Git Product home page Git Product logo

Comments (3)

tlendacky avatar tlendacky commented on August 26, 2024

Let me start by saying that I don't have a lot of experience with RDMA and so I'm not sure if it uses the Linux kernel DMA APIs.

Since RDMA transfers directly to userspace buffers, which will be mapped encrypted, then:

For SME (without IOMMU enabled):
The device must be programmed with DMA addresses that have the encryption bit set. If not, then the DMA will be performed un-encrypted, but accessed by the application as encrypted. So the application will see ciphertext.

For SME (with IOMMU enabled):
The IOMMU page tables must set the encryption bit in the page table entry for the IOVA using for the DMA address. If not, the same thing mentioned above in the non-IOMMU case will happen.

For SEV:
The device can only DMA to shared (unencrypted) pages, which then have to be copied to their final destination. Again, if the DMA is not to a shared page, then the data will look like ciphertext to the application.

In Linux, this is all handled under the covers by the DMA APIs. When the IOMMU is not enabled, the DMA APIs will automatically provide the DMA address with the encryption bit if the device and driver support DMA addresses where the encryption bit lives (currently bit 47). Otherwise the DMA subsystem will bounce the transfer using SWIOTLB. When the IOMMU is enabled, the IOMMU page tables are created with the encryption bit set in the page table entry.

There is no IOMMU in an SEV guest, so SWIOTLB is always used, except for dma_alloc_coherent(), which will allocate memory and then perform a set_memory_decrypted() to clear the encryption bit.

from amdsev.

aakahlow avatar aakahlow commented on August 26, 2024

Hi Tom,

Sorry for late response here.

I have a related question. The rdma driver's code seem to be using the Linux Kernel's DMA APIs. I wonder, if the device driver needs to explicitly tell the DMA APIs to enable encryption bit?

Thanks for your help!

-Ayaz

from amdsev.

tlendacky avatar tlendacky commented on August 26, 2024

Sorry, I just don't know enough about how RDMA functions relative to DMA and DMA buffers. I think you probably just need to try it. If it doesn't work, you'll need to instrument the code to see what is going on and why it is failing.

from amdsev.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.