From: Jason Gunthorpe <jgg@ziepe.ca>
To: Peter Gonda <pgonda@google.com>
Cc: Jiri Pirko <jiri@resnulli.us>,
dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
iommu@lists.linux.dev, linux-media@vger.kernel.org,
sumit.semwal@linaro.org, benjamin.gaignard@collabora.com,
Brian.Starkey@arm.com, jstultz@google.com, tjmercier@google.com,
christian.koenig@amd.com, m.szyprowski@samsung.com,
robin.murphy@arm.com, leon@kernel.org, sean.anderson@linux.dev,
ptesarik@suse.com, catalin.marinas@arm.com,
aneesh.kumar@kernel.org, suzuki.poulose@arm.com,
steven.price@arm.com, thomas.lendacky@amd.com,
john.allen@amd.com, ashish.kalra@amd.com,
suravee.suthikulpanit@amd.com, linux-coco@lists.linux.dev
Subject: Re: [PATCH net-next v3 2/2] dma-buf: heaps: system: add system_cc_decrypted heap for explicitly decrypted memory
Date: Mon, 9 Mar 2026 12:50:15 -0300 [thread overview]
Message-ID: <20260309155015.GP1687929@ziepe.ca> (raw)
In-Reply-To: <CAMkAt6o_yZ5T-3TRwymjYQZEq-Q_z=DAA3vc61h81X9sQr_CXA@mail.gmail.com>
On Mon, Mar 09, 2026 at 09:39:44AM -0600, Peter Gonda wrote:
> Great feature to have thanks Jiri! A couple naive questions.
>
> On Thu, Mar 5, 2026 at 5:38 AM Jiri Pirko <jiri@resnulli.us> wrote:
> >
> > From: Jiri Pirko <jiri@nvidia.com>
> >
> > Add a new "system_cc_decrypted" dma-buf heap to allow userspace to
> > allocate decrypted (shared) memory for confidential computing (CoCo)
> > VMs.
> >
> > On CoCo VMs, guest memory is encrypted by default. The hardware uses an
> > encryption bit in page table entries (C-bit on AMD SEV, "shared" bit on
> > Intel TDX) to control whether a given memory access is encrypted or
> > decrypted. The kernel's direct map is set up with encryption enabled,
> > so pages returned by alloc_pages() are encrypted in the direct map
> > by default. To make this memory usable for devices that do not support
> > DMA to encrypted memory (no TDISP support), it has to be explicitly
> > decrypted. A couple of things are needed to properly handle
> > decrypted memory for the dma-buf use case:
> >
> > - set_memory_decrypted() on the direct map after allocation:
> > Besides clearing the encryption bit in the direct map PTEs, this
> > also notifies the hypervisor about the page state change. On free,
> > the inverse set_memory_encrypted() must be called before returning
> > pages to the allocator. If re-encryption fails, pages
> > are intentionally leaked to prevent decrypted memory from being
> > reused as private.
> >
> > - pgprot_decrypted() for userspace and kernel virtual mappings:
> > Any new mapping of the decrypted pages, be it to userspace via
> > mmap or to kernel vmalloc space via vmap, creates PTEs independent
> > of the direct map. These must also have the encryption bit cleared,
> > otherwise accesses through them would see encrypted (garbage) data.
>
> So this only works on new mappings? What if there are existing
> mappings to the memory that will be converted to shared?
The set_memory_decrypted() is called during system_heap_allocate(), it
is not possible to change dynamically between encrypted/decrypted.
Once the heap is created every PTE is always created with the correct
pgprot.
Jason
next prev parent reply other threads:[~2026-03-09 15:50 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-05 12:36 [PATCH net-next v3 0/2] dma-buf: heaps: system: add an option to allocate explicitly decrypted memory Jiri Pirko
2026-03-05 12:36 ` [PATCH net-next v3 1/2] dma-mapping: introduce DMA_ATTR_CC_DECRYPTED for pre-decrypted memory Jiri Pirko
2026-03-08 10:19 ` Leon Romanovsky
2026-03-09 8:57 ` Jiri Pirko
2026-03-09 13:15 ` Jason Gunthorpe
2026-03-09 14:02 ` Leon Romanovsky
2026-03-09 15:18 ` Jason Gunthorpe
2026-03-09 17:51 ` Jiri Pirko
2026-03-12 0:34 ` Jason Gunthorpe
2026-03-12 9:03 ` Jiri Pirko
2026-03-12 12:06 ` Jason Gunthorpe
2026-03-12 13:27 ` Jiri Pirko
2026-03-09 12:56 ` Petr Tesarik
2026-03-09 13:01 ` Jiri Pirko
2026-03-09 13:17 ` Jason Gunthorpe
2026-03-11 14:19 ` Jiri Pirko
2026-03-05 12:36 ` [PATCH net-next v3 2/2] dma-buf: heaps: system: add system_cc_decrypted heap for explicitly decrypted memory Jiri Pirko
2026-03-09 15:39 ` Peter Gonda
2026-03-09 15:50 ` Jason Gunthorpe [this message]
2026-03-05 12:40 ` [PATCH net-next v3 0/2] dma-buf: heaps: system: add an option to allocate " Jiri Pirko
2026-03-17 13:24 ` Mostafa Saleh
2026-03-17 13:37 ` Jiri Pirko
2026-03-17 15:40 ` Mostafa Saleh
2026-03-24 12:00 ` Jason Gunthorpe
2026-03-24 12:14 ` Mostafa Saleh
2026-03-24 12:24 ` Jason Gunthorpe
2026-03-24 17:36 ` Mostafa Saleh
2026-03-24 17:57 ` Jason Gunthorpe
2026-03-24 18:32 ` Mostafa Saleh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260309155015.GP1687929@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=Brian.Starkey@arm.com \
--cc=aneesh.kumar@kernel.org \
--cc=ashish.kalra@amd.com \
--cc=benjamin.gaignard@collabora.com \
--cc=catalin.marinas@arm.com \
--cc=christian.koenig@amd.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=iommu@lists.linux.dev \
--cc=jiri@resnulli.us \
--cc=john.allen@amd.com \
--cc=jstultz@google.com \
--cc=leon@kernel.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-media@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=pgonda@google.com \
--cc=ptesarik@suse.com \
--cc=robin.murphy@arm.com \
--cc=sean.anderson@linux.dev \
--cc=steven.price@arm.com \
--cc=sumit.semwal@linaro.org \
--cc=suravee.suthikulpanit@amd.com \
--cc=suzuki.poulose@arm.com \
--cc=thomas.lendacky@amd.com \
--cc=tjmercier@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.