RE: Allocating SEV C-bit-cleared pages (without relying on swiotlb)

From: Michael Kelley
Date: Fri Mar 28 2025 - 12:31:08 EST


From: Teddy Astie <teddy.astie@xxxxxxxxxx> Sent: Thursday, March 27, 2025 7:12 AM
> To: linux-kernel@xxxxxxxxxxxxxxx; linux-mm@xxxxxxxxxxxxxxx
> Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
> Subject: Allocating SEV C-bit-cleared pages (without relying on swiotlb)
>
> Hello Linux mailing list !
>
> For porting Linux code to make it work on Xen with AMD-SEV, I need to
> change the allocation of some pages to use "shared pages" (C-bit
> cleared) instead of private pages (C-bit set, which is the default kind)
> as these pages needs to be shared with the hypervisor/Dom0.
>
> Is there a facility to allocate pages with C-bit cleared (and if not
> running under SEV, just allocate a plain page) ? Current Linux code for
> SEV seems to only rely on swiotlb as access to shared page is mostly
> made through DMA-kind devices (e.g virtio or emulated device), but I
> don't think it is the best approach.
>

For allocating memory that can be shared with the hypervisor,
allocate memory as usual (with alloc_pages(), for example), then
call set_memory_decrypted() on that memory. This approach
works in general for Confidential Computing (CoCo) VMs,
regardless of whether the underlying hardware is AMD SEV-SNP,
Intel TDX, or ARM64 CCA. If you are running in a non-CoCo
VM, set_memory_decrypted() is a no-op, so you can call it
without having to check whether you are in a CoCo VM.

When freeing the memory, do the reverse. Call
set_memory_encrypted() first, then free the memory as
usual. Note that if set_memory_encrypted() fails for any
reason, just leak the memory instead of freeing it because
the encrypted state is unknown after such a failure.

If you search for set_memory_decrypted() in kernel code,
you'll find several examples. See drivers/hv/hv_connection.c
as one place where code for running on Hyper-V follows
this paradigm. There are several other examples as well.

Michael