From: "Kirill A. Shutemov" <kirill@shutemov.name>
To: "Lendacky, Thomas" <Thomas.Lendacky@amd.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>,
Lianbo Jiang <lijiang@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
"x86@kernel.org" <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"iommu@lists.linux-foundation.org"
<iommu@lists.linux-foundation.org>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
"H . Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Robin Murphy <robin.murphy@arm.com>,
Christoph Hellwig <hch@lst.de>
Subject: Re: [PATCH] dma-direct: Force unencrypted DMA under SME for certain DMA masks
Date: Wed, 24 Jul 2019 21:40:15 +0300 [thread overview]
Message-ID: <20190724184015.ye6gjoikowiyh63f@box> (raw)
In-Reply-To: <9f9bfd05-0010-9050-20f0-8c89b2f039ef@amd.com>
On Wed, Jul 24, 2019 at 06:30:21PM +0000, Lendacky, Thomas wrote:
> On 7/24/19 1:11 PM, Kirill A. Shutemov wrote:
> > On Wed, Jul 24, 2019 at 05:34:26PM +0000, Lendacky, Thomas wrote:
> >> On 7/24/19 12:06 PM, Robin Murphy wrote:
> >>> On 24/07/2019 17:42, Lendacky, Thomas wrote:
> >>>> On 7/24/19 10:55 AM, Kirill A. Shutemov wrote:
> >>>>> On Wed, Jul 10, 2019 at 07:01:19PM +0000, Lendacky, Thomas wrote:
> >>>>>> @@ -351,6 +355,32 @@ bool sev_active(void)
> >>>>>> }
> >>>>>> EXPORT_SYMBOL(sev_active);
> >>>>>> +/* Override for DMA direct allocation check -
> >>>>>> ARCH_HAS_FORCE_DMA_UNENCRYPTED */
> >>>>>> +bool force_dma_unencrypted(struct device *dev)
> >>>>>> +{
> >>>>>> + /*
> >>>>>> + * For SEV, all DMA must be to unencrypted addresses.
> >>>>>> + */
> >>>>>> + if (sev_active())
> >>>>>> + return true;
> >>>>>> +
> >>>>>> + /*
> >>>>>> + * For SME, all DMA must be to unencrypted addresses if the
> >>>>>> + * device does not support DMA to addresses that include the
> >>>>>> + * encryption mask.
> >>>>>> + */
> >>>>>> + if (sme_active()) {
> >>>>>> + u64 dma_enc_mask = DMA_BIT_MASK(__ffs64(sme_me_mask));
> >>>>>> + u64 dma_dev_mask = min_not_zero(dev->coherent_dma_mask,
> >>>>>> + dev->bus_dma_mask);
> >>>>>> +
> >>>>>> + if (dma_dev_mask <= dma_enc_mask)
> >>>>>> + return true;
> >>>>>
> >>>>> Hm. What is wrong with the dev mask being equal to enc mask? IIUC, it
> >>>>> means that device mask is wide enough to cover encryption bit, doesn't it?
> >>>>
> >>>> Not really... it's the way DMA_BIT_MASK works vs bit numbering. Let's say
> >>>> that sme_me_mask has bit 47 set. __ffs64 returns 47 and DMA_BIT_MASK(47)
> >>>> will generate a mask without bit 47 set (0x7fffffffffff). So the check
> >>>> will catch anything that does not support at least 48-bit DMA.
> >>>
> >>> Couldn't that be expressed as just:
> >>>
> >>> if (sme_me_mask & dma_dev_mask == sme_me_mask)
> >>
> >> Actually !=, but yes, it could have been done like that, I just didn't
> >> think of it.
> >
> > I'm looking into generalizing the check to cover MKTME.
> >
> > Leaving off the Kconfig changes and moving the check to other file, doest
> > the change below look reasonable to you. It's only build tested so far.
> >
> > diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> > index fece30ca8b0c..6c86adcd02da 100644
> > --- a/arch/x86/mm/mem_encrypt.c
> > +++ b/arch/x86/mm/mem_encrypt.c
> > @@ -355,6 +355,8 @@ EXPORT_SYMBOL(sev_active);
> > /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */
> > bool force_dma_unencrypted(struct device *dev)
> > {
> > + u64 dma_enc_mask;
> > +
> > /*
> > * For SEV, all DMA must be to unencrypted addresses.
> > */
> > @@ -362,18 +364,20 @@ bool force_dma_unencrypted(struct device *dev)
> > return true;
> >
> > /*
> > - * For SME, all DMA must be to unencrypted addresses if the
> > - * device does not support DMA to addresses that include the
> > - * encryption mask.
> > + * For SME and MKTME, all DMA must be to unencrypted addresses if the
> > + * device does not support DMA to addresses that include the encryption
> > + * mask.
> > */
> > - if (sme_active()) {
> > - u64 dma_enc_mask = DMA_BIT_MASK(__ffs64(sme_me_mask));
> > - u64 dma_dev_mask = min_not_zero(dev->coherent_dma_mask,
> > - dev->bus_dma_mask);
> > + if (!sme_active() && !mktme_enabled())
> > + return false;
> >
> > - if (dma_dev_mask <= dma_enc_mask)
> > - return true;
> > - }
> > + dma_enc_mask = sme_me_mask | mktme_keyid_mask();
> > +
> > + if (dev->coherent_dma_mask && (dev->coherent_dma_mask & dma_enc_mask) != dma_enc_mask)
> > + return true;
> > +
> > + if (dev->bus_dma_mask && (dev->bus_dma_mask & dma_enc_mask) != dma_enc_mask)
> > + return true;
>
> Do you want to err on the side of caution and return true if both masks
> are zero? You could do the min_not_zero step and then return true if the
> result is zero. Then just make the one comparison against dma_enc_mask.
Something like this?
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index fece30ca8b0c..173d68b08c55 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -355,6 +355,8 @@ EXPORT_SYMBOL(sev_active);
/* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */
bool force_dma_unencrypted(struct device *dev)
{
+ u64 dma_enc_mask, dma_dev_mask;
+
/*
* For SEV, all DMA must be to unencrypted addresses.
*/
@@ -362,20 +364,17 @@ bool force_dma_unencrypted(struct device *dev)
return true;
/*
- * For SME, all DMA must be to unencrypted addresses if the
- * device does not support DMA to addresses that include the
- * encryption mask.
+ * For SME and MKTME, all DMA must be to unencrypted addresses if the
+ * device does not support DMA to addresses that include the encryption
+ * mask.
*/
- if (sme_active()) {
- u64 dma_enc_mask = DMA_BIT_MASK(__ffs64(sme_me_mask));
- u64 dma_dev_mask = min_not_zero(dev->coherent_dma_mask,
- dev->bus_dma_mask);
+ if (!sme_active() && !mktme_enabled())
+ return false;
- if (dma_dev_mask <= dma_enc_mask)
- return true;
- }
+ dma_enc_mask = sme_me_mask | mktme_keyid_mask();
+ dma_dev_mask = min_not_zero(dev->coherent_dma_mask, dev->bus_dma_mask);
- return false;
+ return (dma_dev_mask & dma_enc_mask) != dma_enc_mask;
}
/* Architecture __weak replacement functions */
--
Kirill A. Shutemov
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2019-07-24 18:40 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-10 19:01 [PATCH] dma-direct: Force unencrypted DMA under SME for certain DMA masks Lendacky, Thomas
2019-07-11 10:05 ` Christoph Hellwig
2019-07-11 12:18 ` Thomas Gleixner
2019-07-11 12:16 ` Thomas Gleixner
2019-07-24 15:55 ` Kirill A. Shutemov
2019-07-24 16:42 ` Lendacky, Thomas
2019-07-24 17:06 ` Robin Murphy
2019-07-24 17:34 ` Lendacky, Thomas
2019-07-24 18:11 ` Kirill A. Shutemov
2019-07-24 18:30 ` Lendacky, Thomas
2019-07-24 18:40 ` Kirill A. Shutemov [this message]
2019-07-24 18:49 ` Lendacky, Thomas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190724184015.ye6gjoikowiyh63f@box \
--to=kirill@shutemov.name \
--cc=Thomas.Lendacky@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hch@lst.de \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=lijiang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=robin.murphy@arm.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).