Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp1229332rdb; Mon, 2 Oct 2023 03:23:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFk4HOHiI1tN4pWEXZ3Dxy9//ra5nNf8ingr1jtFXzTO8Kh2BvwdGZn+xTL0dRT+mzR1DKv X-Received: by 2002:a17:902:720a:b0:1c5:f4c7:b4e4 with SMTP id ba10-20020a170902720a00b001c5f4c7b4e4mr9689087plb.39.1696242208054; Mon, 02 Oct 2023 03:23:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696242208; cv=none; d=google.com; s=arc-20160816; b=xY6p9RKrEdSDoyZ6ra/nl7H06IRcvI+KYmqv0wjeVre8KSsBlqbbvuBR90ZdB4WjO9 Dl2JCPRkonRnWoxEJskjJGep7aHmzAXVQoV1vhHZVp+OxGzBx59iWgeb1lp0yCIU43kf ML1oGO4KO0/6JtffJTY4koDvFnb3XN8dscsR4TBUzV1/K69zWLIHVgHWvz1Gy0FiC4V+ QpsOG4xquXbOrVhdvb3D1RTuRZXejSUja52NO3YOjd5Xve7U1c0Q78dcNLRFWbkvW3LZ IwTyI4O8uizvd54KDQsIE4TT6NWnSsjyvq5hI4DBs2jtkLFIdUhmWhQMVlMk5f469qVw P47g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=xKrjEJoQu8vf/NvlSc2HHiq1pJFTR4ryehyJM5vI2zc=; fh=u38i1+kAzM7mMbx0SfKj/ihag5xTOyGYI2YSOYj690Y=; b=gjmba4/tp5tJ+6Cjo8Xk83+V3m2zLg+hGSoerE35TDGGeplk8cUZcA5MOEOdHivqge k6M5vmzT8jp8cXfiMJfR4PBOt29zg8Oy4JAVRX9EDgBylbP523L/5jt8Uu42P+kCJA3C P2we1u9RqoxCNsAnMu0wY5Z5u7Hl++kPTl2Z0gUlVN1wICaMxlDjvA6wasJfi504xjdb g4xgAQ9i79B0sVvTNIqAdtIzwjpfUh7U+HH5KyZ8trza02TEUcIlS3ITEfSvUUyLCerS NsUGAwFM49CvK9kZ1+AqHyjAu9NRTtC70e57T27+7Ud4ry8PNvQHnir/0ZYFzqOOhfy5 Jz1A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=cdRGPp+a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id j5-20020a170903024500b001bb8df95094si29351909plh.509.2023.10.02.03.23.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Oct 2023 03:23:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=cdRGPp+a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 44453801D53F; Mon, 2 Oct 2023 01:16:51 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235821AbjJBIQt (ORCPT + 99 others); Mon, 2 Oct 2023 04:16:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43316 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235773AbjJBIQs (ORCPT ); Mon, 2 Oct 2023 04:16:48 -0400 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B877BD; Mon, 2 Oct 2023 01:16:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1696234605; x=1727770605; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=CCm0nCaUAWiZf/2jiZ9UIxoAuD9LhOTJ2OhX2TS+RIA=; b=cdRGPp+aNuYehGWNHSd2m2aYXoNn01XAXhV8dqyTzpLsDTa61VjFms8R 0BlRHB6Nr+GK1Y1AH9OGmeLjfWkh0y8/xUxrYVwYHjJpeJEpIyVejVYfC oHFqXdTmSQWIqTcEGihbro64cLtFe63UonrdiMNgOOYKgMt9DdaOQel9s irr+7gjfot1+Dwzlq4/gVAJ/hqCLYdqvvTedehQ7/Gf0BqymtoStO/WXI QCg8Bg7r8uPRbL2x++kBkxW49WYZKAd/VEPML3CNbq0/aIrq4gtb2sUkE KMKofiUdB1dGIVGXrJaSNB5ePjpzCie3ySCHbCrOXHML5V6cXgDTlSDcI w==; X-IronPort-AV: E=McAfee;i="6600,9927,10850"; a="449090682" X-IronPort-AV: E=Sophos;i="6.03,193,1694761200"; d="scan'208";a="449090682" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Oct 2023 01:16:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10850"; a="1081578756" X-IronPort-AV: E=Sophos;i="6.03,193,1694761200"; d="scan'208";a="1081578756" Received: from satiarax-mobl1.gar.corp.intel.com (HELO [10.249.254.231]) ([10.249.254.231]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Oct 2023 01:16:43 -0700 Message-ID: <2b5648aa-f83d-d8f7-b0fd-39c859f32f33@linux.intel.com> Date: Mon, 2 Oct 2023 10:16:40 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: [PATCH v2] drm/ttm: Make sure the mapped tt pages are decrypted when needed To: Zack Rusin , dri-devel@lists.freedesktop.org Cc: =?UTF-8?Q?Christian_K=c3=b6nig?= , Huang Rui , linux-kernel@vger.kernel.org, stable@vger.kernel.org References: <20230926040359.3040017-1-zack@kde.org> <20230926175113.679880-1-zack@kde.org> Content-Language: en-US From: =?UTF-8?Q?Thomas_Hellstr=c3=b6m?= In-Reply-To: <20230926175113.679880-1-zack@kde.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 02 Oct 2023 01:16:51 -0700 (PDT) Hi, Zack On 9/26/23 19:51, Zack Rusin wrote: > From: Zack Rusin > > Some drivers require the mapped tt pages to be decrypted. In an ideal > world this would have been handled by the dma layer, but the TTM page > fault handling would have to be rewritten to able to do that. > > A side-effect of the TTM page fault handling is using a dma allocation > per order (via ttm_pool_alloc_page) which makes it impossible to just > trivially use dma_mmap_attrs. As a result ttm has to be very careful > about trying to make its pgprot for the mapped tt pages match what > the dma layer thinks it is. At the ttm layer it's possible to > deduce the requirement to have tt pages decrypted by checking > whether coherent dma allocations have been requested and the system > is running with confidential computing technologies. > > This approach isn't ideal but keeping TTM matching DMAs expectations > for the page properties is in general fragile, unfortunately proper > fix would require a rewrite of TTM's page fault handling. > > Fixes vmwgfx with SEV enabled. > > v2: Explicitly include cc_platform.h > > Signed-off-by: Zack Rusin > Fixes: 3bf3710e3718 ("drm/ttm: Add a generic TTM memcpy move for page-based iomem") > Cc: Christian König > Cc: Thomas Hellström > Cc: Huang Rui > Cc: dri-devel@lists.freedesktop.org > Cc: linux-kernel@vger.kernel.org > Cc: # v5.14+ > --- > drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +++++++++++-- > drivers/gpu/drm/ttm/ttm_tt.c | 8 ++++++++ > include/drm/ttm/ttm_tt.h | 9 ++++++++- > 3 files changed, 27 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/ttm/ttm_bo_util.c b/drivers/gpu/drm/ttm/ttm_bo_util.c > index fd9fd3d15101..0b3f4267130c 100644 > --- a/drivers/gpu/drm/ttm/ttm_bo_util.c > +++ b/drivers/gpu/drm/ttm/ttm_bo_util.c > @@ -294,7 +294,13 @@ pgprot_t ttm_io_prot(struct ttm_buffer_object *bo, struct ttm_resource *res, > enum ttm_caching caching; > > man = ttm_manager_type(bo->bdev, res->mem_type); > - caching = man->use_tt ? bo->ttm->caching : res->bus.caching; > + if (man->use_tt) { > + caching = bo->ttm->caching; > + if (bo->ttm->page_flags & TTM_TT_FLAG_DECRYPTED) > + tmp = pgprot_decrypted(tmp); > + } else { > + caching = res->bus.caching; > + } > > return ttm_prot_from_caching(caching, tmp); > } > @@ -337,6 +343,8 @@ static int ttm_bo_kmap_ttm(struct ttm_buffer_object *bo, > .no_wait_gpu = false > }; > struct ttm_tt *ttm = bo->ttm; > + struct ttm_resource_manager *man = > + ttm_manager_type(bo->bdev, bo->resource->mem_type); > pgprot_t prot; > int ret; > > @@ -346,7 +354,8 @@ static int ttm_bo_kmap_ttm(struct ttm_buffer_object *bo, > if (ret) > return ret; > > - if (num_pages == 1 && ttm->caching == ttm_cached) { > + if (num_pages == 1 && ttm->caching == ttm_cached && > + !(man->use_tt && (ttm->page_flags & TTM_TT_FLAG_DECRYPTED))) { > /* > * We're mapping a single page, and the desired > * page protection is consistent with the bo. > diff --git a/drivers/gpu/drm/ttm/ttm_tt.c b/drivers/gpu/drm/ttm/ttm_tt.c > index e0a77671edd6..e4966e2c988d 100644 > --- a/drivers/gpu/drm/ttm/ttm_tt.c > +++ b/drivers/gpu/drm/ttm/ttm_tt.c > @@ -31,6 +31,7 @@ > > #define pr_fmt(fmt) "[TTM] " fmt > > +#include > #include > #include > #include > @@ -81,6 +82,13 @@ int ttm_tt_create(struct ttm_buffer_object *bo, bool zero_alloc) > pr_err("Illegal buffer object type\n"); > return -EINVAL; > } > + /* > + * When using dma_alloc_coherent with memory encryption the > + * mapped TT pages need to be decrypted or otherwise the drivers > + * will end up sending encrypted mem to the gpu. > + */ > + if (bdev->pool.use_dma_alloc && cc_platform_has(CC_ATTR_MEM_ENCRYPT)) You need to use CC_ATTR_GUEST_MEM_ENCRYPT here rather than CC_ATTR_MEM_ENCRYPT to avoid touching and breaking the SME case and only fix the SEV / SEV-ES case. I'd also hold off the stable inclusion until it's completely verified that this doesn't break anything because if it does, I suspect all hell will break loose. With that said, for the functionality Reviewed-by: Thomas Hellström But I think this needs a wider Ack at the ttm / drm level for the approach taken. /Thomas. > + page_flags |= TTM_TT_FLAG_DECRYPTED; > > bo->ttm = bdev->funcs->ttm_tt_create(bo, page_flags); > if (unlikely(bo->ttm == NULL)) > diff --git a/include/drm/ttm/ttm_tt.h b/include/drm/ttm/ttm_tt.h > index a4eff85b1f44..2b9d856ff388 100644 > --- a/include/drm/ttm/ttm_tt.h > +++ b/include/drm/ttm/ttm_tt.h > @@ -79,6 +79,12 @@ struct ttm_tt { > * page_flags = TTM_TT_FLAG_EXTERNAL | > * TTM_TT_FLAG_EXTERNAL_MAPPABLE; > * > + * TTM_TT_FLAG_DECRYPTED: The mapped ttm pages should be marked as > + * not encrypted. The framework will try to match what the dma layer > + * is doing, but note that it is a little fragile because ttm page > + * fault handling abuses the DMA api a bit and dma_map_attrs can't be > + * used to assure pgprot always matches. > + * > * TTM_TT_FLAG_PRIV_POPULATED: TTM internal only. DO NOT USE. This is > * set by TTM after ttm_tt_populate() has successfully returned, and is > * then unset when TTM calls ttm_tt_unpopulate(). > @@ -87,8 +93,9 @@ struct ttm_tt { > #define TTM_TT_FLAG_ZERO_ALLOC BIT(1) > #define TTM_TT_FLAG_EXTERNAL BIT(2) > #define TTM_TT_FLAG_EXTERNAL_MAPPABLE BIT(3) > +#define TTM_TT_FLAG_DECRYPTED BIT(4) > > -#define TTM_TT_FLAG_PRIV_POPULATED BIT(4) > +#define TTM_TT_FLAG_PRIV_POPULATED BIT(5) > uint32_t page_flags; > /** @num_pages: Number of pages in the page array. */ > uint32_t num_pages;