From: Mostafa Saleh <smostafa@google.com>
To: iommu@lists.linux.dev, linux-kernel@vger.kernel.org
Cc: robin.murphy@arm.com, m.szyprowski@samsung.com, will@kernel.org,
maz@kernel.org, suzuki.poulose@arm.com, catalin.marinas@arm.com,
jiri@resnulli.us, jgg@ziepe.ca, aneesh.kumar@kernel.org,
Mostafa Saleh <smostafa@google.com>
Subject: [RFC PATCH v2 3/5] dma-mapping: Decrypt memory on remap
Date: Mon, 30 Mar 2026 14:50:41 +0000 [thread overview]
Message-ID: <20260330145043.1586623-4-smostafa@google.com> (raw)
In-Reply-To: <20260330145043.1586623-1-smostafa@google.com>
In case memory needs to be remapped on systems with
force_dma_unencrypted(), where this memory is not allocated
from a restricted-dma pool, this was currently ignored, while only
setting the decrypted pgprot in the remapped alias.
The memory still needs to be decrypted in that case.
With memory decryption, don't allow highmem allocations, but that
shouldn't be a problem on such modern systems.
Reported-by: Catalin Marinas <catalin.marinas@arm.com>
Fixes: f3c962226dbe ("dma-direct: clean up the remapping checks in dma_direct_alloc")
Signed-off-by: Mostafa Saleh <smostafa@google.com>
---
kernel/dma/direct.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/kernel/dma/direct.c b/kernel/dma/direct.c
index 1a402bb956d9..a4260689bcc8 100644
--- a/kernel/dma/direct.c
+++ b/kernel/dma/direct.c
@@ -203,6 +203,7 @@ static void *dma_direct_alloc_no_mapping(struct device *dev, size_t size,
void *dma_direct_alloc(struct device *dev, size_t size,
dma_addr_t *dma_handle, gfp_t gfp, unsigned long attrs)
{
+ bool allow_highmem = !force_dma_unencrypted(dev);
bool remap = false, set_uncached = false;
struct page *page;
void *ret;
@@ -251,7 +252,7 @@ void *dma_direct_alloc(struct device *dev, size_t size,
return dma_direct_alloc_from_pool(dev, size, dma_handle, gfp);
/* we always manually zero the memory once we are done */
- page = __dma_direct_alloc_pages(dev, size, gfp & ~__GFP_ZERO, true);
+ page = __dma_direct_alloc_pages(dev, size, gfp & ~__GFP_ZERO, allow_highmem);
if (!page)
return NULL;
@@ -265,6 +266,9 @@ void *dma_direct_alloc(struct device *dev, size_t size,
set_uncached = false;
}
+ if (dma_set_decrypted(dev, page_address(page), size))
+ goto out_leak_pages;
+
if (remap) {
pgprot_t prot = dma_pgprot(dev, PAGE_KERNEL, attrs);
@@ -278,11 +282,9 @@ void *dma_direct_alloc(struct device *dev, size_t size,
ret = dma_common_contiguous_remap(page, size, prot,
__builtin_return_address(0));
if (!ret)
- goto out_free_pages;
+ goto out_encrypt_pages;
} else {
ret = page_address(page);
- if (dma_set_decrypted(dev, ret, size))
- goto out_leak_pages;
}
memset(ret, 0, size);
@@ -300,7 +302,6 @@ void *dma_direct_alloc(struct device *dev, size_t size,
out_encrypt_pages:
if (dma_set_encrypted(dev, page_address(page), size))
return NULL;
-out_free_pages:
__dma_direct_free_pages(dev, page, size);
return NULL;
out_leak_pages:
@@ -339,7 +340,12 @@ void dma_direct_free(struct device *dev, size_t size,
return;
if (is_vmalloc_addr(cpu_addr)) {
+ void *vaddr = page_address(dma_direct_to_page(dev, dma_addr));
+
vunmap(cpu_addr);
+
+ if (dma_set_encrypted(dev, vaddr, size))
+ return;
} else {
if (IS_ENABLED(CONFIG_ARCH_HAS_DMA_CLEAR_UNCACHED))
arch_dma_clear_uncached(cpu_addr, size);
--
2.53.0.1185.g05d4b7b318-goog
next prev parent reply other threads:[~2026-03-30 14:51 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-30 14:50 [RFC PATCH v2 0/5] dma-mapping: Fixes for memory encryption Mostafa Saleh
2026-03-30 14:50 ` [RFC PATCH v2 1/5] dma-mapping: Avoid double decrypting with DMA_RESTRICTED_POOL Mostafa Saleh
2026-03-30 15:06 ` Jason Gunthorpe
2026-03-30 20:43 ` Mostafa Saleh
2026-03-31 11:34 ` Suzuki K Poulose
2026-03-31 12:50 ` Mostafa Saleh
2026-03-30 14:50 ` [RFC PATCH v2 2/5] dma-mapping: Use the correct phys_to_dma() for DMA_RESTRICTED_POOL Mostafa Saleh
2026-03-30 15:09 ` Jason Gunthorpe
2026-03-30 20:47 ` Mostafa Saleh
2026-03-30 22:28 ` Jason Gunthorpe
2026-03-30 14:50 ` Mostafa Saleh [this message]
2026-03-30 15:19 ` [RFC PATCH v2 3/5] dma-mapping: Decrypt memory on remap Jason Gunthorpe
2026-03-30 20:49 ` Mostafa Saleh
2026-03-30 22:30 ` Jason Gunthorpe
2026-03-30 14:50 ` [RFC PATCH v2 4/5] dma-mapping: Refactor memory encryption usage Mostafa Saleh
2026-03-30 15:27 ` Jason Gunthorpe
2026-03-30 14:50 ` [RFC PATCH v2 5/5] dma-mapping: Add doc for memory encryption Mostafa Saleh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260330145043.1586623-4-smostafa@google.com \
--to=smostafa@google.com \
--cc=aneesh.kumar@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=iommu@lists.linux.dev \
--cc=jgg@ziepe.ca \
--cc=jiri@resnulli.us \
--cc=linux-kernel@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=maz@kernel.org \
--cc=robin.murphy@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox