Re: [PATCH v3] x86/pci-dma: add a SWIOTLB_ANY flag to lift the low mem limitation

From: Borislav Petkov

Date: Wed Jun 24 2026 - 01:13:29 EST

On Wed, Jun 24, 2026 at 03:23:39AM +0000, Miao, Jun wrote:
> >On Wed, Jun 24, 2026 at 01:53:39AM +0000, Miao, Jun wrote:
> >> Good suggestion and thank you for testing the ADM SEV-SNP.
> >
> >I don't think anyone tested it on SNP yet.
>
> I only know that SEV-SNP is a more advanced, third-generation feature.
> Are we using "SEV" here as a shorthand for these?

You have SEV, SEV-ES and SEV-SNP in the order of their appearance and in the
order they have gotten additional features. SNP is the one which is has
addressed the most if not all? confidential VM attack vectors. And that's the
one I care about as the other two are just the prerequisites to the SNP thing.
In my opinion only anyway.

> When using confidential VMs, users want to pass through both the high-speed
> network interface card (NIC) or an 8-GPUs setup into the CVMs. During data
> transfer, the SWIOTLB bounce buffer becomes a critical "hot path" acting as
> an intermediary for convertor between private and shared memory.
> consequently, the capacity requirement increases—otherwise, network or data
> transfer performance would be adversely affected.

Yes, that makes more sense. Pls add it to the commit message.

> What I mean to convey is that in TEE environments based on AMD SEV or Intel TDX,
> the core issue is the lack of trust in the hypervisor's VMM.

Then say it this way. Trusted hypervisor sounds like we trust the HV. Which we
absolutely do not.

> When using confidential VMs, users want to pass through both the high-speed
> network interface card (NIC) or an 8-GPUs setup into the CVMs. During data
> transfer, the SWIOTLB bounce buffer becomes a critical "hot path" acting as
> an intermediary for convertor between private and shared memory.
> consequently, the capacity requirement increases—otherwise, network or data
> transfer performance would be adversely affected
>
> Confidential VMs include AMD SEV and Intel TDX guests want to allocate
> a swiotlb buffer that is not restricted to low memory in TEE.

Sounds better, yes.

Except that we still need to test it on SNP.

Adding some folks on Cc who can do that and take a look at your patch and vet
it for SNP - my guest is still broken. :-\

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette