Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp10046036ybi; Wed, 24 Jul 2019 14:54:05 -0700 (PDT) X-Google-Smtp-Source: APXvYqwLJRMo6rMFluIk916jg+UMCKxBj+D18Dp+nMgtl+S1eevkWqld2eust1PtI7EnWl8Rwp9S X-Received: by 2002:a17:90a:4806:: with SMTP id a6mr90005430pjh.38.1564005245622; Wed, 24 Jul 2019 14:54:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564005245; cv=none; d=google.com; s=arc-20160816; b=l2r1QxatSYOZgKb3yW7C307c69xEnWm1csLmijnpSlemlWmuwZz0xMp3qk9wBSZ/vP ZQfXrMdAqLo4EDhP1iYtACFkBxcPFPku42uldS+oxguth38HDAmub2mMGVXxJxi3caQF 25DQZfg+TiX7eAzVnhUCYX/CEhiKokkYZL3jz+wQCuVGtwDFMUIORdrNsjq8LsxP6oIb JbQuDdSAIeAitlUMpZJFj6Cd4RVmmDtZZCb3z+dYl7a5sO6pTGcAFsGSf1ETEH7uaJRW iixynHbmaCMp3St9NsYsgrviQqD25sDM/RfvAgKMqptssBWN08w88eVQuNl1O5GXtZ3x mfhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=0RBA0r+HuUMJnUIFQULKwRjicj1pjNi4d1DCC8b97rk=; b=qfhrxuL8l9lg28F5LoaY0ZoBGiQf25OFM7n8z64mhTv56oWOnoi4If9FoagKNh6Q78 3MKsAci0vjTSruPEfwlgmf581d50Ey/OfJgRnLCPv85AY377ITcNvBbLWcgAUyLzVoFJ s7y4EzxqYKHqRZqER226mETPjqt6pNf1jxPmaN6Fjzp67NFa7Dp0SzQU2e2StHFAxacV CLTxmBpvUhE1yJ3JSBex7FjTZeISGt84nwvgrdZ8/P3jXlB9hwbSZjZ9ewPqaFosms/b xSmMoXpQKQrDIt0zf73+tw9LIEWn0SM9L3A/PF53i9Mh9b3u+aNoafJ1lZmSeUcxa85j xNqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=MF69AuNN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q26si15351716pgm.188.2019.07.24.14.53.50; Wed, 24 Jul 2019 14:54:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=MF69AuNN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728642AbfGXSke (ORCPT + 99 others); Wed, 24 Jul 2019 14:40:34 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:35167 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726001AbfGXSke (ORCPT ); Wed, 24 Jul 2019 14:40:34 -0400 Received: by mail-ed1-f65.google.com with SMTP id w20so47949390edd.2 for ; Wed, 24 Jul 2019 11:40:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=0RBA0r+HuUMJnUIFQULKwRjicj1pjNi4d1DCC8b97rk=; b=MF69AuNNNhhzCEKJkPUt7eAFK+sCltEUk6IkHaos7UwBGVBJPw9k+Fa8bJi0QGqWl8 04zOXGt5TnP6FuVbL3mx8zKSG32MNENIMg8bNJYTGYMoGCoiCMdPOfvGv18WkvqF5niP wzJeC1XNj0T0GgPM1l9TqaMjlpfIHmB+ChV3jMw1UsEKAAXYzEwk7c8CvNP/tcEQQ8u+ h895HSFmoxamLAZx25NA6vvEOcKhKr+zwDgVe4g7BIrOi/1aZm21/ORt70vo8bhaZ2rB psVKmAoi+e5kSYYNRQcgyPd7l1X0EZkByd9d0ef8rVpfhUC6/9pLza2a7l3F/u5okkQp qsFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=0RBA0r+HuUMJnUIFQULKwRjicj1pjNi4d1DCC8b97rk=; b=DIBzGLld7yqUMVjg+i55uxv4/JddAEz1aXqi4QM2XUVdNS7tlCs2k6n0W8Lp0+Z0EF EYGzFDVoeSDHaTG1AzfIWdtWVQplcXiZNQiEn1stNn7nCldL94h8PYWlRePT5Iwa5YE5 AVGf8W21P1DcBmOs7AsyFdKpwXx94G8r3AYrrzgIl/fjluVDt9Jl34qbiw+ftIQ74nvr h7sTlNv1UlTLQH4EmewWTj4OqNc3v0590m0tGvmJKGHluP4xPIXtTcxh/FNZscVc6cki j4uHy2qWDG1+OLyGCf9R3wNOdnZSRjS6JVMl28rxdwFxTYQspht8T7RYnOgnIqnwBlQq +5RA== X-Gm-Message-State: APjAAAWNfZP0MHRm8nggOXSuU4zd8fr1+kEtKN9umRzBrgMEbulj3JKz oS2CoDrZJ9y6A2j0bL0VWayUNs28 X-Received: by 2002:a17:906:154f:: with SMTP id c15mr63716333ejd.268.1563993631518; Wed, 24 Jul 2019 11:40:31 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id b19sm9400257eje.80.2019.07.24.11.40.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jul 2019 11:40:30 -0700 (PDT) Received: by box.localdomain (Postfix, from userid 1000) id E5B8010169F; Wed, 24 Jul 2019 21:40:15 +0300 (+03) Date: Wed, 24 Jul 2019 21:40:15 +0300 From: "Kirill A. Shutemov" To: "Lendacky, Thomas" Cc: Robin Murphy , "iommu@lists.linux-foundation.org" , "linux-kernel@vger.kernel.org" , "x86@kernel.org" , Christoph Hellwig , Marek Szyprowski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H . Peter Anvin" , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Lianbo Jiang Subject: Re: [PATCH] dma-direct: Force unencrypted DMA under SME for certain DMA masks Message-ID: <20190724184015.ye6gjoikowiyh63f@box> References: <10b83d9ff31bca88e94da2ff34e30619eb396078.1562785123.git.thomas.lendacky@amd.com> <20190724155530.hlingpcirjcf2ljg@box> <20190724181139.yebja5yflzjgfxlx@box> <9f9bfd05-0010-9050-20f0-8c89b2f039ef@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <9f9bfd05-0010-9050-20f0-8c89b2f039ef@amd.com> User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 24, 2019 at 06:30:21PM +0000, Lendacky, Thomas wrote: > On 7/24/19 1:11 PM, Kirill A. Shutemov wrote: > > On Wed, Jul 24, 2019 at 05:34:26PM +0000, Lendacky, Thomas wrote: > >> On 7/24/19 12:06 PM, Robin Murphy wrote: > >>> On 24/07/2019 17:42, Lendacky, Thomas wrote: > >>>> On 7/24/19 10:55 AM, Kirill A. Shutemov wrote: > >>>>> On Wed, Jul 10, 2019 at 07:01:19PM +0000, Lendacky, Thomas wrote: > >>>>>> @@ -351,6 +355,32 @@ bool sev_active(void) > >>>>>> ? } > >>>>>> ? EXPORT_SYMBOL(sev_active); > >>>>>> ? +/* Override for DMA direct allocation check - > >>>>>> ARCH_HAS_FORCE_DMA_UNENCRYPTED */ > >>>>>> +bool force_dma_unencrypted(struct device *dev) > >>>>>> +{ > >>>>>> +??? /* > >>>>>> +???? * For SEV, all DMA must be to unencrypted addresses. > >>>>>> +???? */ > >>>>>> +??? if (sev_active()) > >>>>>> +??????? return true; > >>>>>> + > >>>>>> +??? /* > >>>>>> +???? * For SME, all DMA must be to unencrypted addresses if the > >>>>>> +???? * device does not support DMA to addresses that include the > >>>>>> +???? * encryption mask. > >>>>>> +???? */ > >>>>>> +??? if (sme_active()) { > >>>>>> +??????? u64 dma_enc_mask = DMA_BIT_MASK(__ffs64(sme_me_mask)); > >>>>>> +??????? u64 dma_dev_mask = min_not_zero(dev->coherent_dma_mask, > >>>>>> +??????????????????????? dev->bus_dma_mask); > >>>>>> + > >>>>>> +??????? if (dma_dev_mask <= dma_enc_mask) > >>>>>> +??????????? return true; > >>>>> > >>>>> Hm. What is wrong with the dev mask being equal to enc mask? IIUC, it > >>>>> means that device mask is wide enough to cover encryption bit, doesn't it? > >>>> > >>>> Not really...? it's the way DMA_BIT_MASK works vs bit numbering. Let's say > >>>> that sme_me_mask has bit 47 set. __ffs64 returns 47 and DMA_BIT_MASK(47) > >>>> will generate a mask without bit 47 set (0x7fffffffffff). So the check > >>>> will catch anything that does not support at least 48-bit DMA. > >>> > >>> Couldn't that be expressed as just: > >>> > >>> ????if (sme_me_mask & dma_dev_mask == sme_me_mask) > >> > >> Actually !=, but yes, it could have been done like that, I just didn't > >> think of it. > > > > I'm looking into generalizing the check to cover MKTME. > > > > Leaving off the Kconfig changes and moving the check to other file, doest > > the change below look reasonable to you. It's only build tested so far. > > > > diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c > > index fece30ca8b0c..6c86adcd02da 100644 > > --- a/arch/x86/mm/mem_encrypt.c > > +++ b/arch/x86/mm/mem_encrypt.c > > @@ -355,6 +355,8 @@ EXPORT_SYMBOL(sev_active); > > /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */ > > bool force_dma_unencrypted(struct device *dev) > > { > > + u64 dma_enc_mask; > > + > > /* > > * For SEV, all DMA must be to unencrypted addresses. > > */ > > @@ -362,18 +364,20 @@ bool force_dma_unencrypted(struct device *dev) > > return true; > > > > /* > > - * For SME, all DMA must be to unencrypted addresses if the > > - * device does not support DMA to addresses that include the > > - * encryption mask. > > + * For SME and MKTME, all DMA must be to unencrypted addresses if the > > + * device does not support DMA to addresses that include the encryption > > + * mask. > > */ > > - if (sme_active()) { > > - u64 dma_enc_mask = DMA_BIT_MASK(__ffs64(sme_me_mask)); > > - u64 dma_dev_mask = min_not_zero(dev->coherent_dma_mask, > > - dev->bus_dma_mask); > > + if (!sme_active() && !mktme_enabled()) > > + return false; > > > > - if (dma_dev_mask <= dma_enc_mask) > > - return true; > > - } > > + dma_enc_mask = sme_me_mask | mktme_keyid_mask(); > > + > > + if (dev->coherent_dma_mask && (dev->coherent_dma_mask & dma_enc_mask) != dma_enc_mask) > > + return true; > > + > > + if (dev->bus_dma_mask && (dev->bus_dma_mask & dma_enc_mask) != dma_enc_mask) > > + return true; > > Do you want to err on the side of caution and return true if both masks > are zero? You could do the min_not_zero step and then return true if the > result is zero. Then just make the one comparison against dma_enc_mask. Something like this? diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index fece30ca8b0c..173d68b08c55 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -355,6 +355,8 @@ EXPORT_SYMBOL(sev_active); /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */ bool force_dma_unencrypted(struct device *dev) { + u64 dma_enc_mask, dma_dev_mask; + /* * For SEV, all DMA must be to unencrypted addresses. */ @@ -362,20 +364,17 @@ bool force_dma_unencrypted(struct device *dev) return true; /* - * For SME, all DMA must be to unencrypted addresses if the - * device does not support DMA to addresses that include the - * encryption mask. + * For SME and MKTME, all DMA must be to unencrypted addresses if the + * device does not support DMA to addresses that include the encryption + * mask. */ - if (sme_active()) { - u64 dma_enc_mask = DMA_BIT_MASK(__ffs64(sme_me_mask)); - u64 dma_dev_mask = min_not_zero(dev->coherent_dma_mask, - dev->bus_dma_mask); + if (!sme_active() && !mktme_enabled()) + return false; - if (dma_dev_mask <= dma_enc_mask) - return true; - } + dma_enc_mask = sme_me_mask | mktme_keyid_mask(); + dma_dev_mask = min_not_zero(dev->coherent_dma_mask, dev->bus_dma_mask); - return false; + return (dma_dev_mask & dma_enc_mask) != dma_enc_mask; } /* Architecture __weak replacement functions */ -- Kirill A. Shutemov