Support Common Code
0004  *
0005  * Copyright (C) 2016 Advanced Micro Devices, Inc.
0006  *
0007  * Author: Tom Lendacky <thomas.lendacky@amd.com>
0008  */
0009
0010 #include <linux/dma-direct.h>
0011 #include <linux/dma-mapping.h>
0012 #include <linux/swiotlb.h>
0013 #include <linux/cc_platform.h>
0014 #include <linux/mem_encrypt.h>
0015
0016 /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */
0017 bool force_dma_unencrypted(struct device *dev)
0018 {
0019     /*
0020      * For SEV, all DMA must be to unencrypted addresses.
0021      */
0022     if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
0023         return true;
0024
0025     /*
0026      * For SME, all DMA must be to unencrypted addresses if the
0027      * device does not support DMA to addresses that include the
0028      * encryption mask.
0029      */
0030     if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
0031         u64 dma_enc_mask = DMA_BIT_MASK(__ffs64(sme_me_mask));
0032         u64 dma_dev_mask = min_not_zero(dev->coherent_dma_mask,
0033                         dev->bus_dma_limit);
0034
0035         if (dma_dev_mask <= dma_enc_mask)
0036             return true;
0037     }
0038
0039     return false;
0040 }
0041
0042 static void print_mem_encrypt_feature_info(void)
0043 {
0044     pr_info("Memory Encryption Features active:");
0045
0046     if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
0047         pr_cont(" Intel TDX\n");
0048         return;
0049     }
0050
0051     pr_cont(" AMD");
0052
0053     /* Secure Memory Encryption */
0054     if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
0055         /*
0056          * SME is mutually exclusive with any of the SEV
0057          * features below.
0058          */
0059         pr_cont(" SME\n");
0060         return;
0061     }
0062
0063     /* Secure Encrypted Virtualization */
0064     if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
0065         pr_cont(" SEV");
0066
0067     /* Encrypted Register State */
0068     if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
0069         pr_cont(" SEV-ES");
0070
0071     /* Secure Nested Paging */
0072     if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
0073         pr_cont(" SEV-SNP");
0074
0075     pr_cont("\n");
0076 }
0077
0078 /* Architecture __weak replacement functions */
0079 void __init mem_encrypt_init(void)
0080 {
0081     if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT))
0082         return;
0083
0084     /* Call into SWIOTLB to update the SWIOTLB DMA buffers */
0085     swiotlb_update_mem_attributes();
0086
0087     print_mem_encrypt_feature_info();
0088 }