Re: [RFC PATCH v3 13/20] x86: DMA support for memory encryption

[RFC PATCH v3 00/20] x86: Secure Memory Encryption (AMD) · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
[RFC PATCH v3 10/20] Add support to access boot related data in the clear · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear · Kani, Toshimitsu <hidden> · 2016-11-11
Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-14
Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear · Borislav Petkov <bp@alien8.de> · 2016-11-17
Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-19
Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear · Borislav Petkov <bp@alien8.de> · 2016-11-20
Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear · Matt Fleming <hidden> · 2016-12-07
Re: [RFC PATCH v3 10/20] Add support to access boot related data in the clear · Tom Lendacky <thomas.lendacky@amd.com> · 2016-12-09
[RFC PATCH v3 16/20] x86: Do not specify encrypted memory for video mappings · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
[RFC PATCH v3 02/20] x86: Set the write-protect cache mode for full PAT support · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 02/20] x86: Set the write-protect cache mode for full PAT support · Borislav Petkov <bp@alien8.de> · 2016-11-10
Re: [RFC PATCH v3 02/20] x86: Set the write-protect cache mode for full PAT support · Kani, Toshimitsu <hidden> · 2016-11-11
Re: [RFC PATCH v3 02/20] x86: Set the write-protect cache mode for full PAT support · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-14
[RFC PATCH v3 03/20] x86: Add the Secure Memory Encryption cpu feature · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 03/20] x86: Add the Secure Memory Encryption cpu feature · Borislav Petkov <bp@alien8.de> · 2016-11-11
[RFC PATCH v3 01/20] x86: Documentation for AMD Secure Memory Encryption (SME) · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 01/20] x86: Documentation for AMD Secure Memory Encryption (SME) · Borislav Petkov <bp@alien8.de> · 2016-11-10
Re: [RFC PATCH v3 01/20] x86: Documentation for AMD Secure Memory Encryption (SME) · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-14
[RFC PATCH v3 06/20] x86: Add support to enable SME during early boot processing · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 06/20] x86: Add support to enable SME during early boot processing · Borislav Petkov <bp@alien8.de> · 2016-11-14
Re: [RFC PATCH v3 06/20] x86: Add support to enable SME during early boot processing · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-14
Re: [RFC PATCH v3 06/20] x86: Add support to enable SME during early boot processing · Borislav Petkov <bp@alien8.de> · 2016-11-14
[RFC PATCH v3 07/20] x86: Provide general kernel support for memory encryption · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
[RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME · Joerg Roedel <joro@8bytes.org> · 2016-11-15
Re: [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME · Borislav Petkov <bp@alien8.de> · 2016-11-15
Re: [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-15
Re: [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME · Borislav Petkov <bp@alien8.de> · 2016-11-15
Re: [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-15
Re: [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME · Borislav Petkov <bp@alien8.de> · 2016-11-15
Re: [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-15
Re: [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-15
Re: [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME · Borislav Petkov <bp@alien8.de> · 2016-11-15
Re: [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-15
Re: [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-15
[RFC PATCH v3 05/20] x86: Add Secure Memory Encryption (SME) support · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
[RFC PATCH v3 09/20] x86: Insure that boot memory areas are mapped properly · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 09/20] x86: Insure that boot memory areas are mapped properly · Borislav Petkov <bp@alien8.de> · 2016-11-17
Re: [RFC PATCH v3 09/20] x86: Insure that boot memory areas are mapped properly · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-19
[RFC PATCH v3 12/20] x86: Decrypt trampoline area if memory encryption is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 12/20] x86: Decrypt trampoline area if memory encryption is active · Borislav Petkov <bp@alien8.de> · 2016-11-17
Re: [RFC PATCH v3 12/20] x86: Decrypt trampoline area if memory encryption is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-19
[RFC PATCH v3 14/20] iommu/amd: Disable AMD IOMMU if memory encryption is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 14/20] iommu/amd: Disable AMD IOMMU if memory encryption is active · Joerg Roedel <joro@8bytes.org> · 2016-11-14
Re: [RFC PATCH v3 14/20] iommu/amd: Disable AMD IOMMU if memory encryption is active · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-14
[RFC PATCH v3 08/20] x86: Add support for early encryption/decryption of memory · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 08/20] x86: Add support for early encryption/decryption of memory · Borislav Petkov <bp@alien8.de> · 2016-11-16
Re: [RFC PATCH v3 08/20] x86: Add support for early encryption/decryption of memory · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-16
[RFC PATCH v3 17/20] x86/kvm: Enable Secure Memory Encryption of nested page tables · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
[RFC PATCH v3 13/20] x86: DMA support for memory encryption · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 13/20] x86: DMA support for memory encryption · Radim Krčmář <hidden> · 2016-11-15
Re: [RFC PATCH v3 13/20] x86: DMA support for memory encryption · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-15
Re: [RFC PATCH v3 13/20] x86: DMA support for memory encryption · Radim Krčmář <hidden> · 2016-11-15
Re: [RFC PATCH v3 13/20] x86: DMA support for memory encryption · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-15
Re: [RFC PATCH v3 13/20] x86: DMA support for memory encryption · "Michael S. Tsirkin" <mst@redhat.com> · 2016-11-15
Re: [RFC PATCH v3 13/20] x86: DMA support for memory encryption · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-15
Re: [RFC PATCH v3 13/20] x86: DMA support for memory encryption · "Michael S. Tsirkin" <mst@redhat.com> · 2016-11-15
Re: [RFC PATCH v3 13/20] x86: DMA support for memory encryption · Borislav Petkov <bp@alien8.de> · 2016-11-22
Re: [RFC PATCH v3 13/20] x86: DMA support for memory encryption · "Michael S. Tsirkin" <mst@redhat.com> · 2016-11-22
Re: [RFC PATCH v3 13/20] x86: DMA support for memory encryption · Borislav Petkov <bp@alien8.de> · 2016-11-22
Re: [RFC PATCH v3 13/20] x86: DMA support for memory encryption · "Michael S. Tsirkin" <mst@redhat.com> · 2016-11-22
[RFC PATCH v3 18/20] x86: Access the setup data through debugfs un-encrypted · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
[RFC PATCH v3 19/20] x86: Add support to make use of Secure Memory Encryption · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 19/20] x86: Add support to make use of Secure Memory Encryption · Borislav Petkov <bp@alien8.de> · 2016-11-24
Re: [RFC PATCH v3 19/20] x86: Add support to make use of Secure Memory Encryption · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-29
[RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption · Borislav Petkov <bp@alien8.de> · 2016-11-22
Re: [RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption · Borislav Petkov <bp@alien8.de> · 2016-11-26
Re: [RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-29
Re: [RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption · Borislav Petkov <bp@alien8.de> · 2016-11-29
[RFC PATCH v3 15/20] x86: Check for memory encryption on the APs · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 15/20] x86: Check for memory encryption on the APs · Borislav Petkov <bp@alien8.de> · 2016-11-22
Re: [RFC PATCH v3 15/20] x86: Check for memory encryption on the APs · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-29
[RFC PATCH v3 11/20] x86: Add support for changing memory encryption attribute · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-10
Re: [RFC PATCH v3 11/20] x86: Add support for changing memory encryption attribute · Borislav Petkov <bp@alien8.de> · 2016-11-17
Re: [RFC PATCH v3 11/20] x86: Add support for changing memory encryption attribute · Tom Lendacky <thomas.lendacky@amd.com> · 2016-11-19
Re: [RFC PATCH v3 11/20] x86: Add support for changing memory encryption attribute · Borislav Petkov <bp@alien8.de> · 2016-11-21

From: "Michael S. Tsirkin" <mst@redhat.com>
Date: 2016-11-15 19:16:41
Also in: kvm, linux-efi, linux-iommu, linux-mm, lkml

On Tue, Nov 15, 2016 at 12:29:35PM -0600, Tom Lendacky wrote:

On 11/15/2016 9:16 AM, Michael S. Tsirkin wrote:

quoted

On Wed, Nov 09, 2016 at 06:37:23PM -0600, Tom Lendacky wrote:

quoted

Since DMA addresses will effectively look like 48-bit addresses when the
memory encryption mask is set, SWIOTLB is needed if the DMA mask of the
device performing the DMA does not support 48-bits. SWIOTLB will be
initialized to create un-encrypted bounce buffers for use by these devices.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 arch/x86/include/asm/dma-mapping.h |    5 ++-
 arch/x86/include/asm/mem_encrypt.h |    5 +++
 arch/x86/kernel/pci-dma.c          |   11 ++++---
 arch/x86/kernel/pci-nommu.c        |    2 +
 arch/x86/kernel/pci-swiotlb.c      |    8 ++++-
 arch/x86/mm/mem_encrypt.c          |   17 +++++++++++
 include/linux/swiotlb.h            |    1 +
 init/main.c                        |   13 ++++++++
 lib/swiotlb.c                      |   58 +++++++++++++++++++++++++++++++-----
 9 files changed, 103 insertions(+), 17 deletions(-)

diff --git a/arch/x86/include/asm/dma-mapping.h b/arch/x86/include/asm/dma-mapping.h
index 4446162..c9cdcae 100644
--- a/arch/x86/include/asm/dma-mapping.h
+++ b/arch/x86/include/asm/dma-mapping.h

..SNIP...

quoted

 
+/*
+ * If memory encryption is active, the DMA address for an encrypted page may
+ * be beyond the range of the device. If bounce buffers are required be sure
+ * that they are not on an encrypted page. This should be called before the
+ * iotlb area is used.

Makes sense, but I think at least a dmesg warning here
might be a good idea.

Good idea.  Should it be a warning when it is first being set up or
a warning the first time the bounce buffers need to be used.  Or maybe
both?

quoted

A boot flag that says "don't enable devices that don't support
encryption" might be a good idea, too, since most people
don't read dmesg output and won't notice the message.

I'll look into this. It might be something that can be checked as
part of the device setting its DMA mask or the first time a DMA
API is used if the device doesn't explicitly set its mask.

Thanks,
Tom

quoted

I think setup time is nicer if it's possible.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help