Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1660300pxb; Mon, 11 Oct 2021 10:23:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw06w0RHdy6ouHn92egv5ul0WHJUuWVsKBdQLELpe65WApLCvhbjmw1U5+0zKoxGrK4cYjY X-Received: by 2002:a17:906:b247:: with SMTP id ce7mr27181949ejb.473.1633972999635; Mon, 11 Oct 2021 10:23:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633972999; cv=none; d=google.com; s=arc-20160816; b=nzC5DyFsl6KATJJRqcPMSlEaQRv8kqWpQw+6gDUKLd4Xsf8p7kmiZO0jGx2w+Sf1uP 0z1V8jLmN8c/JEQJ7PFo3m9eqT6qGr4jf5QodOLaaRBPB7y+3iuNpSLmgN09eKeATHmr WPh6EoYJuUngZZyJHKtcmPatzyxXNud6RJ3UupSPZwgsp9+m58djZ8hl04CwaJzw3B7o mWkXB05SuFRHKZ9uH4aY3iGRK3lkofSoe0Zxn0bFE+BCwMp6ePmQnjFUOuyzNgxvaXPX ghnyNgqDEvdYdDuzr4DFLmdqvQtEKBOb0h41OEsYJvefSwd/gdauTpXgwa5QUQ/WkDKf gq1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=60pRUpMDA+d0VcX1H7ww0x5DaVSA92hmwjZ9mCQf1Mo=; b=R5dY7qtkIdnX7TARRPXDgFe0bdBPU0ElYvnn404GHsVmTFCHR4jbVgbd8Nm6Qhn6LS uHS4Q/XjVBU3b6iQ7UPsIbzqpreG2bGvE/n8SdFrk8JkhUBUl7pG76cq6M3P7XWjD0vg UEEzYQGSBH9C/rQVsW16ra9kcGueFoStT1ODZBTYxHFdPfrGqQcCnUkAb86gKop2eRp+ 5cTaMy5+xyiaKugumXGcCymX57VLvgpbYTNZ94nWBcYl7zVRHrk4WyctQ2YK+FncBykG HDHlzF/qik5QS/VG7ipn+R6CToXb9ZGxyKGeuEihgTv2wzwL2KRN7E26HDdie9bSXd2w fK7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=HkO1FYSo; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dz22si17127620edb.197.2021.10.11.10.22.57; Mon, 11 Oct 2021 10:23:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=HkO1FYSo; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233977AbhJKRUH (ORCPT + 93 others); Mon, 11 Oct 2021 13:20:07 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:41290 "EHLO galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233954AbhJKRUH (ORCPT ); Mon, 11 Oct 2021 13:20:07 -0400 Date: Mon, 11 Oct 2021 17:18:04 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1633972685; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=60pRUpMDA+d0VcX1H7ww0x5DaVSA92hmwjZ9mCQf1Mo=; b=HkO1FYSo7FfAakTh+UgUfO4Ukfx8G5uuFBLFP+Z+8ktbiDoeXjBjQPkRMd6ouI8QuUWAwM V18xUnDgULDC2uwomqhuoG1kAUtoFL5h/aQ1hv6lXAMDnC+ZzqMw1G944ACEiTsn3niT00 3CygRme2bbm1OY3nbYelVi4Xjv3szKajOAEQuHpp+XM3uZxH1/D4uLQR496S0OUkmwKmhT FTfg+nVpDNIYgcbzpUHSVMgbu0jQMEiwAOR5g47RNTNetZorQ3HNYrlpsJtZU9FOwamb59 N9Lryg6adMIfZxFi9yQs3IaLBCH29NX8iuf/ny/Dd07fir1fFn0zA6fRGnxn6g== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1633972685; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=60pRUpMDA+d0VcX1H7ww0x5DaVSA92hmwjZ9mCQf1Mo=; b=z7de5qiL2C5baehYTfx/6xFFJst0w1v35iNbiGWPOAZ1ee7PlhEUWTu9mGz8qRDcDjmkYA MzJf3NhV4tLXfTCg== From: "tip-bot2 for Borislav Petkov" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/urgent] x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically Cc: Paul Menzel , Borislav Petkov , Alex Deucher , Tom Lendacky , , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <8bbacd0e-4580-3194-19d2-a0ecad7df09c@molgen.mpg.de> References: <8bbacd0e-4580-3194-19d2-a0ecad7df09c@molgen.mpg.de> MIME-Version: 1.0 Message-ID: <163397268455.25758.9385335529425752157.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 711885906b5c2df90746a51f4cd674f1ab9fbb1d Gitweb: https://git.kernel.org/tip/711885906b5c2df90746a51f4cd674f1ab9fbb1d Author: Borislav Petkov AuthorDate: Wed, 06 Oct 2021 19:34:55 +02:00 Committer: Borislav Petkov CommitterDate: Mon, 11 Oct 2021 19:14:22 +02:00 x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically This Kconfig option was added initially so that memory encryption is enabled by default on machines which support it. However, devices which have DMA masks that are less than the bit position of the encryption bit, aka C-bit, require the use of an IOMMU or the use of SWIOTLB. If the IOMMU is disabled or in passthrough mode, the kernel would switch to SWIOTLB bounce-buffering for those transfers. In order to avoid that, 2cc13bb4f59f ("iommu: Disable passthrough mode when SME is active") disables the default IOMMU passthrough mode so that devices for which the default 256K DMA is insufficient, can use the IOMMU instead. However 2, there are cases where the IOMMU is disabled in the BIOS, etc. (think the usual hardware folk "oops, I dropped the ball there" cases) or a driver doesn't properly use the DMA APIs or a device has a firmware or hardware bug, e.g.: ea68573d408f ("drm/amdgpu: Fail to load on RAVEN if SME is active") However 3, in the above GPU use case, there are APIs like Vulkan and some OpenGL/OpenCL extensions which are under the assumption that user-allocated memory can be passed in to the kernel driver and both the GPU and CPU can do coherent and concurrent access to the same memory. That cannot work with SWIOTLB bounce buffers, of course. So, in order for those devices to function, drop the "default y" for the SME by default active option so that users who want to have SME enabled, will need to either enable it in their config or use "mem_encrypt=on" on the kernel command line. [ tlendacky: Generalize commit message. ] Fixes: 7744ccdbc16f ("x86/mm: Add Secure Memory Encryption (SME) support") Reported-by: Paul Menzel Signed-off-by: Borislav Petkov Acked-by: Alex Deucher Acked-by: Tom Lendacky Cc: Link: https://lkml.kernel.org/r/8bbacd0e-4580-3194-19d2-a0ecad7df09c@molgen.mpg.de --- arch/x86/Kconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index bd70e8a..d9830e7 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1525,7 +1525,6 @@ config AMD_MEM_ENCRYPT config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT bool "Activate AMD Secure Memory Encryption (SME) by default" - default y depends on AMD_MEM_ENCRYPT help Say yes to have system memory encrypted by default if running on