Re: [PATCH v5 3/3] x86/tdx: Add Quote generation support

[Sathyanarayanan Kuppuswamy]

On 5/9/22 8:35 AM, Kirill A. Shutemov wrote:
> On Mon, May 09, 2022 at 07:14:20AM -0700, Dave Hansen wrote:
> > On 5/9/22 05:09, Kirill A. Shutemov wrote:
> > > Private->Shared conversion is destructive. You have to split SEPT, flush
> > > TLB. Backward conversion even more costly.
> > >
> > > Rule of thumb is avoid conversion where possible. DMA API is there for
> > > you.
> >
> > Kirill, I understand that the DMA API is a quick fix today.  But is it
> > _really_ the right long-term interface?
>
> Yes, I think so.
>
> > There will surely come a time when TDX I/O devices won't be using fixed
> > bounce buffers.  What will the quote generation code do then?  How will
> > we know to come back around and fix this up?
>
> VirtIO will not go away with TDX I/O in picture. TDX I/O will be addition
> to existing stuff, not replacement.
>
> And we have hooks in place to accommodate this: force_dma_unencrypted()
> will return false for devices capable of TDX I/O. While the rest of
> devices, including VirtIO and attestation, keep using existing paths with
> swiotlb.
>
> > Does SEV or the s390 ultravisor need anything like this?
>
> At quick glance sev-guest.c uses set_memory_decrypted()/encrypted() for
> allocation and freeing shared memory. I consider it inferior to using DMA
> API.

Following is the link for the SEV attestation driver. It does seem to
use alloc_pages() and set_memory_*() calls.

https://lore.kernel.org/lkml/20220307215344.2799259-1-brijesh.singh@xxxxxxx/

>

--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer