[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Allocating SEV C-bit-cleared pages (without relying on swiotlb)
From: Teddy Astie <teddy.astie@xxxxxxxxxx> Sent: Thursday, March 27, 2025 7:12 AM > To: linux-kernel@xxxxxxxxxxxxxxx; linux-mm@xxxxxxxxxxxxxxx > Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx> > Subject: Allocating SEV C-bit-cleared pages (without relying on swiotlb) > > Hello Linux mailing list ! > > For porting Linux code to make it work on Xen with AMD-SEV, I need to > change the allocation of some pages to use "shared pages" (C-bit > cleared) instead of private pages (C-bit set, which is the default kind) > as these pages needs to be shared with the hypervisor/Dom0. > > Is there a facility to allocate pages with C-bit cleared (and if not > running under SEV, just allocate a plain page) ? Current Linux code for > SEV seems to only rely on swiotlb as access to shared page is mostly > made through DMA-kind devices (e.g virtio or emulated device), but I > don't think it is the best approach. > For allocating memory that can be shared with the hypervisor, allocate memory as usual (with alloc_pages(), for example), then call set_memory_decrypted() on that memory. This approach works in general for Confidential Computing (CoCo) VMs, regardless of whether the underlying hardware is AMD SEV-SNP, Intel TDX, or ARM64 CCA. If you are running in a non-CoCo VM, set_memory_decrypted() is a no-op, so you can call it without having to check whether you are in a CoCo VM. When freeing the memory, do the reverse. Call set_memory_encrypted() first, then free the memory as usual. Note that if set_memory_encrypted() fails for any reason, just leak the memory instead of freeing it because the encrypted state is unknown after such a failure. If you search for set_memory_decrypted() in kernel code, you'll find several examples. See drivers/hv/hv_connection.c as one place where code for running on Hyper-V follows this paradigm. There are several other examples as well. Michael
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |