3 files changed, 74 insertions, 0 deletions

diff --git a/arch/powerpc/include/asm/mem_encrypt.h b/arch/powerpc/include/asm/mem_encrypt.h
new file mode 100644
index 000000000000..ba9dab07c1be
--- /dev/null
+++ b/arch/powerpc/include/asm/mem_encrypt.h
@@ -0,0 +1,26 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * SVM helper functions
+ *
+ * Copyright 2018 IBM Corporation
+ */
+
+#ifndef _ASM_POWERPC_MEM_ENCRYPT_H
+#define _ASM_POWERPC_MEM_ENCRYPT_H
+
+#include <asm/svm.h>
+
+static inline bool mem_encrypt_active(void)
+{
+        return is_secure_guest();
+}
+
+static inline bool force_dma_unencrypted(struct device *dev)
+{
+        return is_secure_guest();
+}
+
+int set_memory_encrypted(unsigned long addr, int numpages);
+int set_memory_decrypted(unsigned long addr, int numpages);
+
+#endif /* _ASM_POWERPC_MEM_ENCRYPT_H */
diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig
index d09deb05bb66..9e35cddddf73 100644
--- a/arch/powerpc/platforms/pseries/Kconfig
+++ b/arch/powerpc/platforms/pseries/Kconfig
@@ -149,6 +149,9 @@ config PAPR_SCM
 config PPC_SVM
         bool "Secure virtual machine (SVM) support for POWER"
         depends on PPC_PSERIES
+        select SWIOTLB
+        select ARCH_HAS_MEM_ENCRYPT
+        select ARCH_HAS_FORCE_DMA_UNENCRYPTED
         help
          There are certain POWER platforms which support secure guests using
          the Protected Execution Facility, with the help of an Ultravisor
diff --git a/arch/powerpc/platforms/pseries/svm.c b/arch/powerpc/platforms/pseries/svm.c
index 2b2b1a77ca1e..40c0637203d5 100644
--- a/arch/powerpc/platforms/pseries/svm.c
+++ b/arch/powerpc/platforms/pseries/svm.c
@@ -7,8 +7,53 @@
  */
 
 #include <linux/mm.h>
+#include <asm/machdep.h>
+#include <asm/svm.h>
+#include <asm/swiotlb.h>
 #include <asm/ultravisor.h>
 
+static int __init init_svm(void)
+{
+        if (!is_secure_guest())
+                return 0;
+
+        /* Don't release the SWIOTLB buffer. */
+        ppc_swiotlb_enable = 1;
+
+        /*
+         * Since the guest memory is inaccessible to the host, devices always
+         * need to use the SWIOTLB buffer for DMA even if dma_capable() says
+         * otherwise.
+         */
+        swiotlb_force = SWIOTLB_FORCE;
+
+        /* Share the SWIOTLB buffer with the host. */
+        swiotlb_update_mem_attributes();
+
+        return 0;
+}
+machine_early_initcall(pseries, init_svm);
+
+int set_memory_encrypted(unsigned long addr, int numpages)
+{
+        if (!PAGE_ALIGNED(addr))
+                return -EINVAL;
+
+        uv_unshare_page(PHYS_PFN(__pa(addr)), numpages);
+
+        return 0;
+}
+
+int set_memory_decrypted(unsigned long addr, int numpages)
+{
+        if (!PAGE_ALIGNED(addr))
+                return -EINVAL;
+
+        uv_share_page(PHYS_PFN(__pa(addr)), numpages);
+
+        return 0;
+}
+
 /* There's one dispatch log per CPU. */
 #define NR_DTL_PAGE (DISPATCH_LOG_BYTES * CONFIG_NR_CPUS / PAGE_SIZE)