@@ -94,6 +94,14 @@ static inline dma_addr_t phys_to_dma_unencrypted(struct device *dev,
*/
static inline dma_addr_t phys_to_dma(struct device *dev, phys_addr_t paddr)
{
+#if defined(CONFIG_TSM_GUEST) || defined(CONFIG_TSM_GUEST_MODULE)
+ if (dev->tdi_enabled) {
+ dev_warn_once(dev, "(TIO) Disable SME");
+ if (!dev->tdi_validated)
+ dev_warn(dev, "TDI is not validated, DMA @%llx will fail", paddr);
+ return phys_to_dma_unencrypted(dev, paddr);
+ }
+#endif
return __sme_set(phys_to_dma_unencrypted(dev, paddr));
}
@@ -173,6 +173,14 @@ static inline bool is_swiotlb_force_bounce(struct device *dev)
{
struct io_tlb_mem *mem = dev->dma_io_tlb_mem;
+#if defined(CONFIG_TSM_GUEST) || defined(CONFIG_TSM_GUEST_MODULE)
+ if (dev->tdi_enabled) {
+ dev_warn_once(dev, "(TIO) Disable SWIOTLB");
+ if (!dev->tdi_validated)
+ dev_warn(dev, "TDI is not validated");
+ return false;
+ }
+#endif
return mem && mem->force_bounce;
}
@@ -19,6 +19,12 @@
/* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */
bool force_dma_unencrypted(struct device *dev)
{
+#if defined(CONFIG_TSM_GUEST) || defined(CONFIG_TSM_GUEST_MODULE)
+ if (dev->tdi_enabled) {
+ dev_warn_once(dev, "(TIO) Disable decryption");
+ return false;
+ }
+#endif
/*
* For SEV, all DMA must be to unencrypted addresses.
*/
At the moment DMA is assumes insecure and either private memory is converted into shared for the duration of DMA, or SWIOTLB is used. With secure DMA enabled, neither is required. Stop enforcing unencrypted DMA and SWIOTLB if the device is marked as TDI enabled. Signed-off-by: Alexey Kardashevskiy <aik@amd.com> --- include/linux/dma-direct.h | 8 ++++++++ include/linux/swiotlb.h | 8 ++++++++ arch/x86/mm/mem_encrypt.c | 6 ++++++ 3 files changed, 22 insertions(+)