From: Martin Fernandez <martin.fernandez@eclypsium.com>
To: Mike Rapoport <rppt@kernel.org>
Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
platform-driver-x86@vger.kernel.org, linux-mm@kvack.org,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
ardb@kernel.org, dvhart@infradead.org, andy@infradead.org,
gregkh@linuxfoundation.org, rafael@kernel.org,
akpm@linux-foundation.org, daniel.gutson@eclypsium.com,
hughsient@gmail.com, alex.bazhaniuk@eclypsium.com,
alison.schofield@intel.com, keescook@chromium.org
Subject: Re: [PATCH v7 1/8] mm/memblock: Tag memblocks with crypto capabilities
Date: Tue, 26 Apr 2022 09:59:04 -0300 [thread overview]
Message-ID: <CAKgze5YwTD3neYjKNZzLz6DLWxpGPohGCDGT6oJn-KUdAxyCfg@mail.gmail.com> (raw)
In-Reply-To: <YmeM5fklUssR/74e@kernel.org>
On 4/26/22, Mike Rapoport <rppt@kernel.org> wrote:
> On Mon, Apr 25, 2022 at 02:15:19PM -0300, Martin Fernandez wrote:
>> Add the capability to mark regions of the memory memory_type able of
>> hardware memory encryption.
>>
>> Also add the capability to query if all regions of a memory node are
>> able to do hardware memory encryption to call it when initializing the
>> nodes. Warn the user if a node has both encryptable and
>> non-encryptable regions.
>>
>> Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
>> ---
>> include/linux/memblock.h | 5 ++++
>> mm/memblock.c | 62 ++++++++++++++++++++++++++++++++++++++++
>> 2 files changed, 67 insertions(+)
>>
>> diff --git a/include/linux/memblock.h b/include/linux/memblock.h
>> index 50ad19662a32..00c4f1a20335 100644
>> --- a/include/linux/memblock.h
>> +++ b/include/linux/memblock.h
>> @@ -40,6 +40,7 @@ extern unsigned long long max_possible_pfn;
>> * via a driver, and never indicated in the firmware-provided memory map
>> as
>> * system RAM. This corresponds to IORESOURCE_SYSRAM_DRIVER_MANAGED in
>> the
>> * kernel resource tree.
>> + * @MEMBLOCK_CRYPTO_CAPABLE: capable of hardware encryption
>> */
>> enum memblock_flags {
>> MEMBLOCK_NONE = 0x0, /* No special request */
>> @@ -47,6 +48,7 @@ enum memblock_flags {
>> MEMBLOCK_MIRROR = 0x2, /* mirrored region */
>> MEMBLOCK_NOMAP = 0x4, /* don't add to kernel direct mapping */
>> MEMBLOCK_DRIVER_MANAGED = 0x8, /* always detected via a driver */
>> + MEMBLOCK_CRYPTO_CAPABLE = 0x10, /* capable of hardware encryption */
>> };
>>
>> /**
>> @@ -120,6 +122,9 @@ int memblock_physmem_add(phys_addr_t base, phys_addr_t
>> size);
>> void memblock_trim_memory(phys_addr_t align);
>> bool memblock_overlaps_region(struct memblock_type *type,
>> phys_addr_t base, phys_addr_t size);
>> +bool memblock_node_is_crypto_capable(int nid);
>> +int memblock_mark_crypto_capable(phys_addr_t base, phys_addr_t size);
>> +int memblock_clear_crypto_capable(phys_addr_t base, phys_addr_t size);
>> int memblock_mark_hotplug(phys_addr_t base, phys_addr_t size);
>> int memblock_clear_hotplug(phys_addr_t base, phys_addr_t size);
>> int memblock_mark_mirror(phys_addr_t base, phys_addr_t size);
>> diff --git a/mm/memblock.c b/mm/memblock.c
>> index e4f03a6e8e56..fe62f81572e6 100644
>> --- a/mm/memblock.c
>> +++ b/mm/memblock.c
>> @@ -191,6 +191,40 @@ bool __init_memblock memblock_overlaps_region(struct
>> memblock_type *type,
>> return i < type->cnt;
>> }
>>
>> +/**
>> + * memblock_node_is_crypto_capable - get if whole node is capable
>> + * of encryption
>> + * @nid: number of node
>> + *
>> + * Iterate over all memory memblock_type and find if all regions under
>> + * node @nid are capable of hardware encryption.
>> + *
>> + * Return:
>> + * true if every region in memory memblock_type is capable of
>
> I'd s/in memory memblock_type/in @nid
>
Good, thanks.
>> + * encryption, false otherwise.
>> + */
>> +bool __init_memblock memblock_node_is_crypto_capable(int nid)
>> +{
>> + struct memblock_region *region;
>> + int crypto_capables = 0;
>> + int not_crypto_capables = 0;
>> +
>> + for_each_mem_region(region) {
>> + if (memblock_get_region_node(region) == nid) {
>> + if (region->flags & MEMBLOCK_CRYPTO_CAPABLE)
>> + crypto_capables++;
>> + else
>> + not_crypto_capables++;
>> + }
>> + }
>> +
>> + if (crypto_capables > 0 && not_crypto_capables > 0)
>> + pr_warn("Node %d has %d regions that are encryptable and %d regions
>> that aren't",
>> + nid, not_crypto_capables, crypto_capables);
>> +
>> + return not_crypto_capables == 0;
>
> This will return true for memoryless nodes as well. Do you mean to consider
> them as capable of encryption?
>
Not really, I didn't think about that to be honest. I don't think it's
a good idea to consider them as capable, right?
next prev parent reply other threads:[~2022-04-26 13:00 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-25 17:15 [PATCH v7 0/8] x86: Show in sysfs if a memory node is able to do encryption Martin Fernandez
2022-04-25 17:15 ` [PATCH v7 1/8] mm/memblock: Tag memblocks with crypto capabilities Martin Fernandez
2022-04-26 6:10 ` Mike Rapoport
2022-04-26 12:59 ` Martin Fernandez [this message]
2022-04-26 13:20 ` Mike Rapoport
2022-04-26 13:25 ` Daniel Gutson
2022-04-25 17:15 ` [PATCH v7 2/8] mm/mmzone: Tag pg_data_t " Martin Fernandez
2022-04-26 6:16 ` Mike Rapoport
2022-04-25 17:15 ` [PATCH v7 3/8] x86/e820: Add infrastructure to refactor e820__range_{update,remove} Martin Fernandez
2022-04-25 17:15 ` [PATCH v7 4/8] x86/e820: Refactor __e820__range_update Martin Fernandez
2022-04-25 17:15 ` [PATCH v7 5/8] x86/e820: Refactor e820__range_remove Martin Fernandez
2022-04-26 15:10 ` Dave Hansen
2022-04-26 17:37 ` Martin Fernandez
2022-04-26 17:55 ` Dave Hansen
2022-04-25 17:15 ` [PATCH v7 6/8] x86/e820: Tag e820_entry with crypto capabilities Martin Fernandez
2022-04-25 17:15 ` [PATCH v7 7/8] x86/efi: Mark e820_entries as crypto capable from EFI memmap Martin Fernandez
2022-04-25 17:15 ` [PATCH v7 8/8] drivers/node: Show in sysfs node's crypto capabilities Martin Fernandez
2022-04-26 6:16 ` Mike Rapoport
2022-04-26 13:01 ` Martin Fernandez
2022-04-25 17:23 ` [PATCH v7 0/8] x86: Show in sysfs if a memory node is able to do encryption Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAKgze5YwTD3neYjKNZzLz6DLWxpGPohGCDGT6oJn-KUdAxyCfg@mail.gmail.com \
--to=martin.fernandez@eclypsium.com \
--cc=akpm@linux-foundation.org \
--cc=alex.bazhaniuk@eclypsium.com \
--cc=alison.schofield@intel.com \
--cc=andy@infradead.org \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=daniel.gutson@eclypsium.com \
--cc=dave.hansen@linux.intel.com \
--cc=dvhart@infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=hughsient@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=platform-driver-x86@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=rppt@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.