From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 78164C43602 for ; Wed, 1 Jul 2026 05:49:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=JoYRG1XxcK/9QOsiUMDOT3jhxEGjKd5Wo3GSx4yAaVM=; b=xWOIFaMWfiICCLvy2HScFxUozN ytjojnLwiXBwEsYE02e9dRvhLBzDi5DHhR593QwjiNVgeQ5rrVagDpNz0Mp39nQshYmK8ol9WS40p xhylaLk3/9H/lA7L4mNnsMJ3rmHLmlY1xEBCF7reqAuggo6LWs70ai2nmzFslcYwo+JTcFhz/mTml igP2fzeYA1Q6oaTyZjDfOdaabsiaCW3ajtByIxKtb6L2ornA0GP1rtxGF/i1+lU9l+odqn8gTcZiK hTSe4IVjvwRnMqBnyR8RLNgvv8bNHQHsm8H5mGR9C/XdfpNgmkEhCoG/v2/IiA7oPQEWRYEkJuHy8 bRSoQvTw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.99.1 #2 (Red Hat Linux)) id 1wenpS-00000000hnL-1GPh; Wed, 01 Jul 2026 05:49:46 +0000 Received: from tor.source.kernel.org ([172.105.4.254]) by bombadil.infradead.org with esmtps (Exim 4.99.1 #2 (Red Hat Linux)) id 1wenpR-00000000hn9-297S for linux-arm-kernel@lists.infradead.org; Wed, 01 Jul 2026 05:49:45 +0000 Received: from smtp.kernel.org (quasi.space.kernel.org [100.103.45.18]) by tor.source.kernel.org (Postfix) with ESMTP id 94AF7601D6; Wed, 1 Jul 2026 05:49:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6DE8E1F000E9; Wed, 1 Jul 2026 05:49:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1782884984; bh=JoYRG1XxcK/9QOsiUMDOT3jhxEGjKd5Wo3GSx4yAaVM=; h=From:To:Cc:Subject:Date; b=jIlaovljZqMSuR+TUEkKxmB87J1isqkeUOf6mQCggDk+JlOZJf5IR/hA4HltAo0n+ 0viZ4/M6Rc6DzSx0Z8wRRhgfZ0vsaFfHp/WfIcHKqQucoNt+uQWDxvSHn/ysfPpij8 z6dcuraBSNAkdazQN7s0i3HD0sACsjiTFf6CVbPxN2C3c2GsnDaTpNZk688IDUynDi W08zohKSOUHkjzUkJtVQJpHNfblqi6RD6rBlCi9zvdzfWWa2i9qXxWcQY6APMZy5Me FnE9Y0hAI3Cf3laf30h7Q+RxAuvf204Y9SXETEOvtMPUhFPtjYsEFGIeq22Sr79rut zkpzWSwfaUxrQ== From: "Aneesh Kumar K.V (Arm)" To: iommu@lists.linux.dev, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev Cc: "Aneesh Kumar K.V (Arm)" , Robin Murphy , Marek Szyprowski , Will Deacon , Marc Zyngier , Steven Price , Suzuki K Poulose , Catalin Marinas , Jiri Pirko , Jason Gunthorpe , Mostafa Saleh , Petr Tesarik , Alexey Kardashevskiy , Dan Williams , Xu Yilun , linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, Madhavan Srinivasan , Michael Ellerman , Nicholas Piggin , "Christophe Leroy (CS GROUP)" , Alexander Gordeev , Gerald Schaefer , Heiko Carstens , Vasily Gorbik , Christian Borntraeger , Sven Schnelle , x86@kernel.org Subject: [PATCH v7 00/22] dma-mapping: Track shared DMA state through direct, pool and swiotlb paths Date: Wed, 1 Jul 2026 11:19:04 +0530 Message-ID: <20260701054926.825925-1-aneesh.kumar@kernel.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This series tracks confidential-computing shared DMA state through the dma-direct, dma-pool, and swiotlb paths so that encrypted and decrypted DMA buffers are handled consistently. Today, the direct DMA path mostly relies on force_dma_unencrypted() for shared/decrypted buffer handling. This series consolidates the force_dma_unencrypted() checks in the top-level functions and ensures that the remaining DMA interfaces use DMA attributes to make the correct decisions. The series separates mapping and allocation state: - DMA_ATTR_CC_SHARED describes the DMA address attribute requested for a mapping. It tells the DMA mapping path that the DMA address must target shared/decrypted memory. - __DMA_ATTR_ALLOC_CC_SHARED is an internal DMA-mapping attribute used only by allocation paths after the DMA core decides that the backing pages must be allocated as shared/decrypted memory. The series: - moves swiotlb-backed allocations out of __dma_direct_alloc_pages(), - uses __DMA_ATTR_ALLOC_CC_SHARED through the dma-direct alloc/free paths - teaches the atomic DMA pools to track encrypted versus decrypted state - tracks swiotlb pool encryption state and enforces strict pool selection - centralizes encrypted/decrypted pgprot handling in dma_pgprot() using DMA attributes - passes DMA attributes down to dma_capable() so capability checks can validate whether the selected DMA address encoding matches DMA_ATTR_CC_SHARED - makes dma_direct_map_phys() choose the DMA address encoding from DMA_ATTR_CC_SHARED and fall back to swiotlb when a shared DMA request cannot use the direct mapping, which lets arm64 and x86 CCA guests stop relying on SWIOTLB_FORCE for DMA mappings - use the selected swiotlb pool state to derive the returned DMA address - reports CC_ATTR_GUEST_MEM_ENCRYPT for arm64 Realms, powerpc secure guests, and s390 protected virtualization guests. Dependency: This series depends on the pKVM changes posted at: https://lore.kernel.org/all/20260603110522.3331819-1-smostafa@google.com Please merge this series only after the pKVM changes above are merged. Otherwise pKVM will be broken. Changes since v6: * Rebase onto the latest kernel. * Add __DMA_ATTR_ALLOC_CC_SHARED for allocation paths. DMA_ATTR_CC_SHARED is now used to describe the requested DMA mapping address attribute, while __DMA_ATTR_ALLOC_CC_SHARED is used internally when allocating shared/decrypted backing pages. * Report CC_ATTR_GUEST_MEM_ENCRYPT for arm64 Realms, powerpc secure guests, and s390 protected virtualization guests. * Add CC_ATTR_HOST_MEM_ENCRYPT and swiotlb=force fixes. Changes since v5: https://lore.kernel.org/all/20260522042815.370873-1-aneesh.kumar@kernel.org * Add Tested-by * Drop the pKVM patch, which has now been posted separately: https://lore.kernel.org/all/20260603110522.3331819-1-smostafa@google.com * Remove the DO_NOT_MERGE tag from the s390 change. * Add a patch to drop the SWIOTLB_FORCE flag. * Rebase onto the latest kernel. Changes since v4: https://lore.kernel.org/all/20260512090408.794195-1-aneesh.kumar@kernel.org * Add new patches based on Sashiko review: swiotlb: Preserve allocation virtual address for dynamic pools dma: free atomic pool pages by physical address dma: swiotlb: handle set_memory_decrypted() failures dma: swiotlb: free dynamic pools from process context iommu/dma: Check atomic pool allocation result directly * Include pKVM and s390 changes as dependent patches. These are not yet ready to merge and are waiting for subsystem testing feedback. * Drop the AMD GART patch because it requires wider testing. * Update swiotlb_tbl_map_single() to take attrs by reference. * Switch swiotlb_free() to use rcu_work. * Avoid calling swiotlb_find_pool() multiple times in the free path. * Make DMA_ATTR_MMIO imply DMA_ATTR_CC_SHARED for devices requiring unencrypted DMA. Changes from v3: https://lore.kernel.org/all/20260427055509.898190-1-aneesh.kumar@kernel.org * Handle DMA_ATTR_MMIO correctly in dma_direct_map_phys() * Address most of sashiko review * Rebase to latest kernel * drop SWIOTLB_FORCE for s390 and powerpc secure guest. Changes from v2: https://lore.kernel.org/all/20260420061415.3650870-1-aneesh.kumar@kernel.org * pass attrs to dma_capable() and update direct, swiotlb, Xen swiotlb, and x86 GART paths so the capability checks see the DMA address attr value DMA_ATTR_CC_SHARED. * rework dma_direct_map_phys() so DMA_ATTR_CC_SHARED selects phys_to_dma_unencrypted() while the default path uses phys_to_dma_encrypted(), with swiotlb fallback when the requested shared/private state cannot be satisfied by a direct DMA address. * stop relying on SWIOTLB_FORCE for arm64 and x86 CC guest DMA mappings; swiotlb is still enabled there, but shared mappings is now selected through the generic dma_direct_map_phys()/dma_capable() decision instead of a global force-bounce flag. Changes from v1: https://lore.kernel.org/all/20260417085900.3062416-1-aneesh.kumar@kernel.org * rebased to latest kernel (change from DMA_ATTR_CC_DECRYPTED -> DMA_ATTR_CC_SHARED) * update the alloc path so DMA_ATTR_CC_SHARED is not a caller-visible attribute. Cc: Robin Murphy Cc: Marek Szyprowski Cc: Will Deacon Cc: Marc Zyngier Cc: Steven Price Cc: Suzuki K Poulose Cc: Catalin Marinas Cc: Jiri Pirko Cc: Jason Gunthorpe Cc: Mostafa Saleh Cc: Petr Tesarik Cc: Alexey Kardashevskiy Cc: Dan Williams Cc: Xu Yilun Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-s390@vger.kernel.org Cc: Madhavan Srinivasan Cc: Michael Ellerman Cc: Nicholas Piggin Cc: "Christophe Leroy (CS GROUP)" Cc: Alexander Gordeev Cc: Gerald Schaefer Cc: Heiko Carstens Cc: Vasily Gorbik Cc: Christian Borntraeger Cc: Sven Schnelle Cc: x86@kernel.org Aneesh Kumar K.V (Arm) (22): dma-direct: return struct page from dma_direct_alloc_from_pool() dma-pool: fix page leak in atomic_pool_expand() cleanup iommu/dma: Check atomic pool allocation result directly dma: free atomic pool pages by physical address swiotlb: Preserve allocation virtual address for dynamic pools s390: Expose protected virtualization through cc_platform_has() dma-direct: swiotlb: handle swiotlb alloc/free outside __dma_direct_alloc_pages coco: arm64: s390: powerpc: Mark secure guests with CC_ATTR_GUEST_MEM_ENCRYPT dma-mapping: Add internal shared allocation attribute dma-direct: use __DMA_ATTR_ALLOC_CC_SHARED in alloc/free paths dma-pool: track decrypted atomic pools and select them via attrs dma: swiotlb: pass mapping attributes by reference dma: swiotlb: track pool encryption state and honor DMA_ATTR_CC_SHARED dma-mapping: make dma_pgprot() honor __DMA_ATTR_ALLOC_CC_SHARED dma-direct: pass attrs to dma_capable() for DMA_ATTR_CC_SHARED checks dma-direct: make dma_direct_map_phys() honor DMA_ATTR_CC_SHARED dma-direct: set decrypted flag for remapped DMA allocations dma-direct: select DMA address encoding from __DMA_ATTR_ALLOC_CC_SHARED dma-direct: rename ret to cpu_addr in alloc helpers dma: swiotlb: free dynamic pools from process context dma: swiotlb: handle set_memory_decrypted() failures swiotlb: remove unused SWIOTLB_FORCE flag Documentation/core-api/dma-attributes.rst | 29 ++ arch/arm64/kernel/rsi.c | 1 + arch/arm64/mm/init.c | 4 +- arch/powerpc/platforms/pseries/cc_platform.c | 1 + arch/powerpc/platforms/pseries/svm.c | 2 +- arch/s390/Kconfig | 1 + arch/s390/mm/init.c | 17 +- arch/x86/kernel/amd_gart_64.c | 30 +- arch/x86/kernel/pci-dma.c | 4 +- drivers/iommu/dma-iommu.c | 20 +- drivers/xen/swiotlb-xen.c | 8 +- include/linux/dma-direct.h | 20 +- include/linux/dma-map-ops.h | 3 +- include/linux/dma-mapping.h | 8 + include/linux/swiotlb.h | 25 +- include/trace/events/dma.h | 3 +- kernel/dma/direct.c | 264 ++++++++++++----- kernel/dma/direct.h | 47 +-- kernel/dma/mapping.c | 25 +- kernel/dma/pool.c | 221 ++++++++++---- kernel/dma/swiotlb.c | 292 ++++++++++++++----- 21 files changed, 756 insertions(+), 269 deletions(-) base-commit: dc59e4fea9d83f03bad6bddf3fa2e52491777482 -- 2.43.0