Re: AMD SME encrpytion and PCI BAR pages to user space

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Gunthorpe <jgg@nvidia.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
	linux-arch@vger.kernel.org, linux-mm@kvack.org,
	kvm@vger.kernel.org, "Radim Krčmář" <rkrcmar@redhat.com>,
	"Arnd Bergmann" <arnd@arndb.de>,
	"Matt Fleming" <matt@codeblueprint.co.uk>,
	"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
	"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
	"Ingo Molnar" <mingo@redhat.com>,
	"Borislav Petkov" <bp@alien8.de>,
	"Andy Lutomirski" <luto@kernel.org>,
	"H. Peter Anvin" <hpa@zytor.com>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Alexander Potapenko" <glider@google.com>,
	"Thomas Gleixner" <tglx@linutronix.de>,
	"Dmitry Vyukov" <dvyukov@google.com>,
	"Rik van Riel" <riel@redhat.com>,
	"Larry Woodman" <lwoodman@redhat.com>,
	"Dave Young" <dyoung@redhat.com>,
	"Toshimitsu Kani" <toshi.kani@hpe.com>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	"Brijesh Singh" <brijesh.singh@amd.com>
Subject: Re: AMD SME encrpytion and PCI BAR pages to user space
Date: Mon, 19 Oct 2020 14:00:29 -0300	[thread overview]
Message-ID: <20201019170029.GU6219@nvidia.com> (raw)
In-Reply-To: <4b9f13bf-3f82-1aed-c7be-0eaecebc5d82@amd.com>

On Mon, Oct 19, 2020 at 11:36:16AM -0500, Tom Lendacky wrote:

> > Is RDMA missing something? I don't see anything special in VFIO for
> > instance and the two are very similar - does VFIO work with SME, eg
> > DPDK or something unrelated to virtualization?
> 
> If user space is mapping un-encrypted memory, then, yes, it would seem
> that there is a gap in the support where the pgprot_decrypted() would be
> needed in order to override the protection map.

It isn't "memory" it is PCI BAR pages, eg memory mapped IO

> > Is there a reason not to just add prot_decrypted() to
> > io_remap_pfn_range()? Is there use cases where a caller actually wants
> > encrypted io memory?
> 
> As long as you never have physical memory / ram being mapped in this path,
> it seems that applying pgprot_decrypted() would be ok.

I think the word 'io' implies this is the case..

Let me make a patch for this avenue then, I think it is not OK to add
pgprot_decrypted to every driver.. We already have the special
distinction with io and non-io remap, that seems better.

> > I saw your original patch series edited a few drivers this way, but
> > not nearly enough. So I feel like I'm missing something.. Does vfio
> > work with SME? I couldn't find any sign of it calling prot_decrypted()
> > either?
> 
> I haven't tested SME with VFIO/DPDK.

Hum, I assume it is broken also. Actually quite a swath of drivers
and devices will be broken under this :\

Jason

next prev parent reply	other threads:[~2020-10-19 17:00 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-19 15:25 AMD SME encrpytion and PCI BAR pages to user space Jason Gunthorpe
2020-10-19 16:36 ` Tom Lendacky
2020-10-19 17:00   ` Jason Gunthorpe [this message]
2020-10-19 17:11     ` Tom Lendacky
2020-10-19 17:25       ` Jason Gunthorpe
2020-10-21 11:59   ` Jason Gunthorpe
2020-10-21 15:30     ` Tom Lendacky
2020-10-21 16:03       ` Jason Gunthorpe
2020-10-27  8:43         ` Christoph Hellwig
2020-10-27 11:58           ` Jason Gunthorpe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201019170029.GU6219@nvidia.com \
    --to=jgg@nvidia.com \
    --cc=arnd@arndb.de \
    --cc=aryabinin@virtuozzo.com \
    --cc=bp@alien8.de \
    --cc=brijesh.singh@amd.com \
    --cc=dvyukov@google.com \
    --cc=dyoung@redhat.com \
    --cc=glider@google.com \
    --cc=hpa@zytor.com \
    --cc=konrad.wilk@oracle.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=luto@kernel.org \
    --cc=lwoodman@redhat.com \
    --cc=matt@codeblueprint.co.uk \
    --cc=mingo@redhat.com \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=riel@redhat.com \
    --cc=rkrcmar@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=toshi.kani@hpe.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.