From: Jason Gunthorpe <jgg@ziepe.ca>
To: Alexey Kardashevskiy <aik@amd.com>
Cc: Robin Murphy <robin.murphy@arm.com>,
x86@kernel.org, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org, linux-pci@vger.kernel.org,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Bjorn Helgaas <bhelgaas@google.com>,
Dan Williams <dan.j.williams@intel.com>,
Marek Szyprowski <m.szyprowski@samsung.com>,
Andrew Morton <akpm@linux-foundation.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Mike Rapoport <rppt@kernel.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ard Biesheuvel <ardb@kernel.org>,
Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>,
Ashish Kalra <ashish.kalra@amd.com>,
Stefano Garzarella <sgarzare@redhat.com>,
Melody Wang <huibo.wang@amd.com>,
Seongman Lee <augustus92@kaist.ac.kr>,
Joerg Roedel <joerg.roedel@amd.com>,
Nikunj A Dadhania <nikunj@amd.com>,
Michael Roth <michael.roth@amd.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
Andi Kleen <ak@linux.intel.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
Tony Luck <tony.luck@intel.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Denis Efremov <efremov@linux.com>,
Geliang Tang <geliang@kernel.org>,
Piotr Gregor <piotrgregor@rsyncme.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
Alex Williamson <alex@shazbot.org>, Arnd Bergmann <arnd@arndb.de>,
Jesse Barnes <jbarnes@virtuousgeek.org>,
Jacob Pan <jacob.jun.pan@linux.intel.com>,
Yinghai Lu <yinghai@kernel.org>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Jonathan Cameron <jonathan.cameron@huawei.com>,
"Aneesh Kumar K.V (Arm)" <aneesh.kumar@kernel.org>,
Xu Yilun <yilun.xu@linux.intel.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Kim Phillips <kim.phillips@amd.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Claire Chang <tientzu@chromium.org>,
linux-coco@lists.linux.dev, iommu@lists.linux.dev,
Jiri Pirko <jiri@resnulli.us>
Subject: Re: [PATCH kernel 6/9] x86/dma-direct: Stop changing encrypted page state for TDISP devices
Date: Mon, 2 Mar 2026 09:35:27 -0400 [thread overview]
Message-ID: <20260302133527.GV44359@ziepe.ca> (raw)
In-Reply-To: <500e3174-9aa1-464a-b933-f0bcc2ddde68@amd.com>
On Mon, Mar 02, 2026 at 04:26:58PM +1100, Alexey Kardashevskiy wrote:
> > > Without secure vIOMMU, no Cbit in the S2 table (==host) for any
> > > VM. SDTE (==IOMMU) decides on shared/private for the device,
> > > i.e. (device_cc_accepted()?private:shared).
> >
> > Is this "Cbit" part of the CPU S2 page table address space or is it
> > actually some PTE bit that says it is "encrypted" ?
> >
> > It is confusing when you say it would start working with a vIOMMU.
>
> When I mention vIOMMU, I mean the S1 table which is guest owned and
> which has Cbit in PTEs.
Yes, I understand this.
It seems from your email that the CPU S2 has the Cbit as part of the
address and the S1 feeds it through to the S2, so it is genuinely has
two addres spaces?
While the IOMMU S1 does not and instead needs a PTE bit which is
emphatically not an address bit because it does not feed through the
S2?
> > If 1<<51 is a valid IOPTE, and it is an actually address, then it
> > should be mapped into the IOMMU S2, shouldn't it? If it is in the
> > IOMMU S2 then shouldn't it work as a dma_addr_t?
>
> It should (and checked with the HW folks), I just have not tried it as, like, whyyy.
Well, I think things work more sensibly if you don't have to mangle
the address..
> > But in this case I would expect the vIOMMU to also use the same GPA
> > space starting from 0 and also remove the C bit, as the S2 shouldn't
> > have mappings starting at 1<<51.
>
> How would then IOMMU know if DMA targets private or shared memory?
> The Cbit does not participate in the S2 translation as an address
> bit but IOMMU still knows what it is.
Same way it knows if there is no S1? Why does the S1 change anything?
> > > There is vTOM in SDTE which is "every phys_addr_t above vTOM is no
> > > Cbit, below - with Cbit" (and there is the same thing for the CPU
> > > side in SEV) but this not it, right?
> >
> > That seems like the IOMMU HW is specially handling the address bits in
> > some way?
>
> Yeah there is this capability. Except everything below vTOM is
> private and every above is shared so SME mask for it would be
> reverse than the CPU SME mask :) Not using this thing though (not
> sure why we have it). Thanks,
Weird!!
Jason
next prev parent reply other threads:[~2026-03-02 13:35 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-25 5:37 [PATCH kernel 0/9] PCI/TSM: coco/sev-guest: Implement SEV-TIO PCIe TDISP (phase2) Alexey Kardashevskiy
2026-02-25 5:37 ` [PATCH kernel 1/9] pci/tsm: Add TDISP report blob and helpers to parse it Alexey Kardashevskiy
2026-02-25 6:16 ` dan.j.williams
2026-02-25 10:10 ` Arnd Bergmann
2026-02-26 0:09 ` Alexey Kardashevskiy
2026-02-26 2:34 ` dan.j.williams
2026-02-26 3:49 ` Alexey Kardashevskiy
2026-02-26 21:08 ` dan.j.williams
2026-02-25 5:37 ` [PATCH kernel 2/9] pci/tsm: Add tsm_tdi_status Alexey Kardashevskiy
2026-02-25 6:33 ` dan.j.williams
2026-02-25 23:42 ` Alexey Kardashevskiy
2026-03-02 6:58 ` Aneesh Kumar K.V
2026-02-25 5:37 ` [PATCH kernel 3/9] coco/sev-guest: Allow multiple source files in the driver Alexey Kardashevskiy
2026-02-25 5:37 ` [PATCH kernel 4/9] dma/swiotlb: Stop forcing SWIOTLB for TDISP devices Alexey Kardashevskiy
2026-02-25 16:30 ` dan.j.williams
2026-02-25 18:00 ` Robin Murphy
2026-02-25 20:57 ` dan.j.williams
2026-02-28 0:28 ` Jason Gunthorpe
2026-03-02 23:53 ` dan.j.williams
2026-03-03 0:19 ` Jason Gunthorpe
2026-03-03 0:29 ` dan.j.williams
2026-03-03 12:43 ` Jason Gunthorpe
2026-03-04 6:45 ` Alexey Kardashevskiy
2026-03-04 12:43 ` Jason Gunthorpe
2026-03-25 10:42 ` Alexey Kardashevskiy
2026-02-25 16:48 ` Robin Murphy
2026-02-26 0:09 ` Alexey Kardashevskiy
2026-03-02 7:54 ` Aneesh Kumar K.V
2026-02-25 5:37 ` [PATCH kernel 5/9] x86/mm: Stop forcing decrypted page state " Alexey Kardashevskiy
2026-02-25 16:51 ` dan.j.williams
2026-02-25 5:37 ` [PATCH kernel 6/9] x86/dma-direct: Stop changing encrypted " Alexey Kardashevskiy
2026-02-25 17:08 ` Robin Murphy
2026-02-25 21:35 ` dan.j.williams
2026-02-26 6:22 ` Alexey Kardashevskiy
2026-02-28 0:06 ` Jason Gunthorpe
2026-03-02 0:01 ` Alexey Kardashevskiy
2026-03-02 0:35 ` Jason Gunthorpe
2026-03-02 5:26 ` Alexey Kardashevskiy
2026-03-02 13:35 ` Jason Gunthorpe [this message]
2026-03-03 8:19 ` Alexey Kardashevskiy
2026-03-03 12:15 ` Jason Gunthorpe
2026-02-25 5:37 ` [PATCH kernel 7/9] coco/sev-guest: Implement the guest support for SEV TIO (phase2) Alexey Kardashevskiy
2026-02-25 6:00 ` Borislav Petkov
2026-02-26 3:39 ` Alexey Kardashevskiy
2026-02-26 19:52 ` Borislav Petkov
2026-02-25 5:37 ` [PATCH kernel 8/9] RFC: PCI: Avoid needless touching of Command register Alexey Kardashevskiy
2026-02-26 0:24 ` Bjorn Helgaas
2026-02-26 5:58 ` Alexey Kardashevskiy
2026-02-26 0:34 ` dan.j.williams
2026-02-25 5:37 ` [PATCH kernel 9/9] pci: Allow encrypted MMIO mapping via sysfs Alexey Kardashevskiy
2026-03-02 8:20 ` Aneesh Kumar K.V
2026-03-02 8:59 ` Alexey Kardashevskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260302133527.GV44359@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=Neeraj.Upadhyay@amd.com \
--cc=aik@amd.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=alex@shazbot.org \
--cc=aneesh.kumar@kernel.org \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=ashish.kalra@amd.com \
--cc=augustus92@kaist.ac.kr \
--cc=bhelgaas@google.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dwmw@amazon.co.uk \
--cc=efremov@linux.com \
--cc=geliang@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=huibo.wang@amd.com \
--cc=iommu@lists.linux.dev \
--cc=jacob.jun.pan@linux.intel.com \
--cc=jbarnes@virtuousgeek.org \
--cc=jiri@resnulli.us \
--cc=joerg.roedel@amd.com \
--cc=jonathan.cameron@huawei.com \
--cc=kevin.brodsky@arm.com \
--cc=kim.phillips@amd.com \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=luto@kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=mst@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=piotrgregor@rsyncme.org \
--cc=robin.murphy@arm.com \
--cc=rppt@kernel.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=sgarzare@redhat.com \
--cc=sstabellini@kernel.org \
--cc=suravee.suthikulpanit@amd.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tientzu@chromium.org \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=yilun.xu@linux.intel.com \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox