From: Borislav Petkov <bp@suse.de>
To: Brijesh Singh <brijesh.singh@amd.com>
Cc: simon.guinot@sequanux.org, linux-efi@vger.kernel.org,
kvm@vger.kernel.org, rkrcmar@redhat.com,
matt@codeblueprint.co.uk, linux-pci@vger.kernel.org,
linus.walleij@linaro.org, gary.hook@amd.com, linux-mm@kvack.org,
paul.gortmaker@windriver.com, hpa@zytor.com, cl@linux.com,
dan.j.williams@intel.com, aarcange@redhat.com,
sfr@canb.auug.org.au, andriy.shevchenko@linux.intel.com,
herbert@gondor.apana.org.au, bhe@redhat.com, xemul@parallels.com,
joro@8bytes.org, x86@kernel.org, peterz@infradead.org,
piotr.luc@intel.com, mingo@redhat.com, msalter@redhat.com,
ross.zwisler@linux.intel.com, dyoung@redhat.com,
thomas.lendacky@amd.com, jroedel@suse.de, keescook@chromium.org,
arnd@arndb.de, toshi.kani@hpe.com,
mathieu.desnoyers@efficios.com, luto@kernel.org,
devel@linuxdriverproject.org, bhelgaas@google.com,
tglx@linutronix.de, mchehab@kernel.org, iamjoonsoo.kim@lge.com,
labbott@fedoraproject.org, tony.luck@intel.com,
alexandre.bounine@idt.com, kuleshovmail@gmail.com,
linux-kernel@vger.kernel.org, mcgrof@kernel.org, mst@redhat.com,
linux-crypto@vger.kernel.org, tj@kernel.org, pbonzini@redhat.com,
akpm@linux-foundation.org, davem@davemloft.net
Subject: Re: [RFC PATCH v2 10/32] x86: DMA support for SEV memory encryption
Date: Wed, 8 Mar 2017 11:56:49 +0100 [thread overview]
Message-ID: <20170308105649.x6qcwpiwyxzp4nvb@pd.tnic> (raw)
In-Reply-To: <148846766532.2349.4832844575566575886.stgit@brijesh-build-machine>
On Thu, Mar 02, 2017 at 10:14:25AM -0500, Brijesh Singh wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
>
> DMA access to memory mapped as encrypted while SEV is active can not be
> encrypted during device write or decrypted during device read. In order
> for DMA to properly work when SEV is active, the swiotlb bounce buffers
> must be used.
>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> arch/x86/mm/mem_encrypt.c | 77 +++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 77 insertions(+)
>
> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> index 090419b..7df5f4c 100644
> --- a/arch/x86/mm/mem_encrypt.c
> +++ b/arch/x86/mm/mem_encrypt.c
> @@ -197,8 +197,81 @@ void __init sme_early_init(void)
> /* Update the protection map with memory encryption mask */
> for (i = 0; i < ARRAY_SIZE(protection_map); i++)
> protection_map[i] = pgprot_encrypted(protection_map[i]);
> +
> + if (sev_active())
> + swiotlb_force = SWIOTLB_FORCE;
> +}
> +
> +static void *sme_alloc(struct device *dev, size_t size, dma_addr_t *dma_handle,
> + gfp_t gfp, unsigned long attrs)
> +{
> + unsigned long dma_mask;
> + unsigned int order;
> + struct page *page;
> + void *vaddr = NULL;
> +
> + dma_mask = dma_alloc_coherent_mask(dev, gfp);
> + order = get_order(size);
> +
> + gfp &= ~__GFP_ZERO;
Please add a comment around here that swiotlb_alloc_coherent() will
memset(, 0, ) the memory. It took me a while to figure out what the
situation is.
Also, Joerg says the __GFP_ZERO is not absolutely necessary but it has
not been fixed in the other DMA alloc* functions because of fears that
something would break. That bit could also be part of the comment.
> +
> + page = alloc_pages_node(dev_to_node(dev), gfp, order);
> + if (page) {
> + dma_addr_t addr;
> +
> + /*
> + * Since we will be clearing the encryption bit, check the
> + * mask with it already cleared.
> + */
> + addr = phys_to_dma(dev, page_to_phys(page)) & ~sme_me_mask;
> + if ((addr + size) > dma_mask) {
> + __free_pages(page, get_order(size));
> + } else {
> + vaddr = page_address(page);
> + *dma_handle = addr;
> + }
> + }
> +
> + if (!vaddr)
> + vaddr = swiotlb_alloc_coherent(dev, size, dma_handle, gfp);
> +
> + if (!vaddr)
> + return NULL;
> +
> + /* Clear the SME encryption bit for DMA use if not swiotlb area */
> + if (!is_swiotlb_buffer(dma_to_phys(dev, *dma_handle))) {
> + set_memory_decrypted((unsigned long)vaddr, 1 << order);
> + *dma_handle &= ~sme_me_mask;
> + }
> +
> + return vaddr;
> }
>
> +static void sme_free(struct device *dev, size_t size, void *vaddr,
> + dma_addr_t dma_handle, unsigned long attrs)
> +{
> + /* Set the SME encryption bit for re-use if not swiotlb area */
> + if (!is_swiotlb_buffer(dma_to_phys(dev, dma_handle)))
> + set_memory_encrypted((unsigned long)vaddr,
> + 1 << get_order(size));
> +
> + swiotlb_free_coherent(dev, size, vaddr, dma_handle);
> +}
> +
> +static struct dma_map_ops sme_dma_ops = {
WARNING: struct dma_map_ops should normally be const
#112: FILE: arch/x86/mm/mem_encrypt.c:261:
+static struct dma_map_ops sme_dma_ops = {
Please integrate scripts/checkpatch.pl in your patch creation workflow.
Some of the warnings/errors *actually* make sense.
> + .alloc = sme_alloc,
> + .free = sme_free,
> + .map_page = swiotlb_map_page,
> + .unmap_page = swiotlb_unmap_page,
> + .map_sg = swiotlb_map_sg_attrs,
> + .unmap_sg = swiotlb_unmap_sg_attrs,
> + .sync_single_for_cpu = swiotlb_sync_single_for_cpu,
> + .sync_single_for_device = swiotlb_sync_single_for_device,
> + .sync_sg_for_cpu = swiotlb_sync_sg_for_cpu,
> + .sync_sg_for_device = swiotlb_sync_sg_for_device,
> + .mapping_error = swiotlb_dma_mapping_error,
> +};
> +
> /* Architecture __weak replacement functions */
> void __init mem_encrypt_init(void)
> {
> @@ -208,6 +281,10 @@ void __init mem_encrypt_init(void)
> /* Call into SWIOTLB to update the SWIOTLB DMA buffers */
> swiotlb_update_mem_attributes();
>
> + /* Use SEV DMA operations if SEV is active */
That's obvious. The WHY is not.
> + if (sev_active())
> + dma_ops = &sme_dma_ops;
> +
> pr_info("AMD Secure Memory Encryption (SME) active\n");
> }
>
>
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix ImendA?rffer, Jane Smithard, Graham Norton, HRB 21284 (AG NA 1/4 rnberg)
--
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-03-08 10:57 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-02 15:12 [RFC PATCH v2 00/32] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2017-03-02 15:12 ` [RFC PATCH v2 01/32] x86: Add the Secure Encrypted Virtualization CPU feature Brijesh Singh
2017-03-03 16:59 ` Borislav Petkov
2017-03-03 21:01 ` Brijesh Singh
2017-03-04 10:11 ` Borislav Petkov
2017-03-06 18:11 ` Brijesh Singh
2017-03-06 20:54 ` Borislav Petkov
2017-03-02 15:12 ` [RFC PATCH v2 02/32] x86: Secure Encrypted Virtualization (SEV) support Brijesh Singh
2017-03-07 11:19 ` Borislav Petkov
2017-03-08 15:06 ` Borislav Petkov
2017-03-02 15:12 ` [RFC PATCH v2 03/32] KVM: SVM: prepare for new bit definition in nested_ctl Brijesh Singh
2017-03-02 15:12 ` [RFC PATCH v2 04/32] KVM: SVM: Add SEV feature definitions to KVM Brijesh Singh
2017-03-07 0:50 ` Borislav Petkov
2017-03-02 15:12 ` [RFC PATCH v2 05/32] x86: Use encrypted access of BOOT related data with SEV Brijesh Singh
2017-03-07 11:09 ` Borislav Petkov
2017-03-16 19:03 ` Tom Lendacky
2017-03-02 15:13 ` [RFC PATCH v2 06/32] x86/pci: Use memremap when walking setup data Brijesh Singh
2017-03-03 20:42 ` Bjorn Helgaas
2017-03-03 21:15 ` Tom Lendacky
2017-03-07 0:03 ` Bjorn Helgaas
2017-03-13 20:08 ` Tom Lendacky
2017-03-02 15:13 ` [RFC PATCH v2 07/32] x86/efi: Access EFI data as encrypted when SEV is active Brijesh Singh
2017-03-07 11:57 ` Borislav Petkov
2017-03-02 15:13 ` [RFC PATCH v2 08/32] x86: Use PAGE_KERNEL protection for ioremap of memory page Brijesh Singh
2017-03-07 14:59 ` Borislav Petkov
2017-03-16 20:04 ` Tom Lendacky
2017-03-17 14:32 ` Tom Lendacky
2017-03-17 14:55 ` Tom Lendacky
2017-03-02 15:13 ` [RFC PATCH v2 09/32] x86: Change early_ioremap to early_memremap for BOOT data Brijesh Singh
2017-03-08 8:46 ` Borislav Petkov
2017-03-02 15:14 ` [RFC PATCH v2 10/32] x86: DMA support for SEV memory encryption Brijesh Singh
2017-03-08 10:56 ` Borislav Petkov [this message]
2017-03-02 15:14 ` [RFC PATCH v2 11/32] x86: Unroll string I/O when SEV is active Brijesh Singh
2017-03-02 15:14 ` [RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active Brijesh Singh
2017-03-09 14:07 ` Borislav Petkov
2017-03-09 16:13 ` Paolo Bonzini
2017-03-09 16:29 ` Borislav Petkov
2017-03-10 16:35 ` Brijesh Singh
2017-03-16 10:16 ` Borislav Petkov
2017-03-16 14:28 ` Tom Lendacky
2017-03-16 15:09 ` Borislav Petkov
2017-03-16 16:11 ` Tom Lendacky
2017-03-16 16:29 ` Borislav Petkov
2017-03-02 15:15 ` [RFC PATCH v2 13/32] KVM: SVM: Enable SEV by setting the SEV_ENABLE CPU feature Brijesh Singh
2017-03-09 19:29 ` Borislav Petkov
2017-03-02 15:15 ` [RFC PATCH v2 14/32] x86: mm: Provide support to use memblock when spliting large pages Brijesh Singh
2017-03-10 11:06 ` Borislav Petkov
2017-03-10 22:41 ` Brijesh Singh
2017-03-16 13:15 ` Paolo Bonzini
2017-03-16 18:28 ` Borislav Petkov
2017-03-16 22:25 ` Paolo Bonzini
2017-03-17 10:17 ` Borislav Petkov
2017-03-17 10:47 ` Paolo Bonzini
2017-03-17 10:56 ` Borislav Petkov
2017-03-17 11:03 ` Paolo Bonzini
2017-03-17 11:33 ` Borislav Petkov
2017-03-17 14:45 ` Paolo Bonzini
2017-03-18 16:37 ` Borislav Petkov
2017-04-06 14:05 ` Brijesh Singh
2017-04-06 17:25 ` Borislav Petkov
2017-04-06 18:37 ` Brijesh Singh
2017-04-07 11:33 ` Borislav Petkov
2017-04-07 14:50 ` Brijesh Singh
2017-03-16 12:28 ` Paolo Bonzini
2017-03-02 15:15 ` [RFC PATCH v2 15/32] x86: Add support for changing memory encryption attribute in early boot Brijesh Singh
2017-03-24 17:12 ` Borislav Petkov
2017-03-27 15:07 ` Brijesh Singh
2017-03-02 15:15 ` [RFC PATCH v2 16/32] x86: kvm: Provide support to create Guest and HV shared per-CPU variables Brijesh Singh
2017-03-16 11:06 ` Paolo Bonzini
2017-03-28 18:39 ` Borislav Petkov
2017-03-29 15:21 ` Paolo Bonzini
2017-03-29 15:32 ` Borislav Petkov
2017-03-02 15:15 ` [RFC PATCH v2 17/32] x86: kvmclock: Clear encryption attribute when SEV is active Brijesh Singh
2017-03-02 15:16 ` [RFC PATCH v2 18/32] kvm: svm: Use the hardware provided GPA instead of page walk Brijesh Singh
2017-03-29 15:14 ` Borislav Petkov
2017-03-29 17:08 ` Brijesh Singh
2017-03-02 15:16 ` [RFC PATCH v2 19/32] crypto: ccp: Introduce the AMD Secure Processor device Brijesh Singh
2017-03-02 17:39 ` Mark Rutland
2017-03-02 19:11 ` Brijesh Singh
2017-03-03 13:55 ` Andy Shevchenko
2017-03-02 15:16 ` [RFC PATCH v2 20/32] crypto: ccp: Add Platform Security Processor (PSP) interface support Brijesh Singh
2017-03-02 15:16 ` [RFC PATCH v2 21/32] crypto: ccp: Add Secure Encrypted Virtualization (SEV) " Brijesh Singh
2017-03-02 15:16 ` [RFC PATCH v2 22/32] kvm: svm: prepare to reserve asid for SEV guest Brijesh Singh
2017-03-02 15:17 ` [RFC PATCH v2 23/32] kvm: introduce KVM_MEMORY_ENCRYPT_OP ioctl Brijesh Singh
2017-03-16 10:25 ` Paolo Bonzini
2017-03-02 15:17 ` [RFC PATCH v2 24/32] kvm: x86: prepare for SEV guest management API support Brijesh Singh
2017-03-16 10:33 ` Paolo Bonzini
2017-03-02 15:17 ` [RFC PATCH v2 25/32] kvm: svm: Add support for SEV LAUNCH_START command Brijesh Singh
2017-03-02 15:17 ` [RFC PATCH v2 26/32] kvm: svm: Add support for SEV LAUNCH_UPDATE_DATA command Brijesh Singh
2017-03-16 10:48 ` Paolo Bonzini
2017-03-16 18:20 ` Brijesh Singh
2017-03-02 15:17 ` [RFC PATCH v2 27/32] kvm: svm: Add support for SEV LAUNCH_FINISH command Brijesh Singh
2017-03-02 15:18 ` [RFC PATCH v2 28/32] kvm: svm: Add support for SEV GUEST_STATUS command Brijesh Singh
2017-03-02 15:18 ` [RFC PATCH v2 29/32] kvm: svm: Add support for SEV DEBUG_DECRYPT command Brijesh Singh
2017-03-16 10:54 ` Paolo Bonzini
2017-03-16 18:41 ` Brijesh Singh
2017-03-17 11:09 ` Paolo Bonzini
2017-03-02 15:18 ` [RFC PATCH v2 30/32] kvm: svm: Add support for SEV DEBUG_ENCRYPT command Brijesh Singh
2017-03-16 11:03 ` Paolo Bonzini
2017-03-16 18:34 ` Brijesh Singh
2017-03-02 15:18 ` [RFC PATCH v2 31/32] kvm: svm: Add support for SEV LAUNCH_MEASURE command Brijesh Singh
2017-03-02 15:18 ` [RFC PATCH v2 32/32] x86: kvm: Pin the guest memory when SEV is active Brijesh Singh
2017-03-16 10:38 ` Paolo Bonzini
2017-03-16 18:17 ` Brijesh Singh
2017-03-03 20:33 ` [RFC PATCH v2 00/32] x86: Secure Encrypted Virtualization (AMD) Bjorn Helgaas
2017-03-03 20:51 ` Borislav Petkov
2017-03-03 21:15 ` Brijesh Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170308105649.x6qcwpiwyxzp4nvb@pd.tnic \
--to=bp@suse.de \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=alexandre.bounine@idt.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=arnd@arndb.de \
--cc=bhe@redhat.com \
--cc=bhelgaas@google.com \
--cc=brijesh.singh@amd.com \
--cc=cl@linux.com \
--cc=dan.j.williams@intel.com \
--cc=davem@davemloft.net \
--cc=devel@linuxdriverproject.org \
--cc=dyoung@redhat.com \
--cc=gary.hook@amd.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=joro@8bytes.org \
--cc=jroedel@suse.de \
--cc=keescook@chromium.org \
--cc=kuleshovmail@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=labbott@fedoraproject.org \
--cc=linus.walleij@linaro.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-pci@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=matt@codeblueprint.co.uk \
--cc=mcgrof@kernel.org \
--cc=mchehab@kernel.org \
--cc=mingo@redhat.com \
--cc=msalter@redhat.com \
--cc=mst@redhat.com \
--cc=paul.gortmaker@windriver.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=piotr.luc@intel.com \
--cc=rkrcmar@redhat.com \
--cc=ross.zwisler@linux.intel.com \
--cc=sfr@canb.auug.org.au \
--cc=simon.guinot@sequanux.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tj@kernel.org \
--cc=tony.luck@intel.com \
--cc=toshi.kani@hpe.com \
--cc=x86@kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).