Re: [RFC Part1 PATCH v3 12/17] x86/mm: DMA support for SEV memory encryption

From: Tom Lendacky
Date: Thu Aug 17 2017 - 15:35:47 EST




On 8/6/2017 10:48 PM, Borislav Petkov wrote:
On Mon, Jul 24, 2017 at 02:07:52PM -0500, Brijesh Singh wrote:
From: Tom Lendacky <thomas.lendacky@xxxxxxx>

DMA access to memory mapped as encrypted while SEV is active can not be
encrypted during device write or decrypted during device read.

Yeah, definitely rewrite that sentence.

Heh, yup.


In order
for DMA to properly work when SEV is active, the SWIOTLB bounce buffers
must be used.

Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
---
arch/x86/mm/mem_encrypt.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++
lib/swiotlb.c | 5 +--
2 files changed, 89 insertions(+), 2 deletions

...

@@ -202,6 +280,14 @@ void __init mem_encrypt_init(void)
/* Call into SWIOTLB to update the SWIOTLB DMA buffers */
swiotlb_update_mem_attributes();
+ /*
+ * With SEV, DMA operations cannot use encryption. New DMA ops
+ * are required in order to mark the DMA areas as decrypted or
+ * to use bounce buffers.
+ */
+ if (sev_active())
+ dma_ops = &sme_dma_ops;

Well, we do differentiate between SME and SEV and the check is
sev_active but the ops are called sme_dma_ops. Call them sev_dma_ops
instead for less confusion.

Yup, will do.

Thanks,
Tom