Re: [PATCHv2 26/29] x86/tdx: ioapic: Add shared bit for IOAPIC base address

From: Tom Lendacky
Date: Mon Feb 07 2022 - 09:21:16 EST

Next message: Peter Zijlstra: "Re: [PATCH] Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled"
Previous message: Andy Shevchenko: "[PATCH v2 1/1] iommu/dma: Use DMA ops setter instead of direct assignment"
In reply to: Kirill A. Shutemov: "Re: [PATCHv2 26/29] x86/tdx: ioapic: Add shared bit for IOAPIC base address"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/4/22 16:31, Kirill A. Shutemov wrote:

On Wed, Feb 02, 2022 at 02:33:16AM +0100, Thomas Gleixner wrote:

On Mon, Jan 24 2022 at 18:02, Kirill A. Shutemov wrote:

ioremap()-created mappings such as virtio will be marked as
shared. However, the IOAPIC code does not use ioremap() and instead
uses the fixmap mechanism.

Introduce a special fixmap helper just for the IOAPIC code. Ensure
that it marks IOAPIC pages as "shared". This replaces
set_fixmap_nocache() with __set_fixmap() since __set_fixmap()
allows custom 'prot' values.

Why is this a TDX only issue and SEV does not suffer from that?

Hm. Good question.

I think it is because FIXMAP_PAGE_NOCACHE does not have __ENC bit set so
the mapping is accessible to host. With TDX the logic is oposit:
everything is private if the bit is not set.

Tom, does it sound right?

Correct, FIXMAP_PAGE_NOCACHE => PAGE_KERNEL_IO_NOCACHE, which does not have the encryption bit set, so it is mapped as shared under SEV.

Thanks,
Tom

BTW, I will drop 'if (cc_platform_has(CC_ATTR_GUEST_TDX))'.
pgprot_decrypted() is nop on AMD in this case.

Next message: Peter Zijlstra: "Re: [PATCH] Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled"
Previous message: Andy Shevchenko: "[PATCH v2 1/1] iommu/dma: Use DMA ops setter instead of direct assignment"
In reply to: Kirill A. Shutemov: "Re: [PATCHv2 26/29] x86/tdx: ioapic: Add shared bit for IOAPIC base address"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]