From: Jason Gunthorpe <jgg@ziepe.ca>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: Kameron Carr <kameroncarr@linux.microsoft.com>,
akpm@linux-foundation.org, urezki@gmail.com, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, rppt@kernel.org,
mhklinux@outlook.com, linux-coco@lists.linux.dev,
Suzuki K Poulose <Suzuki.Poulose@arm.com>
Subject: Re: [RFC PATCH] mm/vmalloc: add vmalloc_decrypted() and vzalloc_decrypted()
Date: Thu, 11 Jun 2026 08:49:54 -0300 [thread overview]
Message-ID: <20260611114954.GC1066031@ziepe.ca> (raw)
In-Reply-To: <aibhnnDFQTHWMEFe@arm.com>
On Mon, Jun 08, 2026 at 04:37:02PM +0100, Catalin Marinas wrote:
> > +/**
> > + * vzalloc_decrypted - allocate zeroed virtually contiguous decrypted memory
> > + * @size: allocation size
> > + *
> > + * Like vmalloc_decrypted(), but the memory is set to zero.
> > + *
> > + * Return: pointer to the allocated memory or %NULL on error
> > + */
> > +void *vzalloc_decrypted_noprof(unsigned long size)
> > +{
> > + void *addr;
> > +
> > + addr = __vmalloc_node_range_noprof(size, 1, VMALLOC_START, VMALLOC_END,
> > + GFP_KERNEL,
> > + pgprot_decrypted(PAGE_KERNEL),
> > + VM_DECRYPTED, NUMA_NO_NODE,
> > + __builtin_return_address(0));
> > + if (addr)
> > + memset(addr, 0, size);
>
> Talking to Suzuki, the small window between set_memory_decrypted() and
> memset() potentially exposing stale data is safe, at least for Arm CCA
> as the memory would be scrubbed (there are other places in the kernel
> where we do something similar). I assume that's also the case for other
> architectures, although not sure what pKVM does.
It seems like a poor practice though, this should probably be
re-organized to use __GFP_ZERO so things are ordered sensibly.
But what is the purpose of this? I guess some hyperv thing - but
shouldn't we have a more structured way to "DMA map" things for the
hypervisor instead of stuff like this? Why can't you use
dma_alloc_coherent() which actually gives you an address that is
sensible to pass to the hypervisor?
Jason
prev parent reply other threads:[~2026-06-11 11:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260521205834.1012925-1-kameroncarr@linux.microsoft.com>
2026-06-08 15:37 ` [RFC PATCH] mm/vmalloc: add vmalloc_decrypted() and vzalloc_decrypted() Catalin Marinas
2026-06-11 11:49 ` Jason Gunthorpe [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260611114954.GC1066031@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=Suzuki.Poulose@arm.com \
--cc=akpm@linux-foundation.org \
--cc=catalin.marinas@arm.com \
--cc=kameroncarr@linux.microsoft.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhklinux@outlook.com \
--cc=rppt@kernel.org \
--cc=urezki@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox