Re: [PATCH v7 27/36] iommu/amd: Allow the AMD IOMMU to work with memory encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/22/2017 5:56 AM, Borislav Petkov wrote:
On Fri, Jun 16, 2017 at 01:54:59PM -0500, Tom Lendacky wrote:
The IOMMU is programmed with physical addresses for the various tables
and buffers that are used to communicate between the device and the
driver. When the driver allocates this memory it is encrypted. In order
for the IOMMU to access the memory as encrypted the encryption mask needs
to be included in these physical addresses during configuration.

The PTE entries created by the IOMMU should also include the encryption
mask so that when the device behind the IOMMU performs a DMA, the DMA
will be performed to encrypted memory.

Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
---
  drivers/iommu/amd_iommu.c       |   30 ++++++++++++++++--------------
  drivers/iommu/amd_iommu_init.c  |   34 ++++++++++++++++++++++++++++------
  drivers/iommu/amd_iommu_proto.h |   10 ++++++++++
  drivers/iommu/amd_iommu_types.h |    2 +-
  4 files changed, 55 insertions(+), 21 deletions(-)

Reviewed-by: Borislav Petkov <bp@xxxxxxx>

Btw, I'm assuming the virt_to_phys() difference on SME systems is only
needed in a handful of places. Otherwise, I'd suggest changing the
virt_to_phys() function/macro directly. But I guess most of the places
need the real physical address without the enc bit.

Correct.

Thanks,
Tom





[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux