Re: [PATCH v2 3/4] drm/ttm, drm/vmwgfx: Correctly support support AMD memory encryption

From: "Thomas Hellström (VMware)" <thomas_os@shipmail.org>
To: Dave Hansen <dave.hansen@intel.com>, Daniel Vetter <daniel@ffwll.ch>
Cc: dri-devel <dri-devel@lists.freedesktop.org>,
	pv-drivers@vmware.com,
	"VMware Graphics" <linux-graphics-maintainer@vmware.com>,
	"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
	"Tom Lendacky" <thomas.lendacky@amd.com>,
	"Thomas Hellstrom" <thellstrom@vmware.com>,
	"Peter Zijlstra" <peterz@infradead.org>,
	"Dave Hansen" <dave.hansen@linux.intel.com>,
	"Heiko Carstens" <heiko.carstens@de.ibm.com>,
	"Christian Borntraeger" <borntraeger@de.ibm.com>,
	"Ingo Molnar" <mingo@redhat.com>,
	"Borislav Petkov" <bp@alien8.de>,
	"Andy Lutomirski" <luto@kernel.org>,
	"H. Peter Anvin" <hpa@zytor.com>,
	"Thomas Gleixner" <tglx@linutronix.de>,
	"Christian König" <christian.koenig@amd.com>
Subject: Re: [PATCH v2 3/4] drm/ttm, drm/vmwgfx: Correctly support support AMD memory encryption
Date: Tue, 3 Sep 2019 22:36:25 +0200	[thread overview]
Message-ID: <bed2a2d9-17f0-24bd-9f4a-c7ee27f6106e@shipmail.org> (raw)
In-Reply-To: <6d0fafcc-b596-481b-7b22-1f26f0c02c5c@intel.com>

On 9/3/19 9:55 PM, Dave Hansen wrote:
> On 9/3/19 12:51 PM, Daniel Vetter wrote:
>>> The thing we need to stop is having mixed encryption rules under one VMA.
>> The point here is that we want this. We need to be able to move the
>> buffer between device ptes and system memory ptes, transparently,
>> behind userspace back, without races. And the fast path (which is "no
>> pte exists for this vma") must be real fast, so taking mmap_sem and
>> replacing the vma is no-go.
> So, when the user asks for encryption and we say, "sure, we'll encrypt
> that", then we want the device driver to be able to transparently undo
> that encryption under the covers for device memory?  That seems suboptimal.
>
> I'd rather the device driver just say: "Nope, you can't encrypt my VMA".
>   Because that's the truth.

The thing here is that it's the underlying physical memory that define 
the correct encryption flags. If it's DMA memory and SEV is active or 
PCI memory. It's always unencrypted. User-space in a SEV vm should 
always, from a data protection point of view, *assume* that graphics 
buffers are unencrypted. (Which will of course limit the use of gpus and 
display controllers in a SEV vm). Platform code sets the vma encryption 
to on by default.

So the question here should really be, can we determine already at mmap 
time whether backing memory will be unencrypted and adjust the *real* 
vma->vm_page_prot under the mmap_sem?

Possibly, but that requires populating the buffer with memory at mmap 
time rather than at first fault time.

And it still requires knowledge whether the device DMA is always 
unencrypted (or if SEV is active).

/Thomas