| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 May 2024 20:05:31 +0000 From: Michael Kelley <mhklinux@...look.com> To: Suravee Suthikulpanit <suravee.suthikulpanit@....com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "iommu@...ts.linux.dev" <iommu@...ts.linux.dev>, "joro@...tes.org" <joro@...tes.org> CC: "thomas.lendacky@....com" <thomas.lendacky@....com>, "vasant.hegde@....com" <vasant.hegde@....com>, "michael.roth@....com" <michael.roth@....com>, "jon.grimm@....com" <jon.grimm@....com>, "rientjes@...gle.com" <rientjes@...gle.com> Subject: RE: [PATCH 0/9] iommu/amd: Add AMD IOMMU emulation support for SEV-SNP guest kernel From: Suravee Suthikulpanit <suravee.suthikulpanit@....com> Sent: Tuesday, April 30, 2024 8:24 AM > > To boot a VM w/ x2APIC ID > 255, guest interrupt remapping emulation > is required. Top-level question: Is there a reason the MSI extended destination ID mechanism is insufficient to avoid the need for interrupt remapping? (see function pointer "msi_ext_dest_id"). I'm unclear on whether it is or not. If it is not sufficient, perhaps you could explain why. > For SEV guest, this can be achieved using an emulated > AMD IOMMU. You've used "SEV" here and in several other places. I think you intend this to be the more specific "SEV-SNP", and exclude SEV and SEV-ES. For avoid any confusion, I'd suggest using "SEV-SNP" throughout if that's what you mean. Michael > > In order to support emulated AMD IOMMU in SEV guest, memory pages used > by the guest IOMMU data structures must be in decrypted mode. Also GPAs > for these pages must not have the memory encryption bit set. > > Testing: > - Booting Linux SEV guest w/ 512 vcpus w/ QEMU emulated amd-iommu with > qemu-system-x86_64 option: -device amd-iommu,intremap=on,xtsup=on > (emulated devices only for now). > > GIT repos: > * https://github.com/AMDESE/linux-iommu/tree/iommu_next_sev-iommu-v1 > > Thanks, > Suravee > > Suravee Suthikulpanit (9): > iommu/amd: Introduce helper functions for managing IOMMU memory > iommu/amd: Convert Device Table pointer to use struct amd_iommu_mem > iommu/amd: Convert Command Buffer pointer to use struct amd_iommu_mem > iommu/amd: Convert Completion-Wait Semaphore pointer to use struct > amd_iommu_mem > iommu/amd: Convert Event Log pointer to use struct amd_iommu_mem > iommu/amd: Convert PPR Log pointer to use the struct amd_iommu_mem > iommu/amd: Remove iommu_alloc_4k_pages() helper function > iommu/amd: Decrypt interrupt remapping table for AMD IOMMU emulation > in SEV guest > iommu/amd: Set default domain to IDENTITY_DOMAIN when running in SEV > guest > > drivers/iommu/amd/amd_iommu.h | 31 +++++- > drivers/iommu/amd/amd_iommu_types.h | 28 ++++-- > drivers/iommu/amd/init.c | 144 +++++++++++++++------------- > drivers/iommu/amd/iommu.c | 133 +++++++++++++++++++------ > drivers/iommu/amd/ppr.c | 22 +++-- > 5 files changed, 246 insertions(+), 112 deletions(-) > > -- > 2.34.1 >
Powered by blists - more mailing lists