Re: [PATCH V7 1/5] swiotlb: Add swiotlb bounce buffer remap function for HV IVM

[PATCH V7 0/5] x86/Hyper-V: Add Hyper-V Isolation VM support(Second part) · Tianyu Lan <hidden> · 2021-12-13
[PATCH V7 1/5] swiotlb: Add swiotlb bounce buffer remap function for HV IVM · Tianyu Lan <hidden> · 2021-12-13
Re: [PATCH V7 1/5] swiotlb: Add swiotlb bounce buffer remap function for HV IVM · Dave Hansen <hidden> · 2021-12-13
Re: [PATCH V7 1/5] swiotlb: Add swiotlb bounce buffer remap function for HV IVM · Tianyu Lan <hidden> · 2021-12-14
Re: [PATCH V7 1/5] swiotlb: Add swiotlb bounce buffer remap function for HV IVM · Dave Hansen <hidden> · 2021-12-14
Re: [PATCH V7 1/5] swiotlb: Add swiotlb bounce buffer remap function for HV IVM · Tom Lendacky <thomas.lendacky@amd.com> · 2021-12-14
Re: [PATCH V7 1/5] swiotlb: Add swiotlb bounce buffer remap function for HV IVM · Dave Hansen <hidden> · 2021-12-14
Re: [PATCH V7 1/5] swiotlb: Add swiotlb bounce buffer remap function for HV IVM · Tianyu Lan <hidden> · 2021-12-15
Re: [PATCH V7 1/5] swiotlb: Add swiotlb bounce buffer remap function for HV IVM · Wei Liu <wei.liu@kernel.org> · 2021-12-16
[PATCH V7 2/5] x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has() · Tianyu Lan <hidden> · 2021-12-13
Re: [PATCH V7 2/5] x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has() · Wei Liu <wei.liu@kernel.org> · 2021-12-14
Re: [PATCH V7 2/5] x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has() · Borislav Petkov <bp@alien8.de> · 2021-12-14
Re: [PATCH V7 2/5] x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has() · Wei Liu <wei.liu@kernel.org> · 2021-12-14
[PATCH V7 3/5] hyper-v: Enable swiotlb bounce buffer for Isolation VM · Tianyu Lan <hidden> · 2021-12-13
[PATCH V7 4/5] scsi: storvsc: Add Isolation VM support for storvsc driver · Tianyu Lan <hidden> · 2021-12-13
RE: [PATCH V7 4/5] scsi: storvsc: Add Isolation VM support for storvsc driver · Long Li <longli@microsoft.com> · 2021-12-15
Re: [PATCH V7 4/5] scsi: storvsc: Add Isolation VM support for storvsc driver · Jakub Kicinski <kuba@kernel.org> · 2022-02-03
Re: [PATCH V7 4/5] scsi: storvsc: Add Isolation VM support for storvsc driver · Jakub Kicinski <kuba@kernel.org> · 2022-02-04
[PATCH V7 5/5] net: netvsc: Add Isolation VM support for netvsc driver · Tianyu Lan <hidden> · 2021-12-13
RE: [PATCH V7 5/5] net: netvsc: Add Isolation VM support for netvsc driver · Haiyang Zhang <haiyangz@microsoft.com> · 2021-12-13
RE: [PATCH V7 0/5] x86/Hyper-V: Add Hyper-V Isolation VM support(Second part) · Michael Kelley (LINUX) <hidden> · 2021-12-14
Re: [PATCH V7 0/5] x86/Hyper-V: Add Hyper-V Isolation VM support(Second part) · Wei Liu <wei.liu@kernel.org> · 2021-12-17

From: Tom Lendacky <thomas.lendacky@amd.com>
Date: 2021-12-14 22:23:50
Also in: linux-arch, linux-iommu, linux-scsi, lkml, netdev

On 12/14/21 12:40 PM, Dave Hansen wrote:

On 12/13/21 8:36 PM, Tianyu Lan wrote:

quoted

On 12/14/2021 12:45 AM, Dave Hansen wrote:

quoted

On 12/12/21 11:14 PM, Tianyu Lan wrote:

quoted

In Isolation VM with AMD SEV, bounce buffer needs to be accessed via
extra address space which is above shared_gpa_boundary (E.G 39 bit
address line) reported by Hyper-V CPUID ISOLATION_CONFIG. The access
physical address will be original physical address +
shared_gpa_boundary.
The shared_gpa_boundary in the AMD SEV SNP spec is called virtual top of
memory(vTOM). Memory addresses below vTOM are automatically treated as
private while memory above vTOM is treated as shared.

This seems to be independently reintroducing some of the SEV
infrastructure.  Is it really OK that this doesn't interact at all with
any existing SEV code?

For instance, do we need a new 'swiotlb_unencrypted_base', or should
this just be using sme_me_mask somehow?

        Thanks for your review. Hyper-V provides a para-virtualized
confidential computing solution based on the AMD SEV function and not
expose sev&sme capabilities to guest. So sme_me_mask is unset in the
Hyper-V Isolation VM. swiotlb_unencrypted_base is more general solution
to handle such case of different address space for encrypted and
decrypted memory and other platform also may reuse it.

I don't really understand how this can be more general any *not* get
utilized by the existing SEV support.

The Virtual Top-of-Memory (VTOM) support is an SEV-SNP feature that is 
meant to be used with a (relatively) un-enlightened guest. The idea is 
that the C-bit in the guest page tables must be 0 for all accesses. It is 
only the physical address relative to VTOM that determines if the access 
is encrypted or not. So setting sme_me_mask will actually cause issues 
when running with this feature. Since all DMA for an SEV-SNP guest must 
still be to shared (unencrypted) memory, some enlightenment is needed. In 
this case, memory mapped above VTOM will provide that via the SWIOTLB 
update. For SEV-SNP guests running with VTOM, they are likely to also be 
running with the Reflect #VC feature, allowing a "paravisor" to handle any 
#VCs generated by the guest.

See sections 15.36.8 "Virtual Top-of-Memory" and 15.36.9 "Reflect #VC" in 
volume 2 of the AMD APM [1].

I'm not sure if that will answer your question or generate more :)

Thanks,
Tom

[1] https://www.amd.com/system/files/TechDocs/24593.pdf

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help