On 1/4/22 4:49 PM, Kirill A. Shutemov wrote:
Hi Tom,
For larger TDX VM, memset() after set_memory_decrypted() in
swiotlb_update_mem_attributes() takes substantial portion of boot time.
It makes me wounder why do we need it there? Malicious VMM can mess with
decrypted/shared buffer at any point and for normal use it will be
populated with real data anyway.
Can we drop it?
Probably more a question for Christoph. Does SWIOTLB need to be
initialized to zeroes? If it does, then the memset after the
set_memory_decrypted() is required, otherwise it will appear as ciphertext
to SWIOTLB.
If I get some time over the next couple of days, I can also try and test
to see what happens.
Thanks,
Tom
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
