linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Thomas Hellström (VMware)" <thomas_os@shipmail.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: linux-kernel@vger.kernel.org, pv-drivers@vmware.com,
	linux-graphics-maintainer@vmware.com, x86@kernel.org,
	"Dave Hansen" <dave.hansen@linux.intel.com>,
	"Andy Lutomirski" <luto@kernel.org>,
	"Peter Zijlstra" <peterz@infradead.org>,
	"Thomas Gleixner" <tglx@linutronix.de>,
	"Ingo Molnar" <mingo@redhat.com>,
	"Borislav Petkov" <bp@alien8.de>,
	"H. Peter Anvin" <hpa@zytor.com>,
	"Christoph Hellwig" <hch@infradead.org>,
	"Christian König" <christian.koenig@amd.com>,
	"Marek Szyprowski" <m.szyprowski@samsung.com>,
	"Tom Lendacky" <thomas.lendacky@amd.com>
Subject: Re: [PATCH 0/2] Fix SEV user-space mapping of unencrypted coherent memory
Date: Wed, 11 Sep 2019 10:07:06 +0200	[thread overview]
Message-ID: <e50cc9fc-4c3e-90c7-1139-f414766b648f@shipmail.org> (raw)
In-Reply-To: <20190911055913.GB104115@gmail.com>

On 9/11/19 7:59 AM, Ingo Molnar wrote:
> * Thomas Hellström (VMware) <thomas_os@shipmail.org> wrote:
>
>> With SEV and sometimes with SME encryption, The dma api coherent memory is
>> typically unencrypted, meaning the linear kernel map has the encryption
>> bit cleared. However, default page protection returned from vm_get_page_prot()
>> has the encryption bit set. So to compute the correct page protection we need
>> to clear the encryption bit.
>>
>> Also, in order for the encryption bit setting to survive across do_mmap() and
>> mprotect_fixup(), We need to make pgprot_modify() aware of it and not touch it.
>> Therefore make sme_me_mask part of _PAGE_CHG_MASK and make sure
>> pgprot_modify() preserves also cleared bits that are part of _PAGE_CHG_MASK,
>> not just set bits. The use of pgprot_modify() is currently quite limited and
>> easy to audit.
>>
>> (Note that the encryption status is not logically encoded in the pfn but in
>> the page protection even if an address line in the physical address is used).
>>
>> The patchset has seen some sanity testing by exporting dma_pgprot() and
>> using it in the vmwgfx mmap handler with SEV enabled.
>>
>> Changes since:
>> RFC:
>> - Make sme_me_mask port of _PAGE_CHG_MASK rather than using it by its own in
>>    pgprot_modify().
> Could you please add a "why is this patch-set needed", not just describe
> the "what does this patch set do"? I've seen zero discussion in the three
> changelogs of exactly why we'd want this, which drivers and features are
> affected and in what way, etc.
>
> It's called a "fix" but doesn't explain what bad behavior it fixes.
>
> Thanks,
>
> 	Ingo

I'll update the changelog to be more clear about that.

Thanks,

Thomas



      reply	other threads:[~2019-09-11  8:07 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-10 13:35 Thomas Hellström (VMware)
2019-09-10 13:35 ` [PATCH 1/2] x86: Don't let pgprot_modify() change the page encryption bit Thomas Hellström (VMware)
2019-09-10 13:35 ` [PATCH 2/2] dma-mapping: Fix dma_pgprot() for unencrypted coherent pages Thomas Hellström (VMware)
2019-09-11  5:59 ` [PATCH 0/2] Fix SEV user-space mapping of unencrypted coherent memory Ingo Molnar
2019-09-11  8:07   ` Thomas Hellström (VMware) [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e50cc9fc-4c3e-90c7-1139-f414766b648f@shipmail.org \
    --to=thomas_os@shipmail.org \
    --cc=bp@alien8.de \
    --cc=christian.koenig@amd.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=hch@infradead.org \
    --cc=hpa@zytor.com \
    --cc=linux-graphics-maintainer@vmware.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=m.szyprowski@samsung.com \
    --cc=mingo@kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=pv-drivers@vmware.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    --subject='Re: [PATCH 0/2] Fix SEV user-space mapping of unencrypted coherent memory' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).