From: Tom Lendacky <thomas.lendacky@amd.com>
To: Nick Sarnie <commendsarnex@gmail.com>
Cc: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org,
kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
kasan-dev@googlegroups.com, linux-mm@kvack.org,
iommu@lists.linux-foundation.org,
"Thomas Gleixner" <tglx@linutronix.de>,
"Rik van Riel" <riel@redhat.com>,
"Brijesh Singh" <brijesh.singh@amd.com>,
"Toshimitsu Kani" <toshi.kani@hpe.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Jonathan Corbet" <corbet@lwn.net>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Andy Lutomirski" <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Borislav Petkov" <bp@alien8.de>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Alexander Potapenko" <glider@google.com>,
"Dave Young" <dyoung@redhat.com>,
"Larry Woodman" <lwoodman@redhat.com>,
"Dmitry Vyukov" <dvyukov@google.com>
Subject: Re: [PATCH v6 00/34] x86: Secure Memory Encryption (AMD)
Date: Thu, 8 Jun 2017 11:14:38 -0500 [thread overview]
Message-ID: <2dd424fe-0af1-d82f-b608-271ea5e1f62b@amd.com> (raw)
In-Reply-To: <CAOcCaLYWoOu0c-Fkee-=wegNqkzUp9pLFLmaFrXuhiXRnUZ3Xw@mail.gmail.com>
On 6/7/2017 9:40 PM, Nick Sarnie wrote:
> On Wed, Jun 7, 2017 at 3:13 PM, Tom Lendacky <thomas.lendacky@amd.com> wrote:
>> This patch series provides support for AMD's new Secure Memory Encryption (SME)
>> feature.
>>
>> SME can be used to mark individual pages of memory as encrypted through the
>> page tables. A page of memory that is marked encrypted will be automatically
>> decrypted when read from DRAM and will be automatically encrypted when
>> written to DRAM. Details on SME can found in the links below.
>>
>> The SME feature is identified through a CPUID function and enabled through
>> the SYSCFG MSR. Once enabled, page table entries will determine how the
>> memory is accessed. If a page table entry has the memory encryption mask set,
>> then that memory will be accessed as encrypted memory. The memory encryption
>> mask (as well as other related information) is determined from settings
>> returned through the same CPUID function that identifies the presence of the
>> feature.
>>
>> The approach that this patch series takes is to encrypt everything possible
>> starting early in the boot where the kernel is encrypted. Using the page
>> table macros the encryption mask can be incorporated into all page table
>> entries and page allocations. By updating the protection map, userspace
>> allocations are also marked encrypted. Certain data must be accounted for
>> as having been placed in memory before SME was enabled (EFI, initrd, etc.)
>> and accessed accordingly.
>>
>> This patch series is a pre-cursor to another AMD processor feature called
>> Secure Encrypted Virtualization (SEV). The support for SEV will build upon
>> the SME support and will be submitted later. Details on SEV can be found
>> in the links below.
>>
>> The following links provide additional detail:
>>
>> AMD Memory Encryption whitepaper:
>> http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf
>>
>> AMD64 Architecture Programmer's Manual:
>> http://support.amd.com/TechDocs/24593.pdf
>> SME is section 7.10
>> SEV is section 15.34
>>
>> ---
>>
...
>
>
> Hi Tom,
>
> Thanks for your work on this. This may be a stupid question, but is
> using bounce buffers for the GPU(s) expected to reduce performance in
> any/a noticeable way? I'm hitting another issue which I've already
> sent mail about so I can't test it for myself at the moment,
That all depends on the workload, how much DMA is being performed, etc.
But it is extra overhead to use bounce buffers.
Thanks,
Tom
>
> Thanks,
> Sarnex
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
prev parent reply other threads:[~2017-06-08 16:14 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-07 19:13 Tom Lendacky
2017-06-07 19:13 ` [PATCH v6 01/34] x86: Document AMD Secure Memory Encryption (SME) Tom Lendacky
2017-06-07 19:13 ` [PATCH v6 02/34] x86/mm/pat: Set write-protect cache mode for full PAT support Tom Lendacky
2017-06-07 19:13 ` [PATCH v6 03/34] x86, mpparse, x86/acpi, x86/PCI, x86/dmi, SFI: Use memremap for RAM mappings Tom Lendacky
2017-06-07 19:13 ` [PATCH v6 04/34] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature Tom Lendacky
2017-06-09 10:55 ` Borislav Petkov
2017-06-07 19:14 ` [PATCH v6 05/34] x86/CPU/AMD: Handle SME reduction in physical address size Tom Lendacky
2017-06-09 16:30 ` Borislav Petkov
2017-06-07 19:14 ` [PATCH v6 06/34] x86/mm: Add Secure Memory Encryption (SME) support Tom Lendacky
2017-06-09 16:43 ` Borislav Petkov
2017-06-07 19:14 ` [PATCH v6 07/34] x86/mm: Don't use phys_to_virt in ioremap() if SME is active Tom Lendacky
2017-06-07 19:14 ` [PATCH v6 08/34] x86/mm: Add support to enable SME in early boot processing Tom Lendacky
2017-06-07 19:14 ` [PATCH v6 09/34] x86/mm: Simplify p[gum]d_page() macros Tom Lendacky
2017-06-10 10:44 ` Borislav Petkov
2017-06-07 19:14 ` [PATCH v6 10/34] x86, x86/mm, x86/xen, olpc: Use __va() against just the physical address in cr3 Tom Lendacky
2017-06-07 22:06 ` Boris Ostrovsky
2017-06-08 13:42 ` Tom Lendacky
2017-06-08 20:51 ` Boris Ostrovsky
2017-06-08 21:02 ` Tom Lendacky
2017-06-08 21:17 ` Boris Ostrovsky
2017-06-08 22:01 ` [Xen-devel] " Andrew Cooper
2017-06-09 18:36 ` Tom Lendacky
2017-06-09 18:43 ` Boris Ostrovsky
2017-06-09 18:54 ` Andrew Cooper
2017-06-09 18:59 ` Tom Lendacky
2017-06-09 19:42 ` Boris Ostrovsky
2017-06-08 6:05 ` Andy Lutomirski
2017-06-08 22:38 ` Tom Lendacky
2017-06-09 18:46 ` Andy Lutomirski
2017-06-09 21:20 ` Tom Lendacky
2017-06-08 7:39 ` kbuild test robot
2017-06-07 19:15 ` [PATCH v6 11/34] x86/mm: Provide general kernel support for memory encryption Tom Lendacky
2017-06-07 19:15 ` [PATCH v6 12/34] x86/mm: Extend early_memremap() support with additional attrs Tom Lendacky
2017-06-07 19:15 ` [PATCH v6 13/34] x86/mm: Add support for early encrypt/decrypt of memory Tom Lendacky
2017-06-10 15:56 ` Borislav Petkov
2017-06-07 19:15 ` [PATCH v6 14/34] x86/mm: Insure that boot memory areas are mapped properly Tom Lendacky
2017-06-10 16:01 ` Borislav Petkov
2017-06-12 13:31 ` Tom Lendacky
2017-06-07 19:15 ` [PATCH v6 15/34] x86/boot/e820: Add support to determine the E820 type of an address Tom Lendacky
2017-06-07 19:16 ` [PATCH v6 16/34] efi: Add an EFI table address match function Tom Lendacky
2017-06-07 19:16 ` [PATCH v6 17/34] efi: Update efi_mem_type() to return an error rather than 0 Tom Lendacky
2017-06-07 19:16 ` [PATCH v6 18/34] x86/efi: Update EFI pagetable creation to work with SME Tom Lendacky
2017-06-11 19:44 ` Borislav Petkov
2017-06-07 19:16 ` [PATCH v6 19/34] x86/mm: Add support to access boot related data in the clear Tom Lendacky
2017-06-08 4:24 ` kbuild test robot
2017-06-07 19:16 ` [PATCH v6 20/34] x86, mpparse: Use memremap to map the mpf and mpc data Tom Lendacky
2017-06-14 16:07 ` Borislav Petkov
2017-06-14 17:06 ` Tom Lendacky
2017-06-14 17:27 ` Borislav Petkov
2017-06-07 19:16 ` [PATCH v6 21/34] x86/mm: Add support to access persistent memory in the clear Tom Lendacky
2017-06-07 19:17 ` [PATCH v6 22/34] x86/mm: Add support for changing the memory encryption attribute Tom Lendacky
2017-06-14 16:25 ` Borislav Petkov
2017-06-07 19:17 ` [PATCH v6 23/34] x86, realmode: Decrypt trampoline area if memory encryption is active Tom Lendacky
2017-06-14 16:24 ` Borislav Petkov
2017-06-14 16:38 ` Tom Lendacky
2017-06-07 19:17 ` [PATCH v6 24/34] x86, swiotlb: Add memory encryption support Tom Lendacky
2017-06-14 16:45 ` Borislav Petkov
2017-06-14 19:38 ` Tom Lendacky
2017-06-07 19:17 ` [PATCH v6 25/34] swiotlb: Add warnings for use of bounce buffers with SME Tom Lendacky
2017-06-08 5:53 ` kbuild test robot
2017-06-08 21:09 ` Tom Lendacky
2017-06-08 7:58 ` Christoph Hellwig
2017-06-08 23:04 ` Tom Lendacky
2017-06-14 16:50 ` Borislav Petkov
2017-06-14 19:49 ` Tom Lendacky
2017-06-15 9:08 ` Borislav Petkov
2017-06-15 13:23 ` Tom Lendacky
2017-06-07 19:17 ` [PATCH v6 26/34] iommu/amd: Allow the AMD IOMMU to work with memory encryption Tom Lendacky
2017-06-08 2:38 ` Nick Sarnie
2017-06-08 14:26 ` Tom Lendacky
2017-06-14 17:42 ` Borislav Petkov
2017-06-14 20:40 ` Tom Lendacky
2017-06-15 9:41 ` Borislav Petkov
2017-06-15 14:59 ` Tom Lendacky
2017-06-15 15:33 ` Borislav Petkov
2017-06-15 16:33 ` Tom Lendacky
2017-06-19 17:18 ` Borislav Petkov
2017-06-15 20:13 ` Konrad Rzeszutek Wilk
2017-06-21 15:37 ` Joerg Roedel
2017-06-21 16:59 ` Borislav Petkov
2017-06-21 18:40 ` Tom Lendacky
2017-06-07 19:17 ` [PATCH v6 27/34] x86, realmode: Check for memory encryption on the APs Tom Lendacky
2017-06-07 19:18 ` [PATCH v6 28/34] x86, drm, fbdev: Do not specify encrypted memory for video mappings Tom Lendacky
2017-06-07 19:18 ` [PATCH v6 29/34] kvm: x86: svm: Support Secure Memory Encryption within KVM Tom Lendacky
2017-06-15 9:55 ` Borislav Petkov
2017-06-07 19:18 ` [PATCH v6 30/34] x86/mm, kexec: Allow kexec to be used with SME Tom Lendacky
2017-06-15 10:03 ` Borislav Petkov
2017-06-15 17:43 ` Tom Lendacky
2017-06-07 19:18 ` [PATCH v6 31/34] x86/mm: Use proper encryption attributes with /dev/mem Tom Lendacky
2017-06-07 19:18 ` [PATCH v6 32/34] x86/mm: Add support to encrypt the kernel in-place Tom Lendacky
2017-06-07 19:19 ` [PATCH v6 33/34] x86/boot: Add early cmdline parsing for options with arguments Tom Lendacky
2017-06-07 19:19 ` [PATCH v6 34/34] x86/mm: Add support to make use of Secure Memory Encryption Tom Lendacky
2017-06-08 2:40 ` [PATCH v6 00/34] x86: Secure Memory Encryption (AMD) Nick Sarnie
2017-06-08 16:14 ` Tom Lendacky [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2dd424fe-0af1-d82f-b608-271ea5e1f62b@amd.com \
--to=thomas.lendacky@amd.com \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=commendsarnex@gmail.com \
--cc=corbet@lwn.net \
--cc=dvyukov@google.com \
--cc=dyoung@redhat.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=kasan-dev@googlegroups.com \
--cc=kexec@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=lwoodman@redhat.com \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=riel@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=toshi.kani@hpe.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox