Re: [RFC PATCH v2 4/5] dma-mapping: Refactor memory encryption usage

public inbox for iommu@lists.linux-foundation.org
 help / color / mirror / Atom feed

From: Jason Gunthorpe <jgg@ziepe.ca>
To: Mostafa Saleh <smostafa@google.com>
Cc: iommu@lists.linux.dev, linux-kernel@vger.kernel.org,
	robin.murphy@arm.com, m.szyprowski@samsung.com, will@kernel.org,
	maz@kernel.org, suzuki.poulose@arm.com, catalin.marinas@arm.com,
	jiri@resnulli.us, aneesh.kumar@kernel.org
Subject: Re: [RFC PATCH v2 4/5] dma-mapping: Refactor memory encryption usage
Date: Mon, 30 Mar 2026 12:27:12 -0300	[thread overview]
Message-ID: <20260330152712.GD809900@ziepe.ca> (raw)
In-Reply-To: <20260330145043.1586623-5-smostafa@google.com>

On Mon, Mar 30, 2026 at 02:50:42PM +0000, Mostafa Saleh wrote:
> At the moment dma-direct deals with memory encryption in 2 cases
> - Pre-decrypted restricted dma-pools
> - Arch code through force_dma_unencrypted()
> 
> In the first case, the memory is owned by the pool and the decryption
> is not managed by the dma-direct.
> 
> However, it should be aware of it to use the appropriate phys_to_dma*
> and page table prot.
> 
> For the second case, it’s the job of the dma-direct to manage the
> decryption of the allocated memory.
> 
> As there have been bugs in this code due to wrong or missing
> checks and there are more use cases coming for memory decryption,
> we need more robust checks in the code to abstract the core logic,
> so introduce some local helpers:
> - dma_external_decryption(): For pages decrypted but managed externally
> - dma_owns_decryption(): For pages need to be decrypted and managed
>   by dma-direct
> - is_dma_decrypted(): To check if memory is decrypted

I can't even make sense of what this is trying to explain, talking
about page management along with 'dev' is nonsense. The management of
pages is intrinsic to the API, it doesn't change.

I think start with adding a direct flags annotation and then come back
to figure out if we need some kind of helpers.

I would expect any helper taking in dev to only be answering two dev 
questions:

  'dev can dma from encrypted(dev)'
  'dev can dma from unencrytped(dev)'

At each of the points in the API flow the phys under consideration is
known to be encrypted or decrypted, and those two helpers tell
everything needed.

So I'd expect the restricted flow to look more like

- phys comes in to be dma mapped, it is encrypted
- 'dev can dma from encrypted(dev)' fails so we go to swiotlb
- swiotlb allocates from a restricted pool, and learns through flags
  that the new phys is decrypted
- decrypted phys flows through the rest of the machinery.

We never check 'dev can dma from encrypted(dev)' a second time.

Jason

next prev parent reply	other threads:[~2026-03-30 15:27 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-30 14:50 [RFC PATCH v2 0/5] dma-mapping: Fixes for memory encryption Mostafa Saleh
2026-03-30 14:50 ` [RFC PATCH v2 1/5] dma-mapping: Avoid double decrypting with DMA_RESTRICTED_POOL Mostafa Saleh
2026-03-30 15:06   ` Jason Gunthorpe
2026-03-30 20:43     ` Mostafa Saleh
2026-03-31 11:34       ` Suzuki K Poulose
2026-03-31 12:50         ` Mostafa Saleh
2026-04-13  6:00       ` Aneesh Kumar K.V
2026-04-13 12:35         ` Jason Gunthorpe
2026-04-13 15:25           ` Aneesh Kumar K.V
2026-04-13 16:10             ` Jason Gunthorpe
2026-03-30 14:50 ` [RFC PATCH v2 2/5] dma-mapping: Use the correct phys_to_dma() for DMA_RESTRICTED_POOL Mostafa Saleh
2026-03-30 15:09   ` Jason Gunthorpe
2026-03-30 20:47     ` Mostafa Saleh
2026-03-30 22:28       ` Jason Gunthorpe
2026-04-13  6:08   ` Aneesh Kumar K.V
2026-04-15 20:27     ` Mostafa Saleh
2026-04-16  6:50       ` Aneesh Kumar K.V
2026-04-16  8:35         ` Mostafa Saleh
2026-03-30 14:50 ` [RFC PATCH v2 3/5] dma-mapping: Decrypt memory on remap Mostafa Saleh
2026-03-30 15:19   ` Jason Gunthorpe
2026-03-30 20:49     ` Mostafa Saleh
2026-03-30 22:30       ` Jason Gunthorpe
2026-04-13  6:23   ` Aneesh Kumar K.V
2026-04-15 20:31     ` Mostafa Saleh
2026-03-30 14:50 ` [RFC PATCH v2 4/5] dma-mapping: Refactor memory encryption usage Mostafa Saleh
2026-03-30 15:27   ` Jason Gunthorpe [this message]
2026-03-30 14:50 ` [RFC PATCH v2 5/5] dma-mapping: Add doc for memory encryption Mostafa Saleh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260330152712.GD809900@ziepe.ca \
    --to=jgg@ziepe.ca \
    --cc=aneesh.kumar@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=iommu@lists.linux.dev \
    --cc=jiri@resnulli.us \
    --cc=linux-kernel@vger.kernel.org \
    --cc=m.szyprowski@samsung.com \
    --cc=maz@kernel.org \
    --cc=robin.murphy@arm.com \
    --cc=smostafa@google.com \
    --cc=suzuki.poulose@arm.com \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox