On Fri, Feb 28, 2020 at 10:54:54AM +0100, Thomas Hellström (VMware) wrote:
On 2/28/20 10:49 AM, Gerd Hoffmann wrote:
Hi,
Not clue about the others (lima, tiny, panfrost, v3d). Maybe they use write-combine just because this is what they got by default from drm_gem_mmap_obj(). Maybe they actually need that. Trying to Cc: maintainters (and drop stable@). virtio-gpu needs it, otherwise the host can't show the virtual display. cirrus bounces everything via blits to vram, so it should be ok without decrypted. I guess that implies we should make decrypted configurable.
Decrypted here is clearly incorrect and violates the SEV spec, regardless of a config option.
The only correct way is currently to use dma_alloc_coherent() and mmap_coherent() to allocate decrypted memory and then use the pgprot_decrypted flag.
Hmm, virtio-gpu uses the dma api to allow the host access the gem object. So I think I have to correct the statement above, if I understands things correctly the dma api will use (properly allocated) decrypted bounce buffers and the virtio-gpu shmem objects don't need pgprot_decrypted mappings.
Yes, that sounds more correct. I wonder whether the "pgprot_decrypted()" perhaps remains from mapping VRAM gem buffers...
Commit 95cf9264d5f3 ("x86, drm, fbdev: Do not specify encrypted memory for video mappings") added it, then it was kept through various changes.
cheers, Gerd