From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-bl2nam02on0623.outbound.protection.outlook.com ([2a01:111:f400:fe46::623] helo=NAM02-BL2-obe.outbound.protection.outlook.com) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1dUd35-0007oY-E2 for kexec@lists.infradead.org; Mon, 10 Jul 2017 18:04:45 +0000 Subject: Re: [PATCH v9 00/38] x86: Secure Memory Encryption (AMD) References: <20170707133804.29711.1616.stgit@tlendack-t1.amdoffice.net> <20170708092426.prf7xmmnv6xvdqx4@gmail.com> From: Tom Lendacky Message-ID: Date: Mon, 10 Jul 2017 13:04:11 -0500 MIME-Version: 1.0 In-Reply-To: <20170708092426.prf7xmmnv6xvdqx4@gmail.com> Content-Language: en-US List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: Ingo Molnar Cc: linux-efi@vger.kernel.org, Brijesh Singh , Toshimitsu Kani , linux-doc@vger.kernel.org, Matt Fleming , x86@kernel.org, linux-mm@kvack.org, =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Alexander Potapenko , "H. Peter Anvin" , Larry Woodman , linux-arch@vger.kernel.org, kvm@vger.kernel.org, Jonathan Corbet , Joerg Roedel , "Michael S. Tsirkin" , kasan-dev@googlegroups.com, Ingo Molnar , Andrey Ryabinin , Dave Young , Rik van Riel , Arnd Bergmann , Konrad Rzeszutek Wilk , Borislav Petkov , Andy Lutomirski , Boris Ostrovsky , Dmitry Vyukov , Juergen Gross , kexec@lists.infradead.org, linux-kernel@vger.kernel.org, xen-devel@lists.xen.org, iommu@lists.linux-foundation.org, Thomas Gleixner , Paolo Bonzini On 7/8/2017 4:24 AM, Ingo Molnar wrote: > > * Tom Lendacky wrote: > >> This patch series provides support for AMD's new Secure Memory Encryption (SME) >> feature. > > I'm wondering, what's the typical performance hit to DRAM access latency when SME > is enabled? It's about an extra 10 cycles of DRAM latency when performing an encryption or decryption operation. > > On that same note, if the performance hit is noticeable I'd expect SME to not be > enabled in native kernels typically - but still it looks like a useful hardware In some internal testing we've seen about 1.5% or less reduction in performance. Of course it all depends on the workload: the number of memory accesses, cache friendliness, etc. > feature. Since it's controlled at the page table level, have you considered > allowing SME-activated vmas via mmap(), even on kernels that are otherwise not > using encrypted DRAM? That is definitely something to consider as an additional SME-related feature and something I can look into after this. Thanks, Tom > > One would think that putting encryption keys into such encrypted RAM regions would > generally improve robustness against various physical space attacks that want to > extract keys but don't have full control of the CPU. > > Thanks, > > Ingo > _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec