From: sashiko-bot@kernel.org
Cc: "Alexander Gordeev" <agordeev@linux.ibm.com>,
"Vasily Gorbik" <gor@linux.ibm.com>,
linux-s390@vger.kernel.org, "Heiko Carstens" <hca@linux.ibm.com>
Subject: Re: [PATCH v7 16/22] dma-direct: make dma_direct_map_phys() honor DMA_ATTR_CC_SHARED
Date: Wed, 01 Jul 2026 06:14:08 +0000 [thread overview]
Message-ID: <20260701061409.56B4A1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260701054926.825925-17-aneesh.kumar@kernel.org>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [High] dma_map_resource() fails for devices using a dma_range_map that does not cover MMIO regions, as DMA_ATTR_MMIO mappings are now unconditionally subjected to phys_to_dma() translation.
- [High] Peer-to-Peer DMA (MMIO) breaks on AMD SME systems because the memory encryption mask (C-bit) is erroneously applied to MMIO addresses, potentially causing memory corruption.
--
commit 5904e27516915147560df0a4dd16561a829eaf9e
Author: Aneesh Kumar K.V (Arm) <aneesh.kumar@kernel.org>
dma-direct: make dma_direct_map_phys() honor DMA_ATTR_CC_SHARED
This commit modifies dma_direct_map_phys() to select the DMA address
encoding based on DMA_ATTR_CC_SHARED. It uses phys_to_dma_unencrypted() for
decrypted mappings and phys_to_dma_encrypted() otherwise, while preventing
the swiotlb force option for several architectures' secure-guest setups.
> diff --git a/kernel/dma/direct.h b/kernel/dma/direct.h
> index e05dc7649366a..f3fc28f352ba1 100644
> --- a/kernel/dma/direct.h
> +++ b/kernel/dma/direct.h
> @@ -88,37 +88,40 @@ static inline dma_addr_t dma_direct_map_phys(struct device *dev,
> {
> dma_addr_t dma_addr;
>
> + /*
> + * For a device requiring unencrypted DMA, MMIO memory is treated
> + * as shared by default.
> + */
> + if (force_dma_unencrypted(dev) && (attrs & DMA_ATTR_MMIO))
> + attrs |= DMA_ATTR_CC_SHARED;
> +
> if (is_swiotlb_force_bounce(dev)) {
> - if (!(attrs & DMA_ATTR_CC_SHARED)) {
> - if (attrs & (DMA_ATTR_MMIO | DMA_ATTR_REQUIRE_COHERENT))
> - return DMA_MAPPING_ERROR;
> + if (attrs & (DMA_ATTR_MMIO | DMA_ATTR_REQUIRE_COHERENT))
> + return DMA_MAPPING_ERROR;
>
> - return swiotlb_map(dev, phys, size, dir, attrs);
> - }
> - } else if (attrs & DMA_ATTR_CC_SHARED) {
> - return DMA_MAPPING_ERROR;
> }
>
> - if (attrs & DMA_ATTR_MMIO) {
> - dma_addr = phys;
> - if (unlikely(!dma_capable(dev, dma_addr, size, false, attrs)))
> - goto err_overflow;
> - } else if (attrs & DMA_ATTR_CC_SHARED) {
> + if (attrs & DMA_ATTR_CC_SHARED)
> dma_addr = phys_to_dma_unencrypted(dev, phys);
> + else
> + dma_addr = phys_to_dma_encrypted(dev, phys);
> +
> + if (attrs & DMA_ATTR_MMIO) {
[Severity: High]
Will this break dma_map_resource() for devices that use a dma_range_map?
Previously, DMA_ATTR_MMIO addresses bypassed translation and directly used
dma_addr = phys. By routing MMIO addresses through phys_to_dma_encrypted()
or phys_to_dma_unencrypted(), they now pass through __phys_to_dma().
Since MMIO addresses do not reside in system RAM, they will be absent from
the device's dma_range_map. Doesn't this cause translate_phys_to_dma() to
return DMA_MAPPING_ERROR and fail the mapping?
[Severity: High]
On AMD SME systems, does this inadvertently apply the memory encryption
mask (C-bit) to MMIO addresses?
If a capable device performs Peer-to-Peer DMA, force_dma_unencrypted(dev)
returns false, so DMA_ATTR_CC_SHARED is not set. The MMIO address then
passes through phys_to_dma_encrypted(), which injects the C-bit via
__sme_set().
If the PCIe Root Complex receives an MMIO address with the C-bit set,
will it misroute the transaction to system RAM instead of the target PCI
BAR, potentially causing memory corruption?
> if (unlikely(!dma_capable(dev, dma_addr, size, false, attrs)))
> goto err_overflow;
> - } else {
> - dma_addr = phys_to_dma(dev, phys);
[ ... ]
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260701054926.825925-1-aneesh.kumar@kernel.org?part=16
next prev parent reply other threads:[~2026-07-01 6:14 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-01 5:49 [PATCH v7 00/22] dma-mapping: Track shared DMA state through direct, pool and swiotlb paths Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 01/22] dma-direct: return struct page from dma_direct_alloc_from_pool() Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 02/22] dma-pool: fix page leak in atomic_pool_expand() cleanup Aneesh Kumar K.V (Arm)
2026-07-01 6:08 ` sashiko-bot
2026-07-01 5:49 ` [PATCH v7 03/22] iommu/dma: Check atomic pool allocation result directly Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 04/22] dma: free atomic pool pages by physical address Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 05/22] swiotlb: Preserve allocation virtual address for dynamic pools Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 06/22] s390: Expose protected virtualization through cc_platform_has() Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 07/22] dma-direct: swiotlb: handle swiotlb alloc/free outside __dma_direct_alloc_pages Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 08/22] coco: arm64: s390: powerpc: Mark secure guests with CC_ATTR_GUEST_MEM_ENCRYPT Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 09/22] dma-mapping: Add internal shared allocation attribute Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 10/22] dma-direct: use __DMA_ATTR_ALLOC_CC_SHARED in alloc/free paths Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 11/22] dma-pool: track decrypted atomic pools and select them via attrs Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 12/22] dma: swiotlb: pass mapping attributes by reference Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 13/22] dma: swiotlb: track pool encryption state and honor DMA_ATTR_CC_SHARED Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 14/22] dma-mapping: make dma_pgprot() honor __DMA_ATTR_ALLOC_CC_SHARED Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 15/22] dma-direct: pass attrs to dma_capable() for DMA_ATTR_CC_SHARED checks Aneesh Kumar K.V (Arm)
2026-07-01 6:14 ` sashiko-bot
2026-07-01 5:49 ` [PATCH v7 16/22] dma-direct: make dma_direct_map_phys() honor DMA_ATTR_CC_SHARED Aneesh Kumar K.V (Arm)
2026-07-01 6:14 ` sashiko-bot [this message]
2026-07-01 5:49 ` [PATCH v7 17/22] dma-direct: set decrypted flag for remapped DMA allocations Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 18/22] dma-direct: select DMA address encoding from __DMA_ATTR_ALLOC_CC_SHARED Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 19/22] dma-direct: rename ret to cpu_addr in alloc helpers Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 20/22] dma: swiotlb: free dynamic pools from process context Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 21/22] dma: swiotlb: handle set_memory_decrypted() failures Aneesh Kumar K.V (Arm)
2026-07-01 5:49 ` [PATCH v7 22/22] swiotlb: remove unused SWIOTLB_FORCE flag Aneesh Kumar K.V (Arm)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260701061409.56B4A1F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=agordeev@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox