lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Feb 2024 13:20:03 +0100
From: Jeremi Piotrowski <jpiotrowski@...ux.microsoft.com>
To: Vishal Annapurve <vannapurve@...gle.com>, x86@...nel.org,
 linux-kernel@...r.kernel.org
Cc: pbonzini@...hat.com, rientjes@...gle.com, bgardon@...gle.com,
 seanjc@...gle.com, erdemaktas@...gle.com, ackerleytng@...gle.com,
 jxgao@...gle.com, sagis@...gle.com, oupton@...gle.com, peterx@...hat.com,
 vkuznets@...hat.com, dmatlack@...gle.com, pgonda@...gle.com,
 michael.roth@....com, kirill@...temov.name, thomas.lendacky@....com,
 dave.hansen@...ux.intel.com, linux-coco@...ts.linux.dev,
 chao.p.peng@...ux.intel.com, isaku.yamahata@...il.com,
 andrew.jones@...ux.dev, corbet@....net, hch@....de,
 m.szyprowski@...sung.com, bp@...e.de, rostedt@...dmis.org,
 iommu@...ts.linux.dev
Subject: Re: [RFC V1 3/5] x86: CVMs: Enable dynamic swiotlb by default for
 CVMs

On 12/01/2024 06:52, Vishal Annapurve wrote:
> CVMs used SWIOTLB for non-trusted IO using dma_map_* APIs. This series
> will ensure that dma_alloc_* API to also allocate from SWIOTLB pools.
> Initial size of SWIOTLB pool is decided using heuristics and has been
> working with CVM usecases so far.
> 
> It's better to allow SWIOTLB to scale up on demand rather than keeping
> the size fixed to avoid failures with possibly increased usage of
> SWIOTLB with dma_alloc_* APIs allocating from SWIOTLB pools. This should
> also help in future with more devices getting used from CVMs for
> non-trusted IO.
> 
> Signed-off-by: Vishal Annapurve <vannapurve@...gle.com>
> ---
>  arch/x86/Kconfig | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 1566748f16c4..035c8a022c4c 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -884,6 +884,7 @@ config INTEL_TDX_GUEST
>  	select X86_MEM_ENCRYPT
>  	select X86_MCE
>  	select UNACCEPTED_MEMORY
> +	select SWIOTLB_DYNAMIC
>  	help
>  	  Support running as a guest under Intel TDX.  Without this support,
>  	  the guest kernel can not boot or run under TDX.
> @@ -1534,6 +1535,7 @@ config AMD_MEM_ENCRYPT
>  	select ARCH_HAS_CC_PLATFORM
>  	select X86_MEM_ENCRYPT
>  	select UNACCEPTED_MEMORY
> +	select SWIOTLB_DYNAMIC
>  	help
>  	  Say yes to enable support for the encryption of system memory.
>  	  This requires an AMD processor that supports Secure Memory

What this does is unconditionally enable SWIOTLB_DYNAMIC for every kernel compiled
to support memory encryption, regardless of whether it runs inside a confidential guest.
I don't think that is what you intended.

Best wishes,
Jeremi



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ