From: Roman Kisel <romank@linux.microsoft.com>
To: Robin Murphy <robin.murphy@arm.com>,
aleksander.lobakin@intel.com, andriy.shevchenko@linux.intel.com,
arnd@arndb.de, bp@alien8.de, catalin.marinas@arm.com,
corbet@lwn.net, dakr@kernel.org, dan.j.williams@intel.com,
dave.hansen@linux.intel.com, decui@microsoft.com,
gregkh@linuxfoundation.org, haiyangz@microsoft.com, hch@lst.de,
hpa@zytor.com, James.Bottomley@HansenPartnership.com,
Jonathan.Cameron@huawei.com, kys@microsoft.com, leon@kernel.org,
lukas@wunner.de, luto@kernel.org, m.szyprowski@samsung.com,
martin.petersen@oracle.com, mingo@redhat.com,
peterz@infradead.org, quic_zijuhu@quicinc.com,
tglx@linutronix.de, wei.liu@kernel.org, will@kernel.org,
iommu@lists.linux.dev, linux-arch@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org,
linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-scsi@vger.kernel.org, x86@kernel.org
Cc: apais@microsoft.com, benhill@microsoft.com,
bperkins@microsoft.com, sunilmut@microsoft.com,
Suzuki K Poulose <suzuki.poulose@arm.com>
Subject: Re: [PATCH hyperv-next 5/6] arch, drivers: Add device struct bitfield to not bounce-buffer
Date: Wed, 9 Apr 2025 09:44:03 -0700 [thread overview]
Message-ID: <0ab2849a-5c03-4a8c-891e-3cb89b20b0e4@linux.microsoft.com> (raw)
In-Reply-To: <0eb87302-fae8-4708-aaf8-d16e836e727f@arm.com>
On 4/9/2025 9:03 AM, Robin Murphy wrote:
> On 2025-04-09 1:08 am, Roman Kisel wrote:
>> Bounce-buffering makes the system spend more time copying
>> I/O data. When the I/O transaction take place between
>> a confidential and a non-confidential endpoints, there is
>> no other way around.
>>
>> Introduce a device bitfield to indicate that the device
>> doesn't need to perform bounce buffering. The capable
>> device may employ it to save on copying data around.
>
> It's not so much about bounce buffering, it's more fundamentally about
> whether the device is trusted and able to access private memory at all
> or not. And performance is hardly the biggest concern either - if you do
> trust a device to operate on confidential data in private memory, then
> surely it is crucial to actively *prevent* that data ever getting into
> shared SWIOTLB pages where anyone else could also get at it. At worst
> that means CoCo VMs might need an *additional* non-shared SWIOTLB to
> support trusted devices with addressing limitations (and/or
> "swiotlb=force" debugging, potentially).
Thanks, I should've highlighted that facet most certainly!
>
> Also whatever we do for this really wants to tie in with the nascent
> TDISP stuff as well, since we definitely don't want to end up with more
> than one notion of whether a device is in a trusted/locked/private/etc.
> vs. unlocked/shared/etc. state with respect to DMA (or indeed anything
> else if we can avoid it).
Wouldn't TDISP be per-device as well? In which case, a flag would be
needed just as being added in this patch.
Although, there must be a difference between a device with TDISP where
the flag would be the indication of the feature, and this code where the
driver may flip that back and forth...
Do you feel this is shoehorned in `struct device`? I couldn't find an
appropriate private (== opaque pointer) part in the structure to store
that bit (`struct device_private` wouldn't fit the bill) and looked like
adding it to the struct itself would do no harm. However, my read of the
room is that folks see that as dubious :)
What would be your opinion on where to store that flag to tie together
its usage in the Hyper-V SCSI and not bounce-buffering?
>
> Thanks,
> Robin.
>
>> Signed-off-by: Roman Kisel <romank@linux.microsoft.com>
>> ---
>> arch/x86/mm/mem_encrypt.c | 3 +++
>> include/linux/device.h | 8 ++++++++
>> include/linux/dma-direct.h | 3 +++
>> include/linux/swiotlb.h | 3 +++
>> 4 files changed, 17 insertions(+)
>>
>> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
>> index 95bae74fdab2..6349a02a1da3 100644
>> --- a/arch/x86/mm/mem_encrypt.c
>> +++ b/arch/x86/mm/mem_encrypt.c
>> @@ -19,6 +19,9 @@
>> /* Override for DMA direct allocation check -
>> ARCH_HAS_FORCE_DMA_UNENCRYPTED */
>> bool force_dma_unencrypted(struct device *dev)
>> {
>> + if (dev->use_priv_pages_for_io)
>> + return false;
>> +
>> /*
>> * For SEV, all DMA must be to unencrypted addresses.
>> */
>> diff --git a/include/linux/device.h b/include/linux/device.h
>> index 80a5b3268986..4aa4a6fd9580 100644
>> --- a/include/linux/device.h
>> +++ b/include/linux/device.h
>> @@ -725,6 +725,8 @@ struct device_physical_location {
>> * @dma_skip_sync: DMA sync operations can be skipped for coherent
>> buffers.
>> * @dma_iommu: Device is using default IOMMU implementation for DMA and
>> * doesn't rely on dma_ops structure.
>> + * @use_priv_pages_for_io: Device is using private pages for I/O, no
>> need to
>> + * bounce-buffer.
>> *
>> * At the lowest level, every device in a Linux system is
>> represented by an
>> * instance of struct device. The device structure contains the
>> information
>> @@ -843,6 +845,7 @@ struct device {
>> #ifdef CONFIG_IOMMU_DMA
>> bool dma_iommu:1;
>> #endif
>> + bool use_priv_pages_for_io:1;
>> };
>> /**
>> @@ -1079,6 +1082,11 @@ static inline bool
>> dev_removable_is_valid(struct device *dev)
>> return dev->removable != DEVICE_REMOVABLE_NOT_SUPPORTED;
>> }
>> +static inline bool dev_priv_pages_for_io(struct device *dev)
>> +{
>> + return dev->use_priv_pages_for_io;
>> +}
>> +
>> /*
>> * High level routines for use by the bus drivers
>> */
>> diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h
>> index d7e30d4f7503..b096369f847e 100644
>> --- a/include/linux/dma-direct.h
>> +++ b/include/linux/dma-direct.h
>> @@ -94,6 +94,9 @@ static inline dma_addr_t
>> phys_to_dma_unencrypted(struct device *dev,
>> */
>> static inline dma_addr_t phys_to_dma(struct device *dev, phys_addr_t
>> paddr)
>> {
>> + if (dev_priv_pages_for_io(dev))
>> + return phys_to_dma_unencrypted(dev, paddr);
>> +
>> return __sme_set(phys_to_dma_unencrypted(dev, paddr));
>> }
>> diff --git a/include/linux/swiotlb.h b/include/linux/swiotlb.h
>> index 3dae0f592063..35ee10641b42 100644
>> --- a/include/linux/swiotlb.h
>> +++ b/include/linux/swiotlb.h
>> @@ -173,6 +173,9 @@ static inline bool is_swiotlb_force_bounce(struct
>> device *dev)
>> {
>> struct io_tlb_mem *mem = dev->dma_io_tlb_mem;
>> + if (dev_priv_pages_for_io(dev))
>> + return false;
>> +
>> return mem && mem->force_bounce;
>> }
>
--
Thank you,
Roman
next prev parent reply other threads:[~2025-04-09 16:44 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-09 0:08 [PATCH hyperv-next 0/6] Confidential VMBus Roman Kisel
2025-04-09 0:08 ` [PATCH hyperv-next 1/6] Documentation: hyperv: " Roman Kisel
2025-04-10 16:54 ` ALOK TIWARI
2025-04-10 19:10 ` Roman Kisel
2025-04-25 6:31 ` Wei Liu
2025-04-09 0:08 ` [PATCH hyperv-next 2/6] drivers: hyperv: VMBus protocol version 6.0 Roman Kisel
2025-04-10 17:03 ` ALOK TIWARI
2025-04-09 0:08 ` [PATCH hyperv-next 3/6] arch: hyperv: Get/set SynIC synth.registers via paravisor Roman Kisel
2025-04-09 0:08 ` [PATCH hyperv-next 4/6] arch: x86, drivers: hyperv: Enable confidential VMBus Roman Kisel
2025-04-09 0:08 ` [PATCH hyperv-next 5/6] arch, drivers: Add device struct bitfield to not bounce-buffer Roman Kisel
2025-04-09 10:52 ` Christoph Hellwig
2025-04-09 15:27 ` Roman Kisel
2025-04-09 16:03 ` Robin Murphy
2025-04-09 16:44 ` Roman Kisel [this message]
2025-04-09 23:30 ` Dan Williams
2025-04-10 1:16 ` Michael Kelley
2025-04-11 0:03 ` Dan Williams
2025-04-10 7:23 ` Christoph Hellwig
2025-04-10 23:44 ` Jason Gunthorpe
2025-04-10 23:50 ` Jason Gunthorpe
2025-04-10 7:21 ` Christoph Hellwig
2025-04-10 15:16 ` Roman Kisel
2025-04-09 0:08 ` [PATCH hyperv-next 6/6] drivers: SCSI: Do not bounce-bufffer for the confidential VMBus Roman Kisel
2025-04-09 10:53 ` Christoph Hellwig
2025-04-09 15:36 ` Roman Kisel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0ab2849a-5c03-4a8c-891e-3cb89b20b0e4@linux.microsoft.com \
--to=romank@linux.microsoft.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=aleksander.lobakin@intel.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=apais@microsoft.com \
--cc=arnd@arndb.de \
--cc=benhill@microsoft.com \
--cc=bp@alien8.de \
--cc=bperkins@microsoft.com \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=dakr@kernel.org \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=gregkh@linuxfoundation.org \
--cc=haiyangz@microsoft.com \
--cc=hch@lst.de \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux.dev \
--cc=kys@microsoft.com \
--cc=leon@kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=luto@kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=martin.petersen@oracle.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=quic_zijuhu@quicinc.com \
--cc=robin.murphy@arm.com \
--cc=sunilmut@microsoft.com \
--cc=suzuki.poulose@arm.com \
--cc=tglx@linutronix.de \
--cc=wei.liu@kernel.org \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).