Re: [RFC v2 28/32] x86/tdx: Make pages shared in ioremap()

From: Kuppuswamy, Sathyanarayanan
Date: Wed May 26 2021 - 18:20:50 EST




On 5/26/21 3:14 PM, Tom Lendacky wrote:
On 5/26/21 5:02 PM, Tom Lendacky wrote:
On 5/26/21 4:37 PM, Kuppuswamy, Sathyanarayanan wrote:


On 5/21/21 9:19 AM, Tom Lendacky wrote:
In arch/x86/mm/mem_encrypt.c, sme_early_init() (should have renamed that
when SEV support was added), we do:
    if (sev_active())
        swiotlb_force = SWIOTLB_FORCE;

TDX should be able to do a similar thing without having to touch
arch/x86/kernel/pci-swiotlb.c.

That would remove any confusion over SME being part of a
protected_guest_has() call.

You mean sme_active() check in arch/x86/kernel/pci-swiotlb.c is redundant?

No, the sme_active() check is required to make sure that SWIOTLB is
available under SME. Encrypted DMA is supported under SME if the device
supports 64-bit DMA. But if the device doesn't support 64-bit DMA and the
IOMMU is not active, then DMA will be bounced through SWIOTLB.

As compared to SEV, where all DMA has to be bounced through SWIOTLB or
unencrypted memory. For that, swiotlb_force is used.

I should probably add that SME is memory encryption support for
host/hypervisor/bare-metal, while SEV is memory encryption support for
virtualization.

Got it. Thanks for clarification.


Thanks,
Tom


Thanks,
Tom


 41 int __init pci_swiotlb_detect_4gb(void)
 42 {
 43         /* don't initialize swiotlb if iommu=off (no_iommu=1) */
 44         if (!no_iommu && max_possible_pfn > MAX_DMA32_PFN)
 45                 swiotlb = 1;
 46
 47         /*
 48          * If SME is active then swiotlb will be set to 1 so that bounce
 49          * buffers are allocated and used for devices that do not support
 50          * the addressing range required for the encryption mask.
 51          */
 52         if (sme_active() || is_tdx_guest())
 53                 swiotlb = 1;



--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer