Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753578AbdHQTfn (ORCPT ); Thu, 17 Aug 2017 15:35:43 -0400 Received: from mail-co1nam03on0084.outbound.protection.outlook.com ([104.47.40.84]:53151 "EHLO NAM03-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753482AbdHQTfk (ORCPT ); Thu, 17 Aug 2017 15:35:40 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [RFC Part1 PATCH v3 12/17] x86/mm: DMA support for SEV memory encryption To: Borislav Petkov , Brijesh Singh Cc: linux-kernel@vger.kernel.org, x86@kernel.org, linux-efi@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm@vger.kernel.org, Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Andy Lutomirski , Tony Luck , Piotr Luc , Fenghua Yu , Lu Baolu , Reza Arbab , David Howells , Matt Fleming , "Kirill A . Shutemov" , Laura Abbott , Ard Biesheuvel , Andrew Morton , Eric Biederman , Benjamin Herrenschmidt , Paul Mackerras , Konrad Rzeszutek Wilk , Jonathan Corbet , Dave Airlie , Kees Cook , Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Arnd Bergmann , Tejun Heo , Christoph Lameter References: <20170724190757.11278-1-brijesh.singh@amd.com> <20170724190757.11278-13-brijesh.singh@amd.com> <20170807034820.GA7521@nazgul.tnic> From: Tom Lendacky Message-ID: <4002e0e2-34e8-c8ea-80e8-f5deae8b21e7@amd.com> Date: Thu, 17 Aug 2017 14:35:25 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20170807034820.GA7521@nazgul.tnic> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR2001CA0018.namprd20.prod.outlook.com (10.172.58.156) To BN6PR12MB1137.namprd12.prod.outlook.com (10.168.226.139) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 437a7f3a-4bee-4d0a-46c8-08d4e5a72200 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:BN6PR12MB1137; X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1137;3:UeWqW59ceimpA9GyS1Ztaqe1vsL92tVx9/90ThI1N1tgoexYBU8Es1hjQcxaSzoKU030/TQoFJG5plkxEuQieKt+0GMZQjBcSbkVgYbIU6SjhF0LtI06kTHJek0+8gLeRAg/uPAJhwgO+hk1UpUElQYOwjWEJ4tB0Px/00G8FdXTvzVX/nKzfjDwusAm3jR868FQsGAJ0RvrznmB8XBT91+0+ZrFEMphaY345qvhzACfNvnpWsMZpxbBCCQAWEvV;25:XsVa0sJ+seA7/IulV0NjpE7UTYlGGwu19LvFiF1moXl3e7CxxznzKntJxmSw6Ja3dBIq/gOjpKA50ZMRfnoFkNTqh0q0WeGAoi52d/L12EcFwJG82GIs2ABjU+A5n+L4bh1FpOZXTg4+BVz+hUqNrfx9OLnIKU81U6EmuRLgQyFi80Hsjm79btvYi9a4CIq6g+Nn+hPpuoQiGQxaNAdMu4891oHdePgCxj/Y2Xw+Fk/K3iB1IXHdbIb+4zFuW7LWOvoF+5p7xho0T6imspEZO5mclchfeCW/CMrAvB6R3xY+zWE4Ti70ExWa68tm6ADUq297TeWUvPvOS4Y3Xy7qrg==;31:0EcPwARrSucemBReFEdE3ooAQDnpqG1iAa90O2yA3ZNgNwzt8o+YrDdDcgGEwCY1Z3QDV0VvsbnPpSsGekLtja4NxO7ZAwrbqALERLcoc2ReuUKsD+EfaxRZt72WnSeAvHmI8zLr/CoDCQtGvqpvesBs0xvAJI3D1G5senlA6wEKXTqU3y+hxb/OwGbYE1xPiL1I8noHAERTCqZI/AqLCwiCle5u72oFpEMfT/3HdWQ= X-MS-TrafficTypeDiagnostic: BN6PR12MB1137: X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1137;20:2MBJOytS0T4iAN4qUwS7+dyktG49Lb3hYn0G99Px/D0ybMOGrg6ePVEXEoaR60id5Xop9la0H+c726TUOkhGsBXmTuowBybM35+kYv4WrZGDK1TGSruRbd8GuWneIc43Op0LYNfcLovIJVRybadc3rRnblw7dxHcfcODihrrix8uEX+X4YfSVqLCk65Udg+F+BZz76aOw+6haxaxS4y9e6TouTWhawrmzaBj+XgDcmvo6QSqROn119rmiXc9aA0VCMYBb3Xh+AWsuEsTEQwHBXdE8lBwodKNRLGNQNavKY9keGeho1r2PrE5pqqAX2/miPF0rtbmKgB0Fn8tvTW6nvXgpcSTkg0i3Etfa0JdWLtsmLR6y0Cd4VSzJYSEyW8UgU8w2t2MAyx+ulNFegAK++gn0bSPtLAzA/0SFExKO7hVBWPZtLf53BdKdiIVjW16kfaJwR+ezpIYG6u6/pX1uti6tsoV6bqTPGgjSREtdGAX7mMACf+ktTgWoFK0vMYa;4:HJujj2vcE9XvEOC5v+bXFNoH0XL+FCZfT4PWPTrzV06PoRTmsrDnsmi81wg1rqev9WiOG7UTLvVRKN1CrsbaAim3JdczpdI5Trj0p5/aPKhbWKPOAT1VIOOCTLbwSA+1gdIDDu+4cJDAY7LmMyqQb40vbdydDLkgmNf9B4Pwd+vYxOKsUn++mlBUkYwVBJEk/nQ4LXtReWYW6HmiJBDq0vCPZRBO2y/i40XwcEipeuu3eO9AxNFEA8p/CPtajXsFevqfuzlwKWi5zovSh4h+TKKJfoGt0oPiEKND5bLqT18= X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123560025)(20161123558100)(20161123555025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:BN6PR12MB1137;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:BN6PR12MB1137; X-Forefront-PRVS: 0402872DA1 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(7370300001)(6009001)(6049001)(199003)(189002)(24454002)(377454003)(305945005)(50986999)(86362001)(90366009)(7350300001)(65806001)(54356999)(68736007)(53936002)(31686004)(47776003)(76176999)(6116002)(31696002)(65956001)(54906002)(230700001)(66066001)(189998001)(3260700006)(25786009)(50466002)(478600001)(101416001)(64126003)(3846002)(2906002)(7736002)(36756003)(4326008)(42186005)(105586002)(33646002)(81166006)(81156014)(8676002)(72206003)(106356001)(229853002)(53546010)(5660300001)(23676002)(6636002)(6666003)(2950100002)(65826007)(6486002)(77096006)(7416002)(4001350100001)(7406005)(6246003)(83506001)(97736004);DIR:OUT;SFP:1101;SCL:1;SRVR:BN6PR12MB1137;H:[10.236.64.250];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxMTM3OzIzOkkzbzk3VmVrUzZQY2ZRYTErS0hsQ2M1dEMx?= =?utf-8?B?NERyaktTaVdyZlUzRzAxZUNqbFFNODQ1MlAvRU1QM1Fld1MwcUdLc3N5TGNF?= =?utf-8?B?MmRmZmRSV2V6QUZtMnBBdFVKdnBNU3pRb0k0RUZmOHRkaE5VWjFmVWtZWlV6?= =?utf-8?B?NVJRaHZXZjEyNnB6cWRpY2tpcHpzbDVBS0lIVCtWODdOWDU4ZXNrUStBTTJm?= =?utf-8?B?QmxFRU8vTHJFUDRsdGwva0dYZWVXZ1lhV2hkRkZBMVRQY21tUGFiczVLVFlX?= =?utf-8?B?OGNqNURBWEg4Q1ZGelVBSDZYSDRKNC9LTkRTenNFVlF1Q3htckovaElSU1ll?= =?utf-8?B?MDN3eEdkdVlaMlUycDZ6R3VXSGVnR0VYZ1dOSnV3SnhGNkdOU1VGeWMwTTNh?= =?utf-8?B?ZU5nVkk4U3pSSWlrSmozMGdiNFNiT0o4SnVZMHZyMWZJTzlGRkhVRHlYdHZO?= =?utf-8?B?c2laUWJNb0J2dXdUUE9SeHRYNGZ1MGxuTzg4TGlUTXF4ZENDSVhMR2JkWE1X?= =?utf-8?B?M2s0Z011N0FXazFIaElpMWdETWw1ZVFoVXl3MHU2b3lMSUtmZjNiUUpmb2tm?= =?utf-8?B?UFd1T3VCSzZ2SWo5QjdjVHlPdmw0eGs2YUtwVnlmSThNM1N0dGhQNjVQRloy?= =?utf-8?B?VHF4bjB5UWJJa0ppODl1OVZtUXBNaDlLd3N3alo1UTZsVWVJT3MrUW5kL1Fu?= =?utf-8?B?QWs5Mm5Nb3Z1MytrUExyZGhud1JjY3JLSlZ4emt3WDhYS25SM0JiWUJjVUlk?= =?utf-8?B?dG5DOVlQQTRWWjQ5TUxFc0dWelhJd3dlb1pMM0NocXBJVzVST01IRmJmZGgr?= =?utf-8?B?aGFHRUMzQjhEc3RRR0dLa2tGQlNSRUMyZGJBOGV2UUVCR1d1ZWRVVko3Si8x?= =?utf-8?B?NU1INUFKektMUThpZmM0VSs3YzRvTDJPUndFWkhDSTNJWVVRVzh6Q3BVM0Na?= =?utf-8?B?UEZ5R3FncG5icGxUNnZKZ0llSXhtSDFXblBCNUNqaUMyRHNIMHQ1UmtxemNy?= =?utf-8?B?OVBuSk0rRU5wYjZaRFhhSU14WTBpemxreEx3WHpWQWlTTzVESkYwS3dReHJL?= =?utf-8?B?c2xKL1ZvZUxTdytXVkQ1ejBqZWdDUHE3OGs2ZjNKZUJYZGRadTVjZEpsU0p5?= =?utf-8?B?UFNzT1hwV2RYaEtLdUV3SUlncURnQnRSWWJ1ZEZDQ3lPei92a0xGY08xa0dw?= =?utf-8?B?clBYNEdzNjVrUGJSZ0x3M3dyVEtWVmVDbFA1WGVmRHhBWnI2MzEvaFlMLzAx?= =?utf-8?B?NkVEYjlMdDUvTGkrVWhmT1BzcWpqS1FoMldkQjg5R2N6aU5ycjBxSTRXRW01?= =?utf-8?B?MEF6SkcxaWVPS2doVkZxRk9ocVNLMzdJblArcUxaaVpGcXJQSXp1TllBRlQ2?= =?utf-8?B?OEY4Z05VN1hVejVEb0VZaXVJZzZ0K014ZWlac1ZBaTZqWWUvWXozWm1FWWc1?= =?utf-8?B?bXQ2aHFBQTBOb1VpYjBTUUlvSGZZZHh1aEQxd2RRZDdLMHc2R2FRZHd3LzlS?= =?utf-8?B?ZE84NTlZKy9ZU0RwNzhqRFFxeUE5VjZDQ0VWVWlPM3lvY3VHYS9ZZWRTNUV5?= =?utf-8?B?MDVpQTEvNjMrV1Z3UnQ3NkFDaEVKZSs2alVRVWVYTlFUeWMzWUxlVHhQRkp0?= =?utf-8?B?NVJoY1BSTjlsTzRiVUJmSWpsRnBtUk83TS91QXBDTnBjVGx1b0JoenFBNDNF?= =?utf-8?B?dE0vWlh2NkxhZC9tTlcwZExUbkVNZVZrd1ZuZVlXaHZaZzZ2TmdHNmtFc1NE?= =?utf-8?B?MjVkK2NYcVh2anprZE5SOFV0emxYNW9vOXA4VEtyUUhDVFVXRmowVjV2TGdZ?= =?utf-8?B?b2UwdjMyUStHNjJJUEVXeW04VUhDVWxWa2UrM2toaFVlbVdDQ0dzQWhVWjdS?= =?utf-8?B?L3djMHQzQ25qWTlJcENKaEJVK055UHhuUGtwZUJ1UWRaL0tHNjFwUjMxU2pp?= =?utf-8?B?MGMvMEFlRElhekRxZXB2Nm1lWDBGWStRTkxPVlVwYUFNK3ROK21tZkFrSzM4?= =?utf-8?Q?BMRcta?= X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1137;6:VNi6cSOM6NtqEpK6SRzfJZ8rnCQRsIKv8tvQN+BHMsGIiNKPRqAwEnsODWSYSqG1yOkJFEEXtyyTrimJgvBoBkFmurRvLeyg0IPFNX/phiW+ZWiA9LyFbUrpIay8DLmzUiO/qDCAe1tNrLP0gTK1+QJMDLmAJBR05Q3TE8VRCDx+eXsBeWOxjX6jIHxb4PQuPoj9q6y34iRW48qfk26qKrt/nvLRNCoQ7nNdIa3ARG+N4JgmPX7MR5gO2BTVZouq8UMMugBg1DW3spxxTX/cyOYgfgVNh5yDKdXG51QZxJs1eN6SI6bpzreAIZZ24bdb5W+7wShFFBtr8NcniCMMkQ==;5:1J8xLCy8P3LGRlGkDLuaLnK5KxFS61c5bqqMWeQHsiFIYoig8yiBA2vRHj7W5CwcgOOypH4sUB1SEtSM3RXegQ1iqJ3mo4m61SqojYUr0/cbvvi5rl1zugxCjSThTkVx/5aw6WVuHUTHedKbb/2RbA==;24:WGLIU+u0IOY6xWjSTfdiVOVLJEtLJZas/ha7aTHBSwsm/9vAfGoWFq9p/8S4oQvB/D+WXyfTCO8iYtP8ytTIUz+GcARe9PlfRxsYSFYo4Q0=;7:0Xug9gEuw2lqFUvOy9rMadDuBf5P03MFNh51atNeBWSxA8CCGa+54syD39/eJ79uRrFTo7aKbqdDwRr/O1J3t1uQYUi5J0MACrxSumV6/dqSyzOHxYxoZJTQYK/ZOOsE/IvrfzJ2KmsdXT+70CiKqxZJCen3DAgMlhQQ24gntKkf3zQF4RG41NGCA6GDR9GbxQFifeWlJRB8eDHcJgS5VGlApV7raa7bQkdZxoSWbiQ= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1137;20:rn9cv1XjGKSGClk3xt9QfQe6SugxjugEZ/vbYdg+XEhnaJTncEj3B5tsjC18NdZWkvBxXgh12H/Gw5jK8fR62ilLj6cvAlDJqe2cGDuBlAh2P5qQcNz4Hz1iquFG9K+38ewv83IUGHjUetBuNfaYoRLTxADf39pNMECMpLtqNAX1+wJFtdK/bAtqGfHvA0qeGptlLxM72xIwVHFuge0luB2II1pZrQ6dq31QpqO21gLarQ3BqU9l9XLWcJ34P9kS X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2017 19:35:30.7105 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1137 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1385 Lines: 49 On 8/6/2017 10:48 PM, Borislav Petkov wrote: > On Mon, Jul 24, 2017 at 02:07:52PM -0500, Brijesh Singh wrote: >> From: Tom Lendacky >> >> DMA access to memory mapped as encrypted while SEV is active can not be >> encrypted during device write or decrypted during device read. > > Yeah, definitely rewrite that sentence. Heh, yup. > >> In order >> for DMA to properly work when SEV is active, the SWIOTLB bounce buffers >> must be used. >> >> Signed-off-by: Tom Lendacky >> Signed-off-by: Brijesh Singh >> --- >> arch/x86/mm/mem_encrypt.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++ >> lib/swiotlb.c | 5 +-- >> 2 files changed, 89 insertions(+), 2 deletions > > ... > >> @@ -202,6 +280,14 @@ void __init mem_encrypt_init(void) >> /* Call into SWIOTLB to update the SWIOTLB DMA buffers */ >> swiotlb_update_mem_attributes(); >> >> + /* >> + * With SEV, DMA operations cannot use encryption. New DMA ops >> + * are required in order to mark the DMA areas as decrypted or >> + * to use bounce buffers. >> + */ >> + if (sev_active()) >> + dma_ops = &sme_dma_ops; > > Well, we do differentiate between SME and SEV and the check is > sev_active but the ops are called sme_dma_ops. Call them sev_dma_ops > instead for less confusion. Yup, will do. Thanks, Tom >