Re: [RFC PATCH v2 3/5] dma-mapping: Decrypt memory on remap

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mostafa Saleh <smostafa@google.com>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: iommu@lists.linux.dev, linux-kernel@vger.kernel.org,
	robin.murphy@arm.com, m.szyprowski@samsung.com, will@kernel.org,
	maz@kernel.org, suzuki.poulose@arm.com, catalin.marinas@arm.com,
	jiri@resnulli.us, aneesh.kumar@kernel.org
Subject: Re: [RFC PATCH v2 3/5] dma-mapping: Decrypt memory on remap
Date: Mon, 30 Mar 2026 20:49:31 +0000	[thread overview]
Message-ID: <acrh26HVqbQ8B6Eu@google.com> (raw)
In-Reply-To: <20260330151900.GC809900@ziepe.ca>

On Mon, Mar 30, 2026 at 12:19:00PM -0300, Jason Gunthorpe wrote:
> On Mon, Mar 30, 2026 at 02:50:41PM +0000, Mostafa Saleh wrote:
> 
> > @@ -265,6 +266,9 @@ void *dma_direct_alloc(struct device *dev, size_t size,
> >  		set_uncached = false;
> >  	}
> >  
> > +	if (dma_set_decrypted(dev, page_address(page), size))
> > +		goto out_leak_pages;
> > +
> >  	if (remap) {
> >  		pgprot_t prot = dma_pgprot(dev, PAGE_KERNEL, attrs);
> >
> >                if (force_dma_unencrypted(dev))
> >                        prot = pgprot_decrypted(prot);
> 
> It seems confusing, why do we unconditionally call something called
> dma_set_decrypted() and then conditionally call pgprot_decrypted()?

dma_set_decrypted() will call force_dma_unencrypted() so that check
is consistent.

> 
> So, I think the same remark, lets not sprinkle these tests all over
> the place and risk them becoming inconsistent. It should be much more
> direct, like:

I agree we shouldn’t be sprinkling all these random calls all over the code,
that’s why I was trying to consolidate the logic in the next patch.

> 
>     page = __dma_direct_alloc_pages(dev, size, gfp & ~__GFP_ZERO,
> 				    allow_highmem, &flags);
> 
>     if (!dev_can_dma_from_encrypted(dev) && !(flags & FLAG_DECRYPTED)) {
>        dma_set_decrypted(dev, page_address(page));
>        flags = FLAG_DECRYPTED;
>     }
> 
>     if (flags & FLAG_DECRYPTED)
>        prot = pgprot_decrypted(prot);
> 
> And so on.
> 
> The one place we should see a force_dma_unencrypted() is directly
> before setting the flag.

I will look more into this, but my main worry would be
phys_to_dma_direct() and it's callers as I am not sure if is possible to
preserve the alloction origin in all contexts.

Thanks,
Mostafa



> 
> Jason

next prev parent reply	other threads:[~2026-03-30 20:49 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-30 14:50 [RFC PATCH v2 0/5] dma-mapping: Fixes for memory encryption Mostafa Saleh
2026-03-30 14:50 ` [RFC PATCH v2 1/5] dma-mapping: Avoid double decrypting with DMA_RESTRICTED_POOL Mostafa Saleh
2026-03-30 15:06   ` Jason Gunthorpe
2026-03-30 20:43     ` Mostafa Saleh
2026-03-31 11:34       ` Suzuki K Poulose
2026-03-31 12:50         ` Mostafa Saleh
2026-04-13  6:00       ` Aneesh Kumar K.V
2026-04-13 12:35         ` Jason Gunthorpe
2026-04-13 15:25           ` Aneesh Kumar K.V
2026-04-13 16:10             ` Jason Gunthorpe
2026-03-30 14:50 ` [RFC PATCH v2 2/5] dma-mapping: Use the correct phys_to_dma() for DMA_RESTRICTED_POOL Mostafa Saleh
2026-03-30 15:09   ` Jason Gunthorpe
2026-03-30 20:47     ` Mostafa Saleh
2026-03-30 22:28       ` Jason Gunthorpe
2026-04-13  6:08   ` Aneesh Kumar K.V
2026-04-15 20:27     ` Mostafa Saleh
2026-04-16  6:50       ` Aneesh Kumar K.V
2026-04-16  8:35         ` Mostafa Saleh
2026-03-30 14:50 ` [RFC PATCH v2 3/5] dma-mapping: Decrypt memory on remap Mostafa Saleh
2026-03-30 15:19   ` Jason Gunthorpe
2026-03-30 20:49     ` Mostafa Saleh [this message]
2026-03-30 22:30       ` Jason Gunthorpe
2026-04-13  6:23   ` Aneesh Kumar K.V
2026-04-15 20:31     ` Mostafa Saleh
2026-03-30 14:50 ` [RFC PATCH v2 4/5] dma-mapping: Refactor memory encryption usage Mostafa Saleh
2026-03-30 15:27   ` Jason Gunthorpe
2026-03-30 14:50 ` [RFC PATCH v2 5/5] dma-mapping: Add doc for memory encryption Mostafa Saleh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=acrh26HVqbQ8B6Eu@google.com \
    --to=smostafa@google.com \
    --cc=aneesh.kumar@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=iommu@lists.linux.dev \
    --cc=jgg@ziepe.ca \
    --cc=jiri@resnulli.us \
    --cc=linux-kernel@vger.kernel.org \
    --cc=m.szyprowski@samsung.com \
    --cc=maz@kernel.org \
    --cc=robin.murphy@arm.com \
    --cc=suzuki.poulose@arm.com \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.