From: Jason Gunthorpe <jgg@ziepe.ca>
To: Mostafa Saleh <smostafa@google.com>
Cc: Jiri Pirko <jiri@resnulli.us>,
dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org,
iommu@lists.linux.dev, linux-media@vger.kernel.org,
sumit.semwal@linaro.org, benjamin.gaignard@collabora.com,
Brian.Starkey@arm.com, jstultz@google.com, tjmercier@google.com,
christian.koenig@amd.com, m.szyprowski@samsung.com,
robin.murphy@arm.com, leon@kernel.org, sean.anderson@linux.dev,
ptesarik@suse.com, catalin.marinas@arm.com,
aneesh.kumar@kernel.org, suzuki.poulose@arm.com,
steven.price@arm.com, thomas.lendacky@amd.com,
john.allen@amd.com, ashish.kalra@amd.com,
suravee.suthikulpanit@amd.com, linux-coco@lists.linux.dev
Subject: Re: [PATCH net-next v3 0/2] dma-buf: heaps: system: add an option to allocate explicitly decrypted memory
Date: Tue, 24 Mar 2026 09:00:57 -0300 [thread overview]
Message-ID: <20260324120057.GC8437@ziepe.ca> (raw)
In-Reply-To: <ablV_f_l7wD2m63E@google.com>
On Tue, Mar 17, 2026 at 01:24:13PM +0000, Mostafa Saleh wrote:
> On the other hand, for restricted-dma, the memory decryption is deep
> in the DMA direct memory allocation and the DMA API callers (for ex
> virtio drivers) are clueless about it and can’t pass any attrs.
> My proposal was specific to restricted-dma and won’t work for your case.
How is this any different from CC?
If the device cannot dma to "encrypted" memory, whatever that means
for you, then the DMA API:
- Makes dma alloc coherent return "decrypted" memory, and the built
in mapping of coherent memory knows about this
- Makes dma_map_xxx use SWIOTLB to bounce to decrypted memory
There is no need for something like virtio drivers to be aware of
any of this.
On the other hand if the driver deliberately allocates decrypted
memory without using DMA API alloc coherent then it knows it did it
and can pass the flag to map it.
> I am wondering if the kernel should have a more solid, unified method
> for identifying already-decrypted memory instead. Perhaps we need a
> way for the DMA API to natively recognize the encryption state of a
> physical page (working alongside force_dma_unencrypted(dev)), rather
> than relying on caller-provided attributes?
Definately not, we do not want the DMA API inspecting things like
this.
Jason
next prev parent reply other threads:[~2026-03-24 12:01 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-05 12:36 [PATCH net-next v3 0/2] dma-buf: heaps: system: add an option to allocate explicitly decrypted memory Jiri Pirko
2026-03-05 12:36 ` [PATCH net-next v3 1/2] dma-mapping: introduce DMA_ATTR_CC_DECRYPTED for pre-decrypted memory Jiri Pirko
2026-03-08 10:19 ` Leon Romanovsky
2026-03-09 8:57 ` Jiri Pirko
2026-03-09 13:15 ` Jason Gunthorpe
2026-03-09 14:02 ` Leon Romanovsky
2026-03-09 15:18 ` Jason Gunthorpe
2026-03-09 17:51 ` Jiri Pirko
2026-03-12 0:34 ` Jason Gunthorpe
2026-03-12 9:03 ` Jiri Pirko
2026-03-12 12:06 ` Jason Gunthorpe
2026-03-12 13:27 ` Jiri Pirko
2026-03-09 12:56 ` Petr Tesarik
2026-03-09 13:01 ` Jiri Pirko
2026-03-09 13:17 ` Jason Gunthorpe
2026-03-11 14:19 ` Jiri Pirko
2026-03-05 12:36 ` [PATCH net-next v3 2/2] dma-buf: heaps: system: add system_cc_decrypted heap for explicitly decrypted memory Jiri Pirko
2026-03-09 15:39 ` Peter Gonda
2026-03-09 15:50 ` Jason Gunthorpe
2026-03-05 12:40 ` [PATCH net-next v3 0/2] dma-buf: heaps: system: add an option to allocate " Jiri Pirko
2026-03-17 13:24 ` Mostafa Saleh
2026-03-17 13:37 ` Jiri Pirko
2026-03-17 15:40 ` Mostafa Saleh
2026-03-24 12:00 ` Jason Gunthorpe [this message]
2026-03-24 12:14 ` Mostafa Saleh
2026-03-24 12:24 ` Jason Gunthorpe
2026-03-24 17:36 ` Mostafa Saleh
2026-03-24 17:57 ` Jason Gunthorpe
2026-03-24 18:32 ` Mostafa Saleh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260324120057.GC8437@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=Brian.Starkey@arm.com \
--cc=aneesh.kumar@kernel.org \
--cc=ashish.kalra@amd.com \
--cc=benjamin.gaignard@collabora.com \
--cc=catalin.marinas@arm.com \
--cc=christian.koenig@amd.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=iommu@lists.linux.dev \
--cc=jiri@resnulli.us \
--cc=john.allen@amd.com \
--cc=jstultz@google.com \
--cc=leon@kernel.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-media@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=ptesarik@suse.com \
--cc=robin.murphy@arm.com \
--cc=sean.anderson@linux.dev \
--cc=smostafa@google.com \
--cc=steven.price@arm.com \
--cc=sumit.semwal@linaro.org \
--cc=suravee.suthikulpanit@amd.com \
--cc=suzuki.poulose@arm.com \
--cc=thomas.lendacky@amd.com \
--cc=tjmercier@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox