Re: [RFC Part1 PATCH v3 12/17] x86/mm: DMA support for SEV memory encryption

[RFC Part1 PATCH v3 00/17] x86: Secure Encrypted Virtualization (AMD) · Brijesh Singh <hidden> · 2017-07-24
[RFC Part1 PATCH v3 01/17] Documentation/x86: Add AMD Secure Encrypted Virtualization (SEV) descrption · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 01/17] Documentation/x86: Add AMD Secure Encrypted Virtualization (SEV) descrption · Borislav Petkov <hidden> · 2017-07-25
Re: [RFC Part1 PATCH v3 01/17] Documentation/x86: Add AMD Secure Encrypted Virtualization (SEV) descrption · Brijesh Singh <hidden> · 2017-07-25
[RFC Part1 PATCH v3 03/17] x86/mm: Secure Encrypted Virtualization (SEV) support · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 03/17] x86/mm: Secure Encrypted Virtualization (SEV) support · Borislav Petkov <hidden> · 2017-07-26
Re: [RFC Part1 PATCH v3 03/17] x86/mm: Secure Encrypted Virtualization (SEV) support · Tom Lendacky <thomas.lendacky@amd.com> · 2017-07-26
Re: [RFC Part1 PATCH v3 03/17] x86/mm: Secure Encrypted Virtualization (SEV) support · Borislav Petkov <hidden> · 2017-07-27
[RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature · Borislav Petkov <hidden> · 2017-07-25
Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature · Tom Lendacky <thomas.lendacky@amd.com> · 2017-07-25
Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature · Borislav Petkov <hidden> · 2017-07-25
Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature · Tom Lendacky <thomas.lendacky@amd.com> · 2017-07-25
Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature · Borislav Petkov <hidden> · 2017-07-25
Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature · Tom Lendacky <thomas.lendacky@amd.com> · 2017-07-25
Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature · Borislav Petkov <hidden> · 2017-07-25
Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature · Tom Lendacky <thomas.lendacky@amd.com> · 2017-08-09
Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature · Borislav Petkov <hidden> · 2017-08-17
[RFC Part1 PATCH v3 04/17] x86/mm: Don't attempt to encrypt initrd under SEV · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 04/17] x86/mm: Don't attempt to encrypt initrd under SEV · Borislav Petkov <hidden> · 2017-07-26
[RFC Part1 PATCH v3 08/17] x86/efi: Access EFI data as encrypted when SEV is active · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 08/17] x86/efi: Access EFI data as encrypted when SEV is active · Borislav Petkov <hidden> · 2017-07-28
Re: [RFC Part1 PATCH v3 08/17] x86/efi: Access EFI data as encrypted when SEV is active · Tom Lendacky <thomas.lendacky@amd.com> · 2017-08-17
[RFC Part1 PATCH v3 07/17] x86/mm: Include SEV for encryption memory attribute changes · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 07/17] x86/mm: Include SEV for encryption memory attribute changes · Borislav Petkov <hidden> · 2017-07-27
RE: [RFC Part1 PATCH v3 07/17] x86/mm: Include SEV for encryption memory attribute changes · David Laight <hidden> · 2017-07-28
Re: [RFC Part1 PATCH v3 07/17] x86/mm: Include SEV for encryption memory attribute changes · Tom Lendacky <thomas.lendacky@amd.com> · 2017-08-17
Re: [RFC Part1 PATCH v3 07/17] x86/mm: Include SEV for encryption memory attribute changes · Tom Lendacky <thomas.lendacky@amd.com> · 2017-08-17
[RFC Part1 PATCH v3 06/17] x86/mm: Use encrypted access of boot related data with SEV · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 06/17] x86/mm: Use encrypted access of boot related data with SEV · Borislav Petkov <hidden> · 2017-07-27
Re: [RFC Part1 PATCH v3 06/17] x86/mm: Use encrypted access of boot related data with SEV · Tom Lendacky <thomas.lendacky@amd.com> · 2017-08-17
[RFC Part1 PATCH v3 05/17] x86, realmode: Don't decrypt trampoline area under SEV · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 05/17] x86, realmode: Don't decrypt trampoline area under SEV · Borislav Petkov <hidden> · 2017-07-26
Re: [RFC Part1 PATCH v3 05/17] x86, realmode: Don't decrypt trampoline area under SEV · Tom Lendacky <thomas.lendacky@amd.com> · 2017-08-10
[RFC Part1 PATCH v3 09/17] resource: Consolidate resource walking code · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 09/17] resource: Consolidate resource walking code · Borislav Petkov <hidden> · 2017-07-28
Re: [RFC Part1 PATCH v3 09/17] resource: Consolidate resource walking code · Tom Lendacky <thomas.lendacky@amd.com> · 2017-08-17
Re: [RFC Part1 PATCH v3 09/17] resource: Consolidate resource walking code · Tom Lendacky <thomas.lendacky@amd.com> · 2017-08-17
[RFC Part1 PATCH v3 10/17] resource: Provide resource struct in resource walk callback · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 10/17] resource: Provide resource struct in resource walk callback · Borislav Petkov <hidden> · 2017-07-31
Re: [RFC Part1 PATCH v3 10/17] resource: Provide resource struct in resource walk callback · Kees Cook <hidden> · 2017-07-31
[RFC Part1 PATCH v3 12/17] x86/mm: DMA support for SEV memory encryption · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 12/17] x86/mm: DMA support for SEV memory encryption · Borislav Petkov <hidden> · 2017-08-07
Re: [RFC Part1 PATCH v3 12/17] x86/mm: DMA support for SEV memory encryption · Tom Lendacky <thomas.lendacky@amd.com> · 2017-08-17
[RFC Part1 PATCH v3 11/17] x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 11/17] x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages · Borislav Petkov <hidden> · 2017-08-02
Re: [RFC Part1 PATCH v3 11/17] x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages · Tom Lendacky <thomas.lendacky@amd.com> · 2017-08-17
[RFC Part1 PATCH v3 17/17] X86/KVM: Clear encryption attribute when SEV is active · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 17/17] X86/KVM: Clear encryption attribute when SEV is active · Borislav Petkov <hidden> · 2017-08-31
[RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables · Borislav Petkov <hidden> · 2017-08-29
Re: [RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables · Brijesh Singh <hidden> · 2017-08-30
Re: [RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables · Borislav Petkov <hidden> · 2017-08-30
Re: [RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables · Brijesh Singh <hidden> · 2017-09-01
Re: [RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables · Andy Lutomirski <luto@kernel.org> · 2017-09-02
Re: [RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables · Brijesh Singh <hidden> · 2017-09-03
Re: [RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables · Borislav Petkov <hidden> · 2017-09-04
Re: [RFC Part1 PATCH v3 16/17] X86/KVM: Provide support to create Guest and HV shared per-CPU variables · Brijesh Singh <hidden> · 2017-09-04
[RFC Part1 PATCH v3 15/17] x86: Add support for changing memory encryption attribute in early boot · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 15/17] x86: Add support for changing memory encryption attribute in early boot · Borislav Petkov <hidden> · 2017-08-28
Re: [RFC Part1 PATCH v3 15/17] x86: Add support for changing memory encryption attribute in early boot · Brijesh Singh <hidden> · 2017-08-28
[RFC Part1 PATCH v3 14/17] x86/boot: Add early boot support when running with SEV active · Brijesh Singh <hidden> · 2017-07-24
Re: [RFC Part1 PATCH v3 14/17] x86/boot: Add early boot support when running with SEV active · Borislav Petkov <hidden> · 2017-08-23
Re: [RFC Part1 PATCH v3 14/17] x86/boot: Add early boot support when running with SEV active · Tom Lendacky <thomas.lendacky@amd.com> · 2017-08-24
Re: [RFC Part1 PATCH v3 14/17] x86/boot: Add early boot support when running with SEV active · Borislav Petkov <hidden> · 2017-08-25
[RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · Brijesh Singh <hidden> · 2017-07-24
RE: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · David Laight <hidden> · 2017-07-25
Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · Arnd Bergmann <arnd@arndb.de> · 2017-07-26
Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · Brijesh Singh <hidden> · 2017-07-26
Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · "H. Peter Anvin" <hpa@zytor.com> · 2017-07-26
Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · Brijesh Singh <hidden> · 2017-07-26
RE: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · David Laight <hidden> · 2017-07-27
Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · Borislav Petkov <hidden> · 2017-08-22
Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · Borislav Petkov <hidden> · 2017-09-15
Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · Brijesh Singh <hidden> · 2017-09-15
Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · Borislav Petkov <hidden> · 2017-09-15
Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · Brijesh Singh <hidden> · 2017-09-15
Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · Borislav Petkov <hidden> · 2017-09-15
Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is active · Brijesh Singh <hidden> · 2017-09-15

From: Tom Lendacky <thomas.lendacky@amd.com>
Date: 2017-08-17 19:35:43
Also in: kvm, linux-efi, lkml


On 8/6/2017 10:48 PM, Borislav Petkov wrote:

On Mon, Jul 24, 2017 at 02:07:52PM -0500, Brijesh Singh wrote:

quoted

From: Tom Lendacky <thomas.lendacky@amd.com>

DMA access to memory mapped as encrypted while SEV is active can not be
encrypted during device write or decrypted during device read.

Yeah, definitely rewrite that sentence.

Heh, yup.

quoted

In order
for DMA to properly work when SEV is active, the SWIOTLB bounce buffers
must be used.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Brijesh Singh <redacted>
---
  arch/x86/mm/mem_encrypt.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++
  lib/swiotlb.c             |  5 +--
  2 files changed, 89 insertions(+), 2 deletions

...

quoted

@@ -202,6 +280,14 @@ void __init mem_encrypt_init(void)
  	/* Call into SWIOTLB to update the SWIOTLB DMA buffers */
  	swiotlb_update_mem_attributes();
  
+	/*
+	 * With SEV, DMA operations cannot use encryption. New DMA ops
+	 * are required in order to mark the DMA areas as decrypted or
+	 * to use bounce buffers.
+	 */
+	if (sev_active())
+		dma_ops = &sme_dma_ops;

Well, we do differentiate between SME and SEV and the check is
sev_active but the ops are called sme_dma_ops. Call them sev_dma_ops
instead for less confusion.

Yup, will do.

Thanks,
Tom

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help