From: Borislav Petkov <bp@alien8.de>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org,
kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
kasan-dev@googlegroups.com, linux-mm@kvack.org,
iommu@lists.linux-foundation.org,
"Rik van Riel" <riel@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Toshimitsu Kani" <toshi.kani@hpe.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Jonathan Corbet" <corbet@lwn.net>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Joerg Roedel" <joro@8bytes.org>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Larry Woodman" <lwoodman@redhat.com>,
"Brijesh Singh" <brijesh.singh@amd.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Andy Lutomirski" <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Alexander Potapenko" <glider@google.com>,
"Dave Young" <dyoung@redhat.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Dmitry Vyukov" <dvyukov@google.com>
Subject: Re: [PATCH v6 26/34] iommu/amd: Allow the AMD IOMMU to work with memory encryption
Date: Wed, 14 Jun 2017 19:42:08 +0200 [thread overview]
Message-ID: <20170614174208.p2yr5exs4b6pjxhf@pd.tnic> (raw)
In-Reply-To: <20170607191745.28645.81756.stgit@tlendack-t1.amdoffice.net>
On Wed, Jun 07, 2017 at 02:17:45PM -0500, Tom Lendacky wrote:
> The IOMMU is programmed with physical addresses for the various tables
> and buffers that are used to communicate between the device and the
> driver. When the driver allocates this memory it is encrypted. In order
> for the IOMMU to access the memory as encrypted the encryption mask needs
> to be included in these physical addresses during configuration.
>
> The PTE entries created by the IOMMU should also include the encryption
> mask so that when the device behind the IOMMU performs a DMA, the DMA
> will be performed to encrypted memory.
>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> arch/x86/include/asm/mem_encrypt.h | 7 +++++++
> arch/x86/mm/mem_encrypt.c | 30 ++++++++++++++++++++++++++++++
> drivers/iommu/amd_iommu.c | 36 +++++++++++++++++++-----------------
> drivers/iommu/amd_iommu_init.c | 18 ++++++++++++------
> drivers/iommu/amd_iommu_proto.h | 10 ++++++++++
> drivers/iommu/amd_iommu_types.h | 2 +-
> include/asm-generic/mem_encrypt.h | 5 +++++
> 7 files changed, 84 insertions(+), 24 deletions(-)
>
> diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
> index c7a2525..d86e544 100644
> --- a/arch/x86/include/asm/mem_encrypt.h
> +++ b/arch/x86/include/asm/mem_encrypt.h
> @@ -31,6 +31,8 @@ void __init sme_early_decrypt(resource_size_t paddr,
>
> void __init sme_early_init(void);
>
> +bool sme_iommu_supported(void);
> +
> /* Architecture __weak replacement functions */
> void __init mem_encrypt_init(void);
>
> @@ -62,6 +64,11 @@ static inline void __init sme_early_init(void)
> {
> }
>
> +static inline bool sme_iommu_supported(void)
> +{
> + return true;
> +}
Some more file real-estate saving:
static inline bool sme_iommu_supported(void) { return true; }
> +
> #endif /* CONFIG_AMD_MEM_ENCRYPT */
>
> static inline bool sme_active(void)
> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> index 5d7c51d..018b58a 100644
> --- a/arch/x86/mm/mem_encrypt.c
> +++ b/arch/x86/mm/mem_encrypt.c
> @@ -197,6 +197,36 @@ void __init sme_early_init(void)
> protection_map[i] = pgprot_encrypted(protection_map[i]);
> }
>
> +bool sme_iommu_supported(void)
Why is this one exported with all the header file declarations if it is
going to be used in the iommu code only? IOW, you can make it a static
function there and save yourself all the exporting.
> +{
> + struct cpuinfo_x86 *c = &boot_cpu_data;
> +
> + if (!sme_me_mask || (c->x86 != 0x17))
me_mask or sme_active()?
Or is the IOMMU "disabled" in a way the moment the BIOS decides that SME
can be enabled?
Also, family checks are always a bad idea for enablement. Why do we need
the family check? Because future families will work with the IOMMU? :-)
> + return true;
> +
> + /* For Fam17h, a specific level of support is required */
> + switch (c->microcode & 0xf000) {
Also, you said in another mail on this subthread that c->microcode
is not yet set. Are you saying, that the iommu init gunk runs before
init_amd(), where we do set c->microcode?
If so, we can move the setting to early_init_amd() or so.
> + case 0x0000:
> + return false;
> + case 0x1000:
> + switch (c->microcode & 0x0f00) {
> + case 0x0000:
> + return false;
> + case 0x0100:
> + if ((c->microcode & 0xff) < 0x26)
> + return false;
> + break;
> + case 0x0200:
> + if ((c->microcode & 0xff) < 0x05)
> + return false;
> + break;
> + }
So this is the microcode revision, why those complex compares? Can't you
simply check a range of values?
> + break;
> + }
> +
> + return true;
> +}
> +
> /* Architecture __weak replacement functions */
> void __init mem_encrypt_init(void)
> {
> diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
> index 63cacf5..94eb130 100644
> --- a/drivers/iommu/amd_iommu.c
> +++ b/drivers/iommu/amd_iommu.c
> @@ -544,7 +544,7 @@ static void dump_dte_entry(u16 devid)
>
> static void dump_command(unsigned long phys_addr)
> {
> - struct iommu_cmd *cmd = phys_to_virt(phys_addr);
> + struct iommu_cmd *cmd = iommu_phys_to_virt(phys_addr);
> int i;
>
> for (i = 0; i < 4; ++i)
> @@ -863,13 +863,15 @@ static void copy_cmd_to_buffer(struct amd_iommu *iommu,
> writel(tail, iommu->mmio_base + MMIO_CMD_TAIL_OFFSET);
> }
>
> -static void build_completion_wait(struct iommu_cmd *cmd, u64 address)
> +static void build_completion_wait(struct iommu_cmd *cmd, volatile u64 *sem)
WARNING: Use of volatile is usually wrong: see Documentation/process/volatile-considered-harmful.rst
#134: FILE: drivers/iommu/amd_iommu.c:866:
+static void build_completion_wait(struct iommu_cmd *cmd, volatile u64 *sem)
> {
> + u64 address = iommu_virt_to_phys((void *)sem);
> +
> WARN_ON(address & 0x7ULL);
>
> memset(cmd, 0, sizeof(*cmd));
> - cmd->data[0] = lower_32_bits(__pa(address)) | CMD_COMPL_WAIT_STORE_MASK;
> - cmd->data[1] = upper_32_bits(__pa(address));
> + cmd->data[0] = lower_32_bits(address) | CMD_COMPL_WAIT_STORE_MASK;
> + cmd->data[1] = upper_32_bits(address);
> cmd->data[2] = 1;
> CMD_SET_TYPE(cmd, CMD_COMPL_WAIT);
<... snip stuff which Joerg needs to review... >
> diff --git a/include/asm-generic/mem_encrypt.h b/include/asm-generic/mem_encrypt.h
> index fb02ff0..bbc49e1 100644
> --- a/include/asm-generic/mem_encrypt.h
> +++ b/include/asm-generic/mem_encrypt.h
> @@ -27,6 +27,11 @@ static inline u64 sme_dma_mask(void)
> return 0ULL;
> }
>
> +static inline bool sme_iommu_supported(void)
> +{
> + return true;
> +}
Save some more file real-estate... you get the idea by now, I'm sure.
:-)
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
next prev parent reply other threads:[~2017-06-14 17:42 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-07 19:13 [PATCH v6 00/34] x86: Secure Memory Encryption (AMD) Tom Lendacky
2017-06-07 19:13 ` [PATCH v6 01/34] x86: Document AMD Secure Memory Encryption (SME) Tom Lendacky
2017-06-07 19:13 ` [PATCH v6 02/34] x86/mm/pat: Set write-protect cache mode for full PAT support Tom Lendacky
2017-06-07 19:13 ` [PATCH v6 03/34] x86, mpparse, x86/acpi, x86/PCI, x86/dmi, SFI: Use memremap for RAM mappings Tom Lendacky
2017-06-07 19:13 ` [PATCH v6 04/34] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature Tom Lendacky
2017-06-09 10:55 ` Borislav Petkov
2017-06-07 19:14 ` [PATCH v6 05/34] x86/CPU/AMD: Handle SME reduction in physical address size Tom Lendacky
2017-06-09 16:30 ` Borislav Petkov
2017-06-07 19:14 ` [PATCH v6 06/34] x86/mm: Add Secure Memory Encryption (SME) support Tom Lendacky
2017-06-09 16:43 ` Borislav Petkov
2017-06-07 19:14 ` [PATCH v6 07/34] x86/mm: Don't use phys_to_virt in ioremap() if SME is active Tom Lendacky
2017-06-07 19:14 ` [PATCH v6 08/34] x86/mm: Add support to enable SME in early boot processing Tom Lendacky
2017-06-07 19:14 ` [PATCH v6 09/34] x86/mm: Simplify p[gum]d_page() macros Tom Lendacky
2017-06-10 10:44 ` Borislav Petkov
2017-06-07 19:14 ` [PATCH v6 10/34] x86, x86/mm, x86/xen, olpc: Use __va() against just the physical address in cr3 Tom Lendacky
2017-06-07 22:06 ` Boris Ostrovsky
2017-06-08 13:42 ` Tom Lendacky
2017-06-08 20:51 ` Boris Ostrovsky
2017-06-08 21:02 ` Tom Lendacky
2017-06-08 21:17 ` Boris Ostrovsky
2017-06-08 22:01 ` [Xen-devel] " Andrew Cooper
2017-06-09 18:36 ` Tom Lendacky
2017-06-09 18:43 ` Boris Ostrovsky
2017-06-09 18:54 ` Andrew Cooper
2017-06-09 18:59 ` Tom Lendacky
2017-06-09 19:42 ` Boris Ostrovsky
2017-06-08 6:05 ` Andy Lutomirski
2017-06-08 22:38 ` Tom Lendacky
2017-06-09 18:46 ` Andy Lutomirski
2017-06-09 21:20 ` Tom Lendacky
2017-06-08 7:39 ` kbuild test robot
2017-06-07 19:15 ` [PATCH v6 11/34] x86/mm: Provide general kernel support for memory encryption Tom Lendacky
2017-06-07 19:15 ` [PATCH v6 12/34] x86/mm: Extend early_memremap() support with additional attrs Tom Lendacky
2017-06-07 19:15 ` [PATCH v6 13/34] x86/mm: Add support for early encrypt/decrypt of memory Tom Lendacky
2017-06-10 15:56 ` Borislav Petkov
2017-06-07 19:15 ` [PATCH v6 14/34] x86/mm: Insure that boot memory areas are mapped properly Tom Lendacky
2017-06-10 16:01 ` Borislav Petkov
2017-06-12 13:31 ` Tom Lendacky
2017-06-07 19:15 ` [PATCH v6 15/34] x86/boot/e820: Add support to determine the E820 type of an address Tom Lendacky
2017-06-07 19:16 ` [PATCH v6 16/34] efi: Add an EFI table address match function Tom Lendacky
2017-06-07 19:16 ` [PATCH v6 17/34] efi: Update efi_mem_type() to return an error rather than 0 Tom Lendacky
2017-06-07 19:16 ` [PATCH v6 18/34] x86/efi: Update EFI pagetable creation to work with SME Tom Lendacky
2017-06-11 19:44 ` Borislav Petkov
2017-06-07 19:16 ` [PATCH v6 19/34] x86/mm: Add support to access boot related data in the clear Tom Lendacky
2017-06-08 4:24 ` kbuild test robot
2017-06-07 19:16 ` [PATCH v6 20/34] x86, mpparse: Use memremap to map the mpf and mpc data Tom Lendacky
2017-06-14 16:07 ` Borislav Petkov
2017-06-14 17:06 ` Tom Lendacky
2017-06-14 17:27 ` Borislav Petkov
2017-06-07 19:16 ` [PATCH v6 21/34] x86/mm: Add support to access persistent memory in the clear Tom Lendacky
2017-06-07 19:17 ` [PATCH v6 22/34] x86/mm: Add support for changing the memory encryption attribute Tom Lendacky
2017-06-14 16:25 ` Borislav Petkov
2017-06-07 19:17 ` [PATCH v6 23/34] x86, realmode: Decrypt trampoline area if memory encryption is active Tom Lendacky
2017-06-14 16:24 ` Borislav Petkov
2017-06-14 16:38 ` Tom Lendacky
2017-06-07 19:17 ` [PATCH v6 24/34] x86, swiotlb: Add memory encryption support Tom Lendacky
2017-06-14 16:45 ` Borislav Petkov
2017-06-14 19:38 ` Tom Lendacky
2017-06-07 19:17 ` [PATCH v6 25/34] swiotlb: Add warnings for use of bounce buffers with SME Tom Lendacky
2017-06-08 5:53 ` kbuild test robot
2017-06-08 21:09 ` Tom Lendacky
2017-06-08 7:58 ` Christoph Hellwig
2017-06-08 23:04 ` Tom Lendacky
2017-06-14 16:50 ` Borislav Petkov
2017-06-14 19:49 ` Tom Lendacky
2017-06-15 9:08 ` Borislav Petkov
2017-06-15 13:23 ` Tom Lendacky
2017-06-07 19:17 ` [PATCH v6 26/34] iommu/amd: Allow the AMD IOMMU to work with memory encryption Tom Lendacky
2017-06-08 2:38 ` Nick Sarnie
2017-06-08 14:26 ` Tom Lendacky
2017-06-14 17:42 ` Borislav Petkov [this message]
2017-06-14 20:40 ` Tom Lendacky
2017-06-15 9:41 ` Borislav Petkov
2017-06-15 14:59 ` Tom Lendacky
2017-06-15 15:33 ` Borislav Petkov
2017-06-15 16:33 ` Tom Lendacky
2017-06-19 17:18 ` Borislav Petkov
2017-06-15 20:13 ` Konrad Rzeszutek Wilk
2017-06-21 15:37 ` Joerg Roedel
2017-06-21 16:59 ` Borislav Petkov
2017-06-21 18:40 ` Tom Lendacky
2017-06-07 19:17 ` [PATCH v6 27/34] x86, realmode: Check for memory encryption on the APs Tom Lendacky
2017-06-07 19:18 ` [PATCH v6 28/34] x86, drm, fbdev: Do not specify encrypted memory for video mappings Tom Lendacky
2017-06-07 19:18 ` [PATCH v6 29/34] kvm: x86: svm: Support Secure Memory Encryption within KVM Tom Lendacky
2017-06-15 9:55 ` Borislav Petkov
2017-06-07 19:18 ` [PATCH v6 30/34] x86/mm, kexec: Allow kexec to be used with SME Tom Lendacky
2017-06-15 10:03 ` Borislav Petkov
2017-06-15 17:43 ` Tom Lendacky
2017-06-07 19:18 ` [PATCH v6 31/34] x86/mm: Use proper encryption attributes with /dev/mem Tom Lendacky
2017-06-07 19:18 ` [PATCH v6 32/34] x86/mm: Add support to encrypt the kernel in-place Tom Lendacky
2017-06-07 19:19 ` [PATCH v6 33/34] x86/boot: Add early cmdline parsing for options with arguments Tom Lendacky
2017-06-07 19:19 ` [PATCH v6 34/34] x86/mm: Add support to make use of Secure Memory Encryption Tom Lendacky
2017-06-08 2:40 ` [PATCH v6 00/34] x86: Secure Memory Encryption (AMD) Nick Sarnie
2017-06-08 16:14 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170614174208.p2yr5exs4b6pjxhf@pd.tnic \
--to=bp@alien8.de \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=brijesh.singh@amd.com \
--cc=corbet@lwn.net \
--cc=dvyukov@google.com \
--cc=dyoung@redhat.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=kasan-dev@googlegroups.com \
--cc=kexec@lists.infradead.org \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=lwoodman@redhat.com \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=riel@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=toshi.kani@hpe.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).