And "sev-guest: Disable SWIOTLB for TIO device's dma_map".
And other things to make secure DMA work.
Like, clear C-bit.
And set GFP_DMA, which does not seem to matter though as down
the stack it gets cleared anyway.
CONFIG_ZONE_DMA must be off too.
Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxx>
---
include/linux/dma-direct.h | 4 ++++
include/linux/swiotlb.h | 4 ++++
arch/x86/mm/mem_encrypt.c | 5 +++++
3 files changed, 13 insertions(+)
diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h
index edbe13d00776..f6ed954b05a2 100644
--- a/include/linux/dma-direct.h
+++ b/include/linux/dma-direct.h
@@ -94,6 +94,10 @@ static inline dma_addr_t phys_to_dma_unencrypted(struct device *dev,
*/
static inline dma_addr_t phys_to_dma(struct device *dev, phys_addr_t paddr)
{
+ if (dev->tdi_enabled) {
+ dev_warn_once(dev, "(TIO) Disable SME");
+ return phys_to_dma_unencrypted(dev, paddr);
+ }
return __sme_set(phys_to_dma_unencrypted(dev, paddr));
}
diff --git a/include/linux/swiotlb.h b/include/linux/swiotlb.h
index 3dae0f592063..61e7cff7768b 100644
--- a/include/linux/swiotlb.h
+++ b/include/linux/swiotlb.h
@@ -173,6 +173,10 @@ static inline bool is_swiotlb_force_bounce(struct device *dev)
{
struct io_tlb_mem *mem = dev->dma_io_tlb_mem;
+ if (dev->tdi_enabled) {
+ dev_warn_once(dev, "(TIO) Disable SWIOTLB");
+ return false;
+ }
return mem && mem->force_bounce;
}
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 0a120d85d7bb..e288e628ef88 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -19,6 +19,11 @@
/* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */
bool force_dma_unencrypted(struct device *dev)
{
+ if (dev->tdi_enabled) {
+ dev_warn_once(dev, "(TIO) Disable decryption");
+ return false;
+ }
+
/*
* For SEV, all DMA must be to unencrypted addresses.
*/
--
2.45.2
