From: Mostafa Saleh <smostafa@google.com>
To: iommu@lists.linux.dev, linux-kernel@vger.kernel.org
Cc: robin.murphy@arm.com, m.szyprowski@samsung.com, will@kernel.org,
maz@kernel.org, suzuki.poulose@arm.com, catalin.marinas@arm.com,
Mostafa Saleh <smostafa@google.com>
Subject: [RFC PATCH 0/2] dma-mapping: DMA_RESTRICTED_POOL and encryption
Date: Thu, 5 Mar 2026 17:03:33 +0000 [thread overview]
Message-ID: <20260305170335.963568-1-smostafa@google.com> (raw)
I have been looking into DMA code with DMA_RESTRICTED_POOL and how it
interacts with the memory encryption API, mainly in the context of
protected KVM (pKVM) on Arm64.
While trying to extend force_dma_unencrypted() to be pKVM aware I
noticed some inconsistencies in direct-dma code which looks as bugs.
I am not sure if there are any architectures affected by this at the
moment as some of the logic of memory encryption is forwarded to the
hypervisor as hypercalls ore realm calls.
I have wrote some fixes from my simplistic understanding.
However, Future looking, I feel like we would need to have a more
solid API for memory encryption and decryption, that can be used
consistently from both SWIOTLB(so we can also not decrypt per-device
pools by default), DMA-direct and other subsystems.
That would be useful in cases (at least for pKVM) where a device would
need to have a private encrypted pool, (if it needs to bounce memory
for any reason with leaking information by decrypting the data).
I am not sure how other CCA solutions deals with in Linux, I am
assuming they won't to need to bounce at all?
I can send another series for this which adds a property to SWIOTLB
buffers to be decrypted by default if that makes sense.
Mostafa Saleh (2):
dma-mapping: Avoid double decrypting with DMA_RESTRICTED_POOL
dma-mapping: Use the correct phys_to_dma() for DMA_RESTRICTED_POOL
kernel/dma/direct.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--
2.53.0.473.g4a7958ca14-goog
next reply other threads:[~2026-03-05 17:03 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-05 17:03 Mostafa Saleh [this message]
2026-03-05 17:03 ` [RFC PATCH 1/2] dma-mapping: Avoid double decrypting with DMA_RESTRICTED_POOL Mostafa Saleh
2026-03-10 13:36 ` Catalin Marinas
2026-03-10 13:55 ` Catalin Marinas
2026-03-11 12:25 ` Mostafa Saleh
2026-03-13 7:36 ` Aneesh Kumar K.V
2026-03-05 17:03 ` [RFC PATCH 2/2] dma-mapping: Use the correct phys_to_dma() for DMA_RESTRICTED_POOL Mostafa Saleh
2026-03-10 13:08 ` Catalin Marinas
2026-03-10 13:20 ` Suzuki K Poulose
2026-03-11 12:28 ` Mostafa Saleh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260305170335.963568-1-smostafa@google.com \
--to=smostafa@google.com \
--cc=catalin.marinas@arm.com \
--cc=iommu@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=maz@kernel.org \
--cc=robin.murphy@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox