From mboxrd@z Thu Jan 1 00:00:00 1970 From: Borislav Petkov Subject: Re: [PATCH v7 27/36] iommu/amd: Allow the AMD IOMMU to work with memory encryption Date: Thu, 22 Jun 2017 12:56:37 +0200 Message-ID: <20170622105637.g7twdaae2v5eaown@pd.tnic> References: <20170616184947.18967.84890.stgit@tlendack-t1.amdoffice.net> <20170616185459.18967.72790.stgit@tlendack-t1.amdoffice.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <20170616185459.18967.72790.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Tom Lendacky Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Brijesh Singh , Toshimitsu Kani , linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Matt Fleming , x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, Radim =?utf-8?B?S3LEjW3DocWZ?= , Alexander Potapenko , "H. Peter Anvin" , Larry Woodman , linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Jonathan Corbet , "Michael S. Tsirkin" , kasan-dev-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org, Ingo Molnar , Andrey Ryabinin , Dave Young , Rik van Riel , Arnd Bergmann , Andy Lutomirski , Boris Ostrovsky , Dmitry Vyukov , Juergen Gross , kexec-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org, linux-kerne List-Id: linux-efi@vger.kernel.org On Fri, Jun 16, 2017 at 01:54:59PM -0500, Tom Lendacky wrote: > The IOMMU is programmed with physical addresses for the various tables > and buffers that are used to communicate between the device and the > driver. When the driver allocates this memory it is encrypted. In order > for the IOMMU to access the memory as encrypted the encryption mask needs > to be included in these physical addresses during configuration. > > The PTE entries created by the IOMMU should also include the encryption > mask so that when the device behind the IOMMU performs a DMA, the DMA > will be performed to encrypted memory. > > Signed-off-by: Tom Lendacky > --- > drivers/iommu/amd_iommu.c | 30 ++++++++++++++++-------------- > drivers/iommu/amd_iommu_init.c | 34 ++++++++++++++++++++++++++++------ > drivers/iommu/amd_iommu_proto.h | 10 ++++++++++ > drivers/iommu/amd_iommu_types.h | 2 +- > 4 files changed, 55 insertions(+), 21 deletions(-) Reviewed-by: Borislav Petkov Btw, I'm assuming the virt_to_phys() difference on SME systems is only needed in a handful of places. Otherwise, I'd suggest changing the virt_to_phys() function/macro directly. But I guess most of the places need the real physical address without the enc bit. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.