Comments (3)
Let me start by saying that I don't have a lot of experience with RDMA and so I'm not sure if it uses the Linux kernel DMA APIs.
Since RDMA transfers directly to userspace buffers, which will be mapped encrypted, then:
For SME (without IOMMU enabled):
The device must be programmed with DMA addresses that have the encryption bit set. If not, then the DMA will be performed un-encrypted, but accessed by the application as encrypted. So the application will see ciphertext.
For SME (with IOMMU enabled):
The IOMMU page tables must set the encryption bit in the page table entry for the IOVA using for the DMA address. If not, the same thing mentioned above in the non-IOMMU case will happen.
For SEV:
The device can only DMA to shared (unencrypted) pages, which then have to be copied to their final destination. Again, if the DMA is not to a shared page, then the data will look like ciphertext to the application.
In Linux, this is all handled under the covers by the DMA APIs. When the IOMMU is not enabled, the DMA APIs will automatically provide the DMA address with the encryption bit if the device and driver support DMA addresses where the encryption bit lives (currently bit 47). Otherwise the DMA subsystem will bounce the transfer using SWIOTLB. When the IOMMU is enabled, the IOMMU page tables are created with the encryption bit set in the page table entry.
There is no IOMMU in an SEV guest, so SWIOTLB is always used, except for dma_alloc_coherent(), which will allocate memory and then perform a set_memory_decrypted() to clear the encryption bit.
from amdsev.
Hi Tom,
Sorry for late response here.
I have a related question. The rdma driver's code seem to be using the Linux Kernel's DMA APIs. I wonder, if the device driver needs to explicitly tell the DMA APIs to enable encryption bit?
Thanks for your help!
-Ayaz
from amdsev.
Sorry, I just don't know enough about how RDMA functions relative to DMA and DMA buffers. I think you probably just need to try it. If it doesn't work, you'll need to instrument the code to see what is going on and why it is failing.
from amdsev.
Related Issues (20)
- `stable-commits` are not stable HOT 2
- qemu-system-x86_64: sev_snp_launch_finish: SNP_LAUNCH_FINISH ret=-5 fw_error=11 'Bad measurement' HOT 16
- Disabled kernel flags
- [Help] Distro with SEV-SNP support already enabled? HOT 20
- Changes to enable measured direct boot and run SEV-SNP guests correctly? HOT 9
- Does SEV-SNP require a memory-backend? HOT 6
- grub 2.06 not working with SNP enabled ovmf HOT 1
- Why is guest VM's private memory showing zero? HOT 2
- SEV: failed to INIT error 0xe HOT 21
- unchecked MSR access error: WRMSR to 0xc0010010
- SEV-SNP: RMPUPDATE failed (SEV: too many firmware commands are in progress) HOT 3
- Blocking a guest's ability to generate (legitimate) attestation reports? HOT 1
- How to use the RMP instruction (Use VMPL) HOT 2
- XML and OVMF file for Windows VM on SEV? HOT 4
- Build error with ./build.sh kernel host HOT 2
- SEV-SNP Live Migration
- SEV-SNP: Attestation workflow unclear HOT 5
- Error on Debian 12
- Launch qemu with USE_DEFAULT_NETWORK not working? HOT 2
- Setup up SEV-SNp failed to initialize ret=-22(EINVAL), but SEV-es can function HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from amdsev.