1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2023 ARM Ltd.
4 */
5
6 #include <linux/jump_label.h>
7 #include <linux/memblock.h>
8 #include <linux/psci.h>
9 #include <linux/swiotlb.h>
10 #include <linux/cc_platform.h>
11 #include <linux/platform_device.h>
12
13 #include <asm/io.h>
14 #include <asm/mem_encrypt.h>
15 #include <asm/rsi.h>
16
17 static struct realm_config config;
18
19 unsigned long prot_ns_shared;
20 EXPORT_SYMBOL(prot_ns_shared);
21
22 DEFINE_STATIC_KEY_FALSE_RO(rsi_present);
23 EXPORT_SYMBOL(rsi_present);
24
cc_platform_has(enum cc_attr attr)25 bool cc_platform_has(enum cc_attr attr)
26 {
27 switch (attr) {
28 case CC_ATTR_MEM_ENCRYPT:
29 return is_realm_world();
30 default:
31 return false;
32 }
33 }
34 EXPORT_SYMBOL_GPL(cc_platform_has);
35
rsi_version_matches(void)36 static bool rsi_version_matches(void)
37 {
38 unsigned long ver_lower, ver_higher;
39 unsigned long ret = rsi_request_version(RSI_ABI_VERSION,
40 &ver_lower,
41 &ver_higher);
42
43 if (ret == SMCCC_RET_NOT_SUPPORTED)
44 return false;
45
46 if (ret != RSI_SUCCESS) {
47 pr_err("RME: RMM doesn't support RSI version %lu.%lu. Supported range: %lu.%lu-%lu.%lu\n",
48 RSI_ABI_VERSION_MAJOR, RSI_ABI_VERSION_MINOR,
49 RSI_ABI_VERSION_GET_MAJOR(ver_lower),
50 RSI_ABI_VERSION_GET_MINOR(ver_lower),
51 RSI_ABI_VERSION_GET_MAJOR(ver_higher),
52 RSI_ABI_VERSION_GET_MINOR(ver_higher));
53 return false;
54 }
55
56 pr_info("RME: Using RSI version %lu.%lu\n",
57 RSI_ABI_VERSION_GET_MAJOR(ver_lower),
58 RSI_ABI_VERSION_GET_MINOR(ver_lower));
59
60 return true;
61 }
62
arm64_rsi_setup_memory(void)63 static void __init arm64_rsi_setup_memory(void)
64 {
65 u64 i;
66 phys_addr_t start, end;
67
68 /*
69 * Iterate over the available memory ranges and convert the state to
70 * protected memory. We should take extra care to ensure that we DO NOT
71 * permit any "DESTROYED" pages to be converted to "RAM".
72 *
73 * panic() is used because if the attempt to switch the memory to
74 * protected has failed here, then future accesses to the memory are
75 * simply going to be reflected as a SEA (Synchronous External Abort)
76 * which we can't handle. Bailing out early prevents the guest limping
77 * on and dying later.
78 */
79 for_each_mem_range(i, &start, &end) {
80 if (rsi_set_memory_range_protected_safe(start, end)) {
81 panic("Failed to set memory range to protected: %pa-%pa",
82 &start, &end);
83 }
84 }
85 }
86
87 /*
88 * Check if a given PA range is Trusted (e.g., Protected memory, a Trusted Device
89 * mapping, or an MMIO emulated in the Realm world).
90 *
91 * We can rely on the RIPAS value of the region to detect if a given region is
92 * protected.
93 *
94 * RIPAS_DEV - A trusted device memory or a trusted emulated MMIO (in the Realm
95 * world
96 * RIPAS_RAM - Memory (RAM), protected by the RMM guarantees. (e.g., Firmware
97 * reserved regions for data sharing).
98 *
99 * RIPAS_DESTROYED is a special case of one of the above, where the host did
100 * something without our permission and as such we can't do anything about it.
101 *
102 * The only case where something is emulated by the untrusted hypervisor or is
103 * backed by shared memory is indicated by RSI_RIPAS_EMPTY.
104 */
arm64_rsi_is_protected(phys_addr_t base,size_t size)105 bool arm64_rsi_is_protected(phys_addr_t base, size_t size)
106 {
107 enum ripas ripas;
108 phys_addr_t end, top;
109
110 /* Overflow ? */
111 if (WARN_ON(base + size <= base))
112 return false;
113
114 end = ALIGN(base + size, RSI_GRANULE_SIZE);
115 base = ALIGN_DOWN(base, RSI_GRANULE_SIZE);
116
117 while (base < end) {
118 if (WARN_ON(rsi_ipa_state_get(base, end, &ripas, &top)))
119 break;
120 if (WARN_ON(top <= base))
121 break;
122 if (ripas == RSI_RIPAS_EMPTY)
123 break;
124 base = top;
125 }
126
127 return base >= end;
128 }
129 EXPORT_SYMBOL(arm64_rsi_is_protected);
130
realm_ioremap_hook(phys_addr_t phys,size_t size,pgprot_t * prot)131 static int realm_ioremap_hook(phys_addr_t phys, size_t size, pgprot_t *prot)
132 {
133 if (arm64_rsi_is_protected(phys, size))
134 *prot = pgprot_encrypted(*prot);
135 else
136 *prot = pgprot_decrypted(*prot);
137
138 return 0;
139 }
140
arm64_rsi_init(void)141 void __init arm64_rsi_init(void)
142 {
143 if (arm_smccc_1_1_get_conduit() != SMCCC_CONDUIT_SMC)
144 return;
145 if (!rsi_version_matches())
146 return;
147 if (WARN_ON(rsi_get_realm_config(&config)))
148 return;
149 prot_ns_shared = BIT(config.ipa_bits - 1);
150
151 if (arm64_ioremap_prot_hook_register(realm_ioremap_hook))
152 return;
153
154 if (realm_register_memory_enc_ops())
155 return;
156
157 arm64_rsi_setup_memory();
158
159 static_branch_enable(&rsi_present);
160 }
161
162 static struct platform_device rsi_dev = {
163 .name = RSI_PDEV_NAME,
164 .id = PLATFORM_DEVID_NONE
165 };
166
arm64_create_dummy_rsi_dev(void)167 static int __init arm64_create_dummy_rsi_dev(void)
168 {
169 if (is_realm_world() &&
170 platform_device_register(&rsi_dev))
171 pr_err("failed to register rsi platform device\n");
172 return 0;
173 }
174
175 arch_initcall(arm64_create_dummy_rsi_dev)
176