[RFC PATCH] drm/ttm, drm/vmwgfx: Have TTM support AMD SEV encryption
Lendacky, Thomas
Thomas.Lendacky at amd.com
Tue May 28 17:00:08 UTC 2019
On 5/28/19 11:32 AM, Koenig, Christian wrote:
> Am 28.05.19 um 18:27 schrieb Thomas Hellstrom:
>> On Tue, 2019-05-28 at 15:50 +0000, Lendacky, Thomas wrote:
>>> On 5/28/19 10:17 AM, Koenig, Christian wrote:
>>>> Hi Thomas,
>>>>
>>>> Am 28.05.19 um 17:11 schrieb Thomas Hellstrom:
>>>>> Hi, Tom,
>>>>>
>>>>> Thanks for the reply. The question is not graphics specific, but
>>>>> lies
>>>>> in your answer further below:
>>>>>
>>>>> On 5/28/19 4:48 PM, Lendacky, Thomas wrote:
>>>>>> On 5/28/19 2:31 AM, Thomas Hellstrom wrote:
>>>>>> [SNIP]
>>>>>> As for kernel vmaps and user-maps, those pages will be marked
>>>>>> encrypted
>>>>>> (unless explicitly made un-encrypted by calling
>>>>>> set_memory_decrypted()).
>>>>>> But, if you are copying to/from those areas into the un-
>>>>>> encrypted DMA
>>>>>> area then everything will be ok.
>>>>> The question is regarding the above paragraph.
>>>>>
>>>>> AFAICT, set_memory_decrypted() only changes the fixed kernel map
>>>>> PTEs.
>>>>> But when setting up other aliased PTEs to the exact same
>>>>> decrypted
>>>>> pages, for example using dma_mmap_coherent(),
>>>>> kmap_atomic_prot(),
>>>>> vmap() etc. What code is responsible for clearing the encrypted
>>>>> flag
>>>>> on those PTEs? Is there something in the x86 platform code doing
>>>>> that?
>>>> Tom actually explained this:
>>>>> The encryption bit is bit-47 of a physical address.
>>>> In other words set_memory_decrypted() changes the physical address
>>>> in
>>>> the PTEs of the kernel mapping and all other use cases just copy
>>>> that
>>>> from there.
>>> Except I don't think the PTE attributes are copied from the kernel
>>> mapping
>> +1!
>>
>>> in some cases. For example, dma_mmap_coherent() will create the same
>>> vm_page_prot value regardless of whether or not the underlying memory
>>> is
>>> encrypted or not. But kmap_atomic_prot() will return the kernel
>>> virtual
>>> address of the page, so that would be fine.
>> Yes, on 64-bit systems. On 32-bit systems (do they exist with SEV?),
>> they don't.
>
> I don't think so, but feel free to prove me wrong Tom.
SEV is 64-bit only.
>
>> And similarly TTM user-space mappings and vmap() doesn't copy from the
>> kernel map either, so I think we actually do need to modify the page-
>> prot like done in the patch.
>
> Well the problem is that this won't have any effect.
>
> As Tom explained encryption is not implemented as a page protection bit,
> but rather as part of the physical address of the part.
This is where things get interesting. Even though the encryption bit is
part of the physical address (e.g. under SME the device could/would use an
address with the encryption bit set), it is implemented as part of the PTE
attributes. So, for example, using _PAGE_ENC when building a pgprot value
would produce an entry with the encryption bit set.
And the thing to watch out for is using two virtual addresses that point
to the same physical address (page) in DRAM but one has the encryption bit
set and one doesn't. The hardware does not enforce coherency between an
encrypted and un-encrypted mapping of the same physical address (page).
See section 7.10.6 of the AMD64 Architecture Programmer's Manual Volume 2.
Thanks,
Tom
>
> I have no idea how that is actually handled thought,
> Christian.
>
>>
>> /Thomas
>>
>>> This is an area that needs looking into to be sure it is working
>>> properly
>>> with SME and SEV.
>>>
>>> Thanks,
>>> Tom
>>>
>>>> That's rather nifty, because this way everybody will either use or
>>>> not
>>>> use encryption on the page.
>>>>
>>>> Christian.
>>>>
>>>>> Thanks,
>>>>> Thomas
>>>>>
>>>>>
>>>>>> Things get fuzzy for me when it comes to the GPU access of the
>>>>>> memory
>>>>>> and what and how it is accessed.
>>>>>>
>>>>>> Thanks,
>>>>>> Tom
>
More information about the dri-devel
mailing list