Re: [RFC v2 28/32] x86/tdx: Make pages shared in ioremap()

[Tom Lendacky]

On 5/26/21 4:37 PM, Kuppuswamy, Sathyanarayanan wrote:
> 
> 
> On 5/21/21 9:19 AM, Tom Lendacky wrote:
>> In arch/x86/mm/mem_encrypt.c, sme_early_init() (should have renamed that
>> when SEV support was added), we do:
>>     if (sev_active())
>>         swiotlb_force = SWIOTLB_FORCE;
>>
>> TDX should be able to do a similar thing without having to touch
>> arch/x86/kernel/pci-swiotlb.c.
>>
>> That would remove any confusion over SME being part of a
>> protected_guest_has() call.
> 
> You mean sme_active() check in arch/x86/kernel/pci-swiotlb.c is redundant?

No, the sme_active() check is required to make sure that SWIOTLB is
available under SME. Encrypted DMA is supported under SME if the device
supports 64-bit DMA. But if the device doesn't support 64-bit DMA and the
IOMMU is not active, then DMA will be bounced through SWIOTLB.

As compared to SEV, where all DMA has to be bounced through SWIOTLB or
unencrypted memory. For that, swiotlb_force is used.

Thanks,
Tom

> 
>  41 int __init pci_swiotlb_detect_4gb(void)
>  42 {
>  43         /* don't initialize swiotlb if iommu=off (no_iommu=1) */
>  44         if (!no_iommu && max_possible_pfn > MAX_DMA32_PFN)
>  45                 swiotlb = 1;
>  46
>  47         /*
>  48          * If SME is active then swiotlb will be set to 1 so that bounce
>  49          * buffers are allocated and used for devices that do not support
>  50          * the addressing range required for the encryption mask.
>  51          */
>  52         if (sme_active() || is_tdx_guest())
>  53                 swiotlb = 1;
> 
>