Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp5106308iob; Mon, 9 May 2022 08:43:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwuiFDFZoB4KGlwUI+8rViklFJgRsq5Mx1pEmwtpk2ZWb3EJGKH/fPpKj6M3jtBb2qlPWxU X-Received: by 2002:a05:6a00:21c8:b0:4c4:4bd:dc17 with SMTP id t8-20020a056a0021c800b004c404bddc17mr16723412pfj.57.1652111037585; Mon, 09 May 2022 08:43:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652111037; cv=none; d=google.com; s=arc-20160816; b=QZu9ZEiFp8r6o96+OCjjYG75TIpGhUjt5hDLw0YCF5gwW2jMyrmQztEnPx/IHSy4LV olaYpEW5TpDcuj8wOjuEEThsGDjPB8irpSMgErnrTYl8593XpH1L+mM4+Kp5H5gJuqls 80Wm8yZMZ2yDj4Dz2THqanuyF3aSYsf/QO+P6lxc6ceNTG9mqA/uJalhM0OL3/SJYA+N 11s+2rrJCMqdYA67AiijzC1hNU3HPQwuERNCRgkge65qM4Crn4fTyou5ETPhockZnI5P +bvMxoR2Zbg/LHbx1ouzktR0aWMkt1672Eh7DpBDKfgUVni9Q3SUCHoTauzWN9uZN4/1 izfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=QhpICLzte6h2dllwbzQy8pD5X+vrEfP9p5Z6kraePp0=; b=n9W5c6OQ6xkc2wpgoWHk1ZXI6E9nx67Kgx+2UTmjI8+zkFPLu6diiXIaUBqzXn4Zrm WksOMbs6QyE/8N4B2VRwJ7kkFrAqY7epzYG5xN5epBOP+LjZvbWuEuW6+W9HSiwawslq GoWXVR6BuWKj1u8RH6ZamZX4cpKXjt84jOIOps0WoU21BpdoPcqOCTbCbqOxBCXBetVQ lxZGYhutuNJ4s/xwxkH6az+L6wu17QFpKxcrsc0PibLA9HoOgSHaNIXTB2QX5mtwhES5 vo6RUJ6v0U8FzFKS4qlOkyEvnrVTPwt/fZzwBvfwgvPVjfowHK7ZpIrFzQiC+w8raZRY FnOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=l3ZvzI1Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id d12-20020a630e0c000000b003aa7f4f1a32si14088267pgl.588.2022.05.09.08.43.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 May 2022 08:43:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=l3ZvzI1Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 52A2C1B7937; Mon, 9 May 2022 08:35:45 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238524AbiEIPjd (ORCPT + 99 others); Mon, 9 May 2022 11:39:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57266 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238470AbiEIPjb (ORCPT ); Mon, 9 May 2022 11:39:31 -0400 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 022B53BBDF for ; Mon, 9 May 2022 08:35:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652110537; x=1683646537; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=XS/v6rosssf0DyqOwJ5B9g1oPnMSnoSeVg0C434Vg+0=; b=l3ZvzI1Z7j5iQbsxCEG9JBi7p2MMFWlgbcPDff/96Q6WE2yA7OBm0qgS ZcL1irRH98zazbNz9IaLztyKqv4RpRHycXcVig23UK5j5IbX67/KwK03U hMcPyDAkQRKCDMRM4WIEV8Zus4tDqrZQc8paFCWazjgw7tqRF0y3c2KS7 gb3bW6GkHZ3G+/jRsVWbhbfKSt+yVxeDdjhyo2XJjGXccCeEdq5MXal4v TFQmrFrl084pcdKpn9816R7PIFpwhMauv0ZevYJMnTVxk3c5qADB/q3n8 RPjJlvIZJsQ7uEir1EYmh6O6vQw5KrFEQJvy/Bf+N+Ymz6D+bIV9BCHeX Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10342"; a="332120017" X-IronPort-AV: E=Sophos;i="5.91,211,1647327600"; d="scan'208";a="332120017" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 May 2022 08:35:37 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,211,1647327600"; d="scan'208";a="813525451" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga006.fm.intel.com with ESMTP; 09 May 2022 08:35:33 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id D7E0ED1; Mon, 9 May 2022 18:35:34 +0300 (EEST) Date: Mon, 9 May 2022 18:35:34 +0300 From: "Kirill A. Shutemov" To: Dave Hansen Cc: "Kirill A. Shutemov" , Kai Huang , Sathyanarayanan Kuppuswamy , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H . Peter Anvin" , Tony Luck , Andi Kleen , Wander Lairson Costa , Isaku Yamahata , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH v5 3/3] x86/tdx: Add Quote generation support Message-ID: <20220509153534.i6v4xcb2g24ia2i4@black.fi.intel.com> References: <40ccd0f0-35a1-5aa7-9e51-25ab196d79e5@linux.intel.com> <2ed5c9cc316950a5a47ee714715b7980f358a140.camel@intel.com> <20220507004236.5p5dyksftge7wwr3@black.fi.intel.com> <45d184273f1950320843f6696eb3071f7d354fd3.camel@intel.com> <20220509120927.7rg6v5pyc3f4pxsh@box.shutemov.name> <4506e2c2-af4b-623d-5618-48269e65c295@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4506e2c2-af4b-623d-5618-48269e65c295@intel.com> X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 09, 2022 at 07:14:20AM -0700, Dave Hansen wrote: > On 5/9/22 05:09, Kirill A. Shutemov wrote: > > Private->Shared conversion is destructive. You have to split SEPT, flush > > TLB. Backward conversion even more costly. > > > > Rule of thumb is avoid conversion where possible. DMA API is there for > > you. > > Kirill, I understand that the DMA API is a quick fix today. But is it > _really_ the right long-term interface? Yes, I think so. > There will surely come a time when TDX I/O devices won't be using fixed > bounce buffers. What will the quote generation code do then? How will > we know to come back around and fix this up? VirtIO will not go away with TDX I/O in picture. TDX I/O will be addition to existing stuff, not replacement. And we have hooks in place to accommodate this: force_dma_unencrypted() will return false for devices capable of TDX I/O. While the rest of devices, including VirtIO and attestation, keep using existing paths with swiotlb. > Does SEV or the s390 ultravisor need anything like this? At quick glance sev-guest.c uses set_memory_decrypted()/encrypted() for allocation and freeing shared memory. I consider it inferior to using DMA API. -- Kirill A. Shutemov