Commit ce19f236 authored by Xin Jiang's avatar Xin Jiang Committed by hanliyang
Browse files

x86/kernel: Add CSV3 early update(enc/dec)/reset memory helpers 

hygon inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/IAYGKY


CVE: NA

---------------------------

The functions are needed to set memory as private/shared memory or
reset all memory as private memory at the stage where the identity
mapping page table is available.

Generally, at early runtime of the decompressed kernel, it needs to
obtain CSV3 secure call pages then reset all memory as private before
switching to new kernel page table. Otherwise, prior shared memory
regions will be wrongly used and private data in guest may be
accessed maliciously.

Signed-off-by: default avatarXin Jiang <jiangxin@hygon.cn>
Signed-off-by: default avatarhanliyang <hanliyang@hygon.cn>
parent e943f2c7

arch/x86/include/asm/csv.h

+18 −0
Original line number Diff line number Diff line
@@ -55,6 +55,24 @@ static inline uint32_t csv_get_smr_entry_shift(void) { return 0; } 
#define MSR_CSV3_ENABLED_BIT		30

#define MSR_CSV3_ENABLED		BIT_ULL(MSR_CSV3_ENABLED_BIT)



#ifdef CONFIG_HYGON_CSV



bool csv3_active(void);



void __init csv_early_reset_memory(struct boot_params *bp);

void __init csv_early_update_memory_enc(u64 vaddr, u64 pages);

void __init csv_early_update_memory_dec(u64 vaddr, u64 pages);



#else	/* !CONFIG_HYGON_CSV */



static inline bool csv3_active(void) { return false; }



static inline void __init csv_early_reset_memory(struct boot_params *bp) { }

static inline void __init csv_early_update_memory_enc(u64 vaddr, u64 pages) { }

static inline void __init csv_early_update_memory_dec(u64 vaddr, u64 pages) { }



#endif	/* CONFIG_HYGON_CSV */



#endif	/* __ASSEMBLY__ */



#endif	/* __ASM_X86_CSV_H__ */

arch/x86/kernel/Makefile

+2 −0
Original line number Diff line number Diff line
@@ -162,3 +162,5 @@ ifeq ($(CONFIG_X86_64),y) 
	obj-y				+= vsmp_64.o

	obj-$(CONFIG_PCI)		+= zhaoxin_kh40000.o

endif



obj-$(CONFIG_HYGON_CSV)			+= csv.o

arch/x86/kernel/csv.c

0 → 100644
+49 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-only

/*

 * HYGON CSV support

 *

 * Copyright (C) Hygon Info Technologies Ltd.

 */



#include <linux/preempt.h>

#include <linux/smp.h>

#include <linux/memblock.h>

#include <asm/mem_encrypt.h>

#include <asm/csv.h>



#include "../mm/mm_internal.h"

#include "csv-shared.c"



struct secure_call_pages {

	struct csv3_secure_call_cmd page_a;

	struct csv3_secure_call_cmd page_b;

};



void __init csv_early_reset_memory(struct boot_params *bp)

{

	if (!csv3_active())

		return;



	csv3_scan_secure_call_pages(bp);

	csv3_early_secure_call_ident_map(0, 0, CSV3_SECURE_CMD_RESET);

}



void __init csv_early_update_memory_dec(u64 vaddr, u64 pages)

{

	if (!csv3_active())

		return;



	if (pages)

		csv3_early_secure_call_ident_map(__pa(vaddr), pages,

						 CSV3_SECURE_CMD_DEC);

}



void __init csv_early_update_memory_enc(u64 vaddr, u64 pages)

{

	if (!csv3_active())

		return;



	if (pages)

		csv3_early_secure_call_ident_map(__pa(vaddr), pages,

						 CSV3_SECURE_CMD_ENC);

}

arch/x86/mm/mem_encrypt_hygon.c

+22 −0
Original line number Diff line number Diff line
@@ -26,6 +26,10 @@ 
#include <asm/csv.h>

#include <asm/processor-hygon.h>



u32 vendor_ebx __section(".data") = 0;

u32 vendor_ecx __section(".data") = 0;

u32 vendor_edx __section(".data") = 0;



void print_hygon_cc_feature_info(void)

{

	/* Secure Memory Encryption */
@@ -106,6 +110,24 @@ static bool __init __maybe_unused csv3_check_cpu_support(void) 
	return !!me_mask && csv3_enabled;

}



/* csv3_active() indicate whether the guest is protected by CSV3 */

bool noinstr csv3_active(void)

{

	if (vendor_ebx == 0 || vendor_ecx == 0 || vendor_edx == 0) {

		u32 eax = 0;



		native_cpuid(&eax, &vendor_ebx, &vendor_ecx, &vendor_edx);

	}



	/* HygonGenuine */

	if (vendor_ebx == CPUID_VENDOR_HygonGenuine_ebx &&

	    vendor_ecx == CPUID_VENDOR_HygonGenuine_ecx &&

	    vendor_edx == CPUID_VENDOR_HygonGenuine_edx)

		return !!(sev_status & MSR_CSV3_ENABLED);

	else

		return false;

}



/******************************************************************************/

/**************************** CSV3 CMA interfaces *****************************/

/******************************************************************************/