lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 26 May 2021 17:02:20 -0500
From:   Tom Lendacky <thomas.lendacky@....com>
To:     "Kuppuswamy, Sathyanarayanan" 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        Borislav Petkov <bp@...en8.de>
Cc:     Sean Christopherson <seanjc@...gle.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Andy Lutomirski <luto@...nel.org>,
        Dan Williams <dan.j.williams@...el.com>,
        Tony Luck <tony.luck@...el.com>,
        Kirill Shutemov <kirill.shutemov@...ux.intel.com>,
        Kuppuswamy Sathyanarayanan <knsathya@...nel.org>,
        Raj Ashok <ashok.raj@...el.com>, linux-kernel@...r.kernel.org,
        Brijesh Singh <brijesh.singh@....com>
Subject: Re: [RFC v2 28/32] x86/tdx: Make pages shared in ioremap()



On 5/26/21 4:37 PM, Kuppuswamy, Sathyanarayanan wrote:
> 
> 
> On 5/21/21 9:19 AM, Tom Lendacky wrote:
>> In arch/x86/mm/mem_encrypt.c, sme_early_init() (should have renamed that
>> when SEV support was added), we do:
>>     if (sev_active())
>>         swiotlb_force = SWIOTLB_FORCE;
>>
>> TDX should be able to do a similar thing without having to touch
>> arch/x86/kernel/pci-swiotlb.c.
>>
>> That would remove any confusion over SME being part of a
>> protected_guest_has() call.
> 
> You mean sme_active() check in arch/x86/kernel/pci-swiotlb.c is redundant?

No, the sme_active() check is required to make sure that SWIOTLB is
available under SME. Encrypted DMA is supported under SME if the device
supports 64-bit DMA. But if the device doesn't support 64-bit DMA and the
IOMMU is not active, then DMA will be bounced through SWIOTLB.

As compared to SEV, where all DMA has to be bounced through SWIOTLB or
unencrypted memory. For that, swiotlb_force is used.

Thanks,
Tom

> 
>  41 int __init pci_swiotlb_detect_4gb(void)
>  42 {
>  43         /* don't initialize swiotlb if iommu=off (no_iommu=1) */
>  44         if (!no_iommu && max_possible_pfn > MAX_DMA32_PFN)
>  45                 swiotlb = 1;
>  46
>  47         /*
>  48          * If SME is active then swiotlb will be set to 1 so that bounce
>  49          * buffers are allocated and used for devices that do not support
>  50          * the addressing range required for the encryption mask.
>  51          */
>  52         if (sme_active() || is_tdx_guest())
>  53                 swiotlb = 1;
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ