From: Robin Murphy <robin.murphy@arm.com>
To: Christoph Hellwig <hch@lst.de>, iommu@lists.linux-foundation.org
Cc: David Rientjes <rientjes@google.com>
Subject: Re: [PATCH 03/11] dma-direct: always leak memory that can't be re-encrypted
Date: Mon, 6 Dec 2021 16:32:58 +0000 [thread overview]
Message-ID: <6a8f8c40-a3bd-9dac-fbf1-8feeca8ac554@arm.com> (raw)
In-Reply-To: <20211111065028.32761-4-hch@lst.de>
On 2021-11-11 06:50, Christoph Hellwig wrote:
> We must never unencryped memory go back into the general page pool.
> So if we fail to set it back to encrypted when freeing DMA memory, leak
> the memory insted and warn the user.
Nit: typos of "unencrypted" and "instead". Plus presumably the first
sentence was meant to have a "let" or similar in there too.
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> kernel/dma/direct.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/kernel/dma/direct.c b/kernel/dma/direct.c
> index 996ba4edb2fa3..d7a489be48470 100644
> --- a/kernel/dma/direct.c
> +++ b/kernel/dma/direct.c
> @@ -84,9 +84,14 @@ static int dma_set_decrypted(struct device *dev, void *vaddr, size_t size)
>
> static int dma_set_encrypted(struct device *dev, void *vaddr, size_t size)
> {
> + int ret;
> +
> if (!force_dma_unencrypted(dev))
> return 0;
> - return set_memory_encrypted((unsigned long)vaddr, 1 << get_order(size));
> + ret = set_memory_encrypted((unsigned long)vaddr, 1 << get_order(size));
> + if (ret)
> + pr_warn_ratelimited("leaking DMA memory that can't be re-encrypted\n");
> + return ret;
> }
>
> static void __dma_direct_free_pages(struct device *dev, struct page *page,
> @@ -261,7 +266,6 @@ void *dma_direct_alloc(struct device *dev, size_t size,
> return ret;
>
> out_encrypt_pages:
> - /* If memory cannot be re-encrypted, it must be leaked */
> if (dma_set_encrypted(dev, page_address(page), size))
> return NULL;
> out_free_pages:
> @@ -307,7 +311,8 @@ void dma_direct_free(struct device *dev, size_t size,
> } else {
> if (IS_ENABLED(CONFIG_ARCH_HAS_DMA_CLEAR_UNCACHED))
> arch_dma_clear_uncached(cpu_addr, size);
> - dma_set_encrypted(dev, cpu_addr, 1 << page_order);
> + if (dma_set_encrypted(dev, cpu_addr, 1 << page_order))
> + return;
> }
>
> __dma_direct_free_pages(dev, dma_direct_to_page(dev, dma_addr), size);
> @@ -361,7 +366,8 @@ void dma_direct_free_pages(struct device *dev, size_t size,
> dma_free_from_pool(dev, vaddr, size))
> return;
>
> - dma_set_encrypted(dev, vaddr, 1 << page_order);
> + if (dma_set_encrypted(dev, vaddr, 1 << page_order))
> + return;
> __dma_direct_free_pages(dev, page, size);
> }
>
>
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2021-12-06 16:33 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-11 6:50 dma-direct fixes and cleanups v3 Christoph Hellwig
2021-11-11 6:50 ` [PATCH 01/11] dma-direct: factor out dma_set_{de,en}crypted helpers Christoph Hellwig
2021-11-11 6:50 ` [PATCH 02/11] dma-direct: don't call dma_set_decrypted for remapped allocations Christoph Hellwig
2021-11-11 6:50 ` [PATCH 03/11] dma-direct: always leak memory that can't be re-encrypted Christoph Hellwig
2021-12-06 16:32 ` Robin Murphy [this message]
2021-12-07 11:48 ` Christoph Hellwig
2021-11-11 6:50 ` [PATCH 04/11] dma-direct: clean up the remapping checks in dma_direct_alloc Christoph Hellwig
2021-12-06 16:33 ` Robin Murphy
2021-12-07 11:49 ` Christoph Hellwig
2021-12-07 12:43 ` Robin Murphy
2021-11-11 6:50 ` [PATCH 05/11] dma-direct: factor out a helper for DMA_ATTR_NO_KERNEL_MAPPING allocations Christoph Hellwig
2021-11-11 6:50 ` [PATCH 06/11] dma-direct: refactor the !coherent checks in dma_direct_alloc Christoph Hellwig
2021-12-06 16:33 ` Robin Murphy
2021-11-11 6:50 ` [PATCH 07/11] dma-direct: fail allocations that can't be made coherent Christoph Hellwig
2021-12-06 16:33 ` Robin Murphy
2021-11-11 6:50 ` [PATCH 08/11] dma-direct: warn if there is no pool for force unencrypted allocations Christoph Hellwig
2021-11-11 6:50 ` [PATCH 09/11] dma-direct: drop two CONFIG_DMA_RESTRICTED_POOL conditionals Christoph Hellwig
2021-11-11 6:50 ` [PATCH 10/11] dma-direct: factor the swiotlb code out of __dma_direct_alloc_pages Christoph Hellwig
2021-11-11 6:50 ` [PATCH 11/11] dma-direct: add a dma_direct_use_pool helper Christoph Hellwig
2021-12-08 15:44 ` Marek Szyprowski
2021-12-08 15:48 ` Christoph Hellwig
2021-11-16 11:31 ` dma-direct fixes and cleanups v3 Robin Murphy
2021-11-17 5:51 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6a8f8c40-a3bd-9dac-fbf1-8feeca8ac554@arm.com \
--to=robin.murphy@arm.com \
--cc=hch@lst.de \
--cc=iommu@lists.linux-foundation.org \
--cc=rientjes@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox