Re: [PATCH v5 2/2] dma-buf: heaps: system: add system_cc_shared heap for explicitly shared memory

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Gunthorpe <jgg@nvidia.com>
To: Jiri Pirko <jiri@resnulli.us>
Cc: dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
	iommu@lists.linux.dev, linux-media@vger.kernel.org,
	sumit.semwal@linaro.org, benjamin.gaignard@collabora.com,
	Brian.Starkey@arm.com, jstultz@google.com, tjmercier@google.com,
	christian.koenig@amd.com, m.szyprowski@samsung.com,
	robin.murphy@arm.com, leon@kernel.org, sean.anderson@linux.dev,
	ptesarik@suse.com, catalin.marinas@arm.com,
	aneesh.kumar@kernel.org, suzuki.poulose@arm.com,
	steven.price@arm.com, thomas.lendacky@amd.com,
	john.allen@amd.com, ashish.kalra@amd.com,
	suravee.suthikulpanit@amd.com, linux-coco@lists.linux.dev
Subject: Re: [PATCH v5 2/2] dma-buf: heaps: system: add system_cc_shared heap for explicitly shared memory
Date: Tue, 31 Mar 2026 12:08:36 -0300	[thread overview]
Message-ID: <20260331150836.GB2308548@nvidia.com> (raw)
In-Reply-To: <20260325192352.437608-3-jiri@resnulli.us>

On Wed, Mar 25, 2026 at 08:23:52PM +0100, Jiri Pirko wrote:
> From: Jiri Pirko <jiri@nvidia.com>
> 
> Add a new "system_cc_shared" dma-buf heap to allow userspace to
> allocate shared (decrypted) memory for confidential computing (CoCo)
> VMs.
> 
> On CoCo VMs, guest memory is private by default. The hardware uses an
> encryption bit in page table entries (C-bit on AMD SEV, "shared" bit on
> Intel TDX) to control whether a given memory access is private or
> shared. The kernel's direct map is set up as private,
> so pages returned by alloc_pages() are private in the direct map
> by default. To make this memory usable for devices that do not support
> DMA to private memory (no TDISP support), it has to be explicitly
> shared. A couple of things are needed to properly handle
> shared memory for the dma-buf use case:
> 
> - set_memory_decrypted() on the direct map after allocation:
>   Besides clearing the encryption bit in the direct map PTEs, this
>   also notifies the hypervisor about the page state change. On free,
>   the inverse set_memory_encrypted() must be called before returning
>   pages to the allocator. If re-encryption fails, pages
>   are intentionally leaked to prevent shared memory from being
>   reused as private.
> 
> - pgprot_decrypted() for userspace and kernel virtual mappings:
>   Any new mapping of the shared pages, be it to userspace via
>   mmap or to kernel vmalloc space via vmap, creates PTEs independent
>   of the direct map. These must also have the encryption bit cleared,
>   otherwise accesses through them would see encrypted (garbage) data.
> 
> - DMA_ATTR_CC_SHARED for DMA mapping:
>   Since the pages are already shared, the DMA API needs to be
>   informed via DMA_ATTR_CC_SHARED so it can map them correctly
>   as unencrypted for device access.
> 
> On non-CoCo VMs, the system_cc_shared heap is not registered
> to prevent misuse by userspace that does not understand
> the security implications of explicitly shared memory.
> 
> Signed-off-by: Jiri Pirko <jiri@nvidia.com>
> ---
> v4->v5:
> - bools renamed: s/decrypted/cc_decrypted/
> - other renames: s/decrypted/decrypted/ - this included name of the heap
> v2->v3:
> - removed couple of leftovers from headers
> v1->v2:
> - fixed build errors on s390 by including mem_encrypt.h
> - converted system heap flag implementation to a separate heap
> ---
>  drivers/dma-buf/heaps/system_heap.c | 103 ++++++++++++++++++++++++++--
>  1 file changed, 98 insertions(+), 5 deletions(-)

Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>

Jason

next prev parent reply	other threads:[~2026-03-31 15:08 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20260325192400eucas1p2ae38ff4c2b3ab35a7047cfd680d9fda3@eucas1p2.samsung.com>
2026-03-25 19:23 ` [PATCH v5 0/2] dma-buf: heaps: system: add an option to allocate explicitly shared/decrypted memory Jiri Pirko
2026-03-25 19:23   ` [PATCH v5 1/2] dma-mapping: introduce DMA_ATTR_CC_SHARED for shared memory Jiri Pirko
2026-03-31 15:08     ` Jason Gunthorpe
2026-04-20  6:34     ` Aneesh Kumar K.V
2026-04-20  9:29       ` Jiri Pirko
2026-04-21  9:42         ` Aneesh Kumar K.V
2026-04-21 11:53           ` Jiri Pirko
2026-04-21 12:10             ` Jason Gunthorpe
2026-04-22  7:51               ` Petr Tesarik
2026-04-22  9:18               ` Aneesh Kumar K.V
2026-04-24 22:55                 ` Jason Gunthorpe
2026-04-26 13:05                   ` Jason Gunthorpe
2026-03-25 19:23   ` [PATCH v5 2/2] dma-buf: heaps: system: add system_cc_shared heap for explicitly " Jiri Pirko
2026-03-27 19:43     ` T.J. Mercier
2026-03-31 15:08     ` Jason Gunthorpe [this message]
2026-04-02 12:23     ` Maxime Ripard
2026-04-02 12:56       ` Jiri Pirko
2026-03-27  9:38   ` [PATCH v5 0/2] dma-buf: heaps: system: add an option to allocate explicitly shared/decrypted memory Marek Szyprowski
2026-03-27 12:10     ` Jason Gunthorpe
2026-03-27 19:43       ` T.J. Mercier
2026-04-02  4:41   ` Sumit Semwal
2026-04-02  5:35     ` Marek Szyprowski
2026-04-02  9:52   ` Brian Starkey
2026-04-02 12:02     ` Jason Gunthorpe
2026-04-02 12:58       ` Jiri Pirko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260331150836.GB2308548@nvidia.com \
    --to=jgg@nvidia.com \
    --cc=Brian.Starkey@arm.com \
    --cc=aneesh.kumar@kernel.org \
    --cc=ashish.kalra@amd.com \
    --cc=benjamin.gaignard@collabora.com \
    --cc=catalin.marinas@arm.com \
    --cc=christian.koenig@amd.com \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=iommu@lists.linux.dev \
    --cc=jiri@resnulli.us \
    --cc=john.allen@amd.com \
    --cc=jstultz@google.com \
    --cc=leon@kernel.org \
    --cc=linaro-mm-sig@lists.linaro.org \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-media@vger.kernel.org \
    --cc=m.szyprowski@samsung.com \
    --cc=ptesarik@suse.com \
    --cc=robin.murphy@arm.com \
    --cc=sean.anderson@linux.dev \
    --cc=steven.price@arm.com \
    --cc=sumit.semwal@linaro.org \
    --cc=suravee.suthikulpanit@amd.com \
    --cc=suzuki.poulose@arm.com \
    --cc=thomas.lendacky@amd.com \
    --cc=tjmercier@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.