From: Martin Fernandez <martin.fernandez@eclypsium.com>
To: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
platform-driver-x86@vger.kernel.org, linux-mm@kvack.org
Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
ardb@kernel.org, dvhart@infradead.org, andy@infradead.org,
gregkh@linuxfoundation.org, rafael@kernel.org, rppt@kernel.org,
akpm@linux-foundation.org, daniel.gutson@eclypsium.com,
hughsient@gmail.com, alex.bazhaniuk@eclypsium.com,
alison.schofield@intel.com, keescook@chromium.org,
Martin Fernandez <martin.fernandez@eclypsium.com>
Subject: [PATCH v8 7/8] x86/efi: Mark e820_entries as crypto capable from EFI memmap
Date: Fri, 29 Apr 2022 17:17:16 -0300 [thread overview]
Message-ID: <20220429201717.1946178-8-martin.fernandez@eclypsium.com> (raw)
In-Reply-To: <20220429201717.1946178-1-martin.fernandez@eclypsium.com>
Add a function to iterate over the EFI Memory Map and mark the regions
tagged with EFI_MEMORY_CPU_CRYPTO in the e820_table; and call it from
efi_init if add_efi_memmap is disabled.
Also modify do_add_efi_memmap to mark the regions there.
If add_efi_memmap is false, also check that the e820_table has enough
size to (possibly) store also the EFI memmap.
Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
---
arch/x86/platform/efi/efi.c | 37 +++++++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index 147c30a81f15..3efa1c620c75 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -184,6 +184,8 @@ static void __init do_add_efi_memmap(void)
}
e820__range_add(start, size, e820_type);
+ if (md->attribute & EFI_MEMORY_CPU_CRYPTO)
+ e820__range_set_crypto_capable(start, size);
}
e820__update_table(e820_table);
}
@@ -441,6 +443,34 @@ static int __init efi_config_init(const efi_config_table_type_t *arch_tables)
return ret;
}
+static void __init efi_mark_e820_regions_as_crypto_capable(void)
+{
+ efi_memory_desc_t *md;
+
+ /*
+ * Calling e820__range_set_crypto_capable several times
+ * creates a bunch of entries in the E820 table. They probably
+ * will get merged when calling update_table but we need the
+ * space there anyway
+ */
+ if (efi.memmap.nr_map + e820_table->nr_entries >= E820_MAX_ENTRIES) {
+ pr_err_once("E820 table is not large enough to fit EFI memmap; not marking entries as crypto capable\n");
+ return;
+ }
+
+ for_each_efi_memory_desc(md) {
+ if (md->attribute & EFI_MEMORY_CPU_CRYPTO)
+ e820__range_set_crypto_capable(md->phys_addr,
+ md->num_pages << EFI_PAGE_SHIFT);
+ }
+
+ /*
+ * We added and modified regions so it's good to update the
+ * table to merge/sort
+ */
+ e820__update_table(e820_table);
+}
+
void __init efi_init(void)
{
if (IS_ENABLED(CONFIG_X86_32) &&
@@ -494,6 +524,13 @@ void __init efi_init(void)
set_bit(EFI_RUNTIME_SERVICES, &efi.flags);
efi_clean_memmap();
+ /*
+ * If add_efi_memmap then there is no need to mark the regions
+ * again
+ */
+ if (!add_efi_memmap)
+ efi_mark_e820_regions_as_crypto_capable();
+
if (efi_enabled(EFI_DBG))
efi_print_memmap();
}
--
2.30.2
next prev parent reply other threads:[~2022-04-29 20:18 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-29 20:17 [PATCH v8 0/8] x86: Show in sysfs if a memory node is able to do encryption Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 1/8] mm/memblock: Tag memblocks with crypto capabilities Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 2/8] mm/mmzone: Tag pg_data_t " Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 3/8] x86/e820: Add infrastructure to refactor e820__range_{update,remove} Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 4/8] x86/e820: Refactor __e820__range_update Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 5/8] x86/e820: Refactor e820__range_remove Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 6/8] x86/e820: Tag e820_entry with crypto capabilities Martin Fernandez
2022-04-29 20:17 ` Martin Fernandez [this message]
2022-04-29 20:17 ` [PATCH v8 8/8] drivers/node: Show in sysfs node's " Martin Fernandez
2022-05-04 16:38 ` [PATCH v8 0/8] x86: Show in sysfs if a memory node is able to do encryption Borislav Petkov
2022-05-04 17:18 ` Martin Fernandez
2022-05-06 12:44 ` Borislav Petkov
2022-05-06 14:18 ` Limonciello, Mario
2022-05-06 15:32 ` Dave Hansen
2022-05-06 16:00 ` Dan Williams
2022-05-06 17:55 ` Boris Petkov
2022-05-06 18:14 ` Dave Hansen
2022-05-06 18:25 ` Boris Petkov
2022-05-06 18:43 ` Dave Hansen
2022-05-06 19:02 ` Boris Petkov
2022-05-09 18:47 ` Dave Hansen
2022-05-09 22:17 ` Borislav Petkov
2022-05-09 22:56 ` Dave Hansen
2022-05-16 8:39 ` Richard Hughes
2022-05-18 7:52 ` Borislav Petkov
2022-05-18 18:28 ` Dan Williams
2022-05-18 20:23 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220429201717.1946178-8-martin.fernandez@eclypsium.com \
--to=martin.fernandez@eclypsium.com \
--cc=akpm@linux-foundation.org \
--cc=alex.bazhaniuk@eclypsium.com \
--cc=alison.schofield@intel.com \
--cc=andy@infradead.org \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=daniel.gutson@eclypsium.com \
--cc=dave.hansen@linux.intel.com \
--cc=dvhart@infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=hughsient@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=platform-driver-x86@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=rppt@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).