From: Martin Fernandez <martin.fernandez@eclypsium.com>
To: linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org
Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
x86@kernel.org, hpa@zytor.com, dave.hansen@linux.intel.com,
luto@kernel.org, peterz@infradead.org, ardb@kernel.org,
dvhart@infradead.org, andy@infradead.org,
gregkh@linuxfoundation.org, rafael@kernel.org,
martin.fernandez@eclypsium.com, daniel.gutson@eclypsium.com,
hughsient@gmail.com
Subject: [PATCH v2 4/5] Mark e820_entries as crypto capable from EFI memmap
Date: Wed, 27 Oct 2021 16:55:10 -0300 [thread overview]
Message-ID: <20211027195511.207552-5-martin.fernandez@eclypsium.com> (raw)
In-Reply-To: <20211027195511.207552-1-martin.fernandez@eclypsium.com>
Iterate over the EFI memmap finding the contiguous regions that are
able to do hardware encryption (ie, those who have the
EFI_MEMORY_CPU_CRYPTO enabled) and mark those in the e820_table.
Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
---
arch/x86/platform/efi/efi.c | 109 ++++++++++++++++++++++++++++++++++++
1 file changed, 109 insertions(+)
diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index 147c30a81f15..6cd1c11dbdad 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -441,6 +441,113 @@ static int __init efi_config_init(const efi_config_table_type_t *arch_tables)
return ret;
}
+/*
+ * The contiguous_region type is used to help
+ * efi_mark_e820_regions_as_crypto_capable to pick all the contiguous
+ * regions that have the EFI_MEMORY_CPU_CRYPTO attribute, and call a
+ * function of the e820 module to mark those regions as being able to
+ * do hardware encryption.
+ *
+ * To use this properly the memory map must not have any overlapped
+ * regions and the regions should be sorted.
+ *
+ * cr in the function names stands for contiguous_region
+ */
+struct contiguous_region {
+ u64 start;
+ u64 end;
+};
+
+static void __init cr_init(struct contiguous_region *region)
+{
+ region->start = 0;
+ region->end = 0;
+}
+
+static void __init efi_md_to_cr(const efi_memory_desc_t *md,
+ struct contiguous_region *region)
+{
+ region->start = md->phys_addr;
+ region->end = md->phys_addr + (md->num_pages << EFI_PAGE_SHIFT) - 1;
+}
+
+static u64 __init cr_size(const struct contiguous_region *r)
+{
+ return r->end - r->start + 1;
+}
+
+static bool __init cr_is_empty(const struct contiguous_region *r)
+{
+ /*
+ * Since contiguous regions are built upon efi_memory_desc_t
+ * it is safe to say that a region is empty if its size is
+ * lower than the size of one EFI page.
+ */
+ return cr_size(r) < (1 << EFI_PAGE_SHIFT);
+}
+
+static bool __init cr_merge_regions(struct contiguous_region *region1,
+ const struct contiguous_region *region2)
+{
+ bool merged_result;
+
+ if (cr_is_empty(region1)) {
+ *region1 = *region2;
+ merged_result = true;
+ } else if (region1->end + 1 == region2->start) {
+ /* Extend region1 */
+ region1->end = region2->end;
+ merged_result = true;
+ } else {
+ merged_result = false;
+ }
+
+ return merged_result;
+}
+
+static void __init cr_mark_e820_as_crypto_capable(const struct contiguous_region *r)
+{
+ e820__mark_regions_as_crypto_capable(r->start, cr_size(r));
+}
+
+/*
+ * This assumes that there'll be no overlaps in the memory map
+ * (otherwise we'd have a deeper problem going on). It also assumes
+ * that the system DRAM regions are already sorted; in EDK2 based UEFI
+ * firmware the entries covering system DRAM are usually sorted, with
+ * additional MMIO entries appearing unordered. This is because the
+ * UEFI memory map is constructed from the GCD memory map, which is
+ * seeded with the DRAM regions at boot, and allocations are created
+ * by splitting them up.
+ */
+static void __init efi_mark_e820_regions_as_crypto_capable(void)
+{
+ efi_memory_desc_t *md;
+ struct contiguous_region prev_region;
+
+ cr_init(&prev_region);
+
+ for_each_efi_memory_desc(md) {
+ if (md->attribute & EFI_MEMORY_CPU_CRYPTO) {
+ struct contiguous_region cur_region;
+
+ efi_md_to_cr(md, &cur_region);
+
+ if (!cr_merge_regions(&prev_region, &cur_region)) {
+ cr_mark_e820_as_crypto_capable(&prev_region);
+ prev_region = cur_region;
+ } /* else: Merge succeeded, don't mark yet */
+ } else if (!cr_is_empty(&prev_region)) {
+ cr_mark_e820_as_crypto_capable(&prev_region);
+ cr_init(&prev_region);
+ } /* else: All previous regions are already marked */
+ }
+
+ /* Mark last region (if any) */
+ if (!cr_is_empty(&prev_region))
+ cr_mark_e820_as_crypto_capable(&prev_region);
+}
+
void __init efi_init(void)
{
if (IS_ENABLED(CONFIG_X86_32) &&
@@ -494,6 +601,8 @@ void __init efi_init(void)
set_bit(EFI_RUNTIME_SERVICES, &efi.flags);
efi_clean_memmap();
+ efi_mark_e820_regions_as_crypto_capable();
+
if (efi_enabled(EFI_DBG))
efi_print_memmap();
}
--
2.30.2
next prev parent reply other threads:[~2021-10-27 19:56 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-27 19:55 [PATCH v2 0/5] [RFC] x86: Export information about hardware memory encryption to sysfs Martin Fernandez
2021-10-27 19:55 ` [PATCH v2 1/5] Extend memblock to support memory encryption Martin Fernandez
2021-10-27 19:55 ` [PATCH v2 2/5] Extend pg_data_t to hold information about " Martin Fernandez
2021-10-27 19:55 ` [PATCH v2 3/5] Extend e820_table " Martin Fernandez
2021-10-27 19:55 ` Martin Fernandez [this message]
2021-10-27 19:55 ` [PATCH v2 5/5] Show in sysfs if a memory node is able to do " Martin Fernandez
2021-10-28 18:09 ` Dave Hansen
2021-10-27 20:21 ` [PATCH v2 0/5] [RFC] x86: Export information about hardware memory encryption to sysfs Dave Hansen
2021-10-28 14:28 ` Martin Fernandez
2021-10-28 14:55 ` Borislav Petkov
2021-10-28 16:03 ` Richard Hughes
2021-10-28 16:35 ` Borislav Petkov
2021-10-28 17:39 ` Martin Fernandez
2021-10-28 18:10 ` Borislav Petkov
2021-10-28 18:17 ` Dave Hansen
2021-10-29 17:08 ` Dave Hansen
2021-11-01 18:12 ` Martin Fernandez
2021-11-01 20:10 ` Martin Fernandez
2021-10-29 13:14 ` Richard Hughes
2021-10-28 15:24 ` Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211027195511.207552-5-martin.fernandez@eclypsium.com \
--to=martin.fernandez@eclypsium.com \
--cc=andy@infradead.org \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=daniel.gutson@eclypsium.com \
--cc=dave.hansen@linux.intel.com \
--cc=dvhart@infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=hughsient@gmail.com \
--cc=linux-efi@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=platform-driver-x86@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.