Am 03.09.19 um 23:05 schrieb Thomas HellstrÃm (VMware):
On 9/3/19 10:51 PM, Dave Hansen wrote:Well my problem is where do you see encrypted system memory here?
On 9/3/19 1:36 PM, Thomas HellstrÃm (VMware) wrote:With SEV I think that we could possibly establish the encryption flags
So the question here should really be, can we determine already at mmapI'm not connecting the dots.
time whether backing memory will be unencrypted and adjust the *real*
vma->vm_page_prot under the mmap_sem?
Possibly, but that requires populating the buffer with memory at mmap
time rather than at first fault time.
vma->vm_page_prot is used to create a VMA's PTEs regardless of if they
are created at mmap() or fault time.Â If we establish a good
vma->vm_page_prot, can't we just use it forever for demand faults?
at vma creation time. But thinking of it, it would actually break with
SME where buffer content can be moved between encrypted system memory
and unencrypted graphics card PCI memory behind user-space's back.
That would imply killing all user-space encrypted PTEs and at fault
time set up new ones pointing to unencrypted PCI memory..
At least for AMD GPUs all memory accessed must be unencrypted and that
counts for both system as well as PCI memory.
So I don't get why we can't assume always unencrypted and keep it like that.