From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8451334AB19
	for <linux-kernel@vger.kernel.org>; Mon, 30 Mar 2026 20:49:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.42
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1774903778; cv=none; b=qAiRJ1fvfWez6JaKIi6YkDmbEjnyOS3dBSjyNizAgEK+xIxMwpD0DfckuNvtgJKUETPA1qZwG7S+ZQxEXhlVxdg3L8FMKZhyZAmBCWwdjQzG2LZm0XOF7dx5TrZBIbuk0GZnGUzgabB0BmUbWLhoaUyHVr+wOaQeJnFVzODRFw8=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1774903778; c=relaxed/simple;
	bh=gMc5L1zVMPzZjdbtYpciPwNi0OH0QJ460eWm+Y0412k=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=bxItuRS9CbIg8p/LtZdgwPBtLFi/ACb2of/UFTxkRUqejLWg/IH5za46A4p/IaRZT2xbLJNYbzzUYc5Zt/f3vH+zw6U8XUZW9GFnDhq0zJXSWImrpf/m97YD2diSnm5Y7uD+tnyhp7rnAeaUzAFcsLTqNOHiKUD5q5kAq5AMsGQ=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=L4rTPOPN; arc=none smtp.client-ip=209.85.128.42
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="L4rTPOPN"
Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4852ef20fe8so8425e9.1
        for <linux-kernel@vger.kernel.org>; Mon, 30 Mar 2026 13:49:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1774903776; x=1775508576; darn=vger.kernel.org;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date:from:to
         :cc:subject:date:message-id:reply-to;
        bh=8kWki7QjLmHNc9w65OSD9JTgREHsE1qeACKoEkwZBvg=;
        b=L4rTPOPN5t+1EbmiUti0fytSl+UImhY2V0E26Ty8S922j5v3ezWBhrA59b0CdEpoBy
         DC3q6vQ6zqfqeSY0tQRzt7AoNLSgVOyb3VrPhAvXYrHUSZNcZ4288HIMAnZGuFMhdDd9
         ChBiLK0LKnwRhlN6DVE6Nft9g4rLIXu0TIvVGWd2vorCt06RS6lsxopFFT01euG42zm2
         wWh3zBRW/mtL7Uc/R0KzEHxhwaynlgcfdqggCgJLuKB0bPhTFSPJxAHnOtcPT63kJTBc
         +URwjIFld3OVBs5P/K78IBUurCbvbUAIA9OM5cGjovd7KFZhAHPT2Btrycz/0FGkWl7K
         IhRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774903776; x=1775508576;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=8kWki7QjLmHNc9w65OSD9JTgREHsE1qeACKoEkwZBvg=;
        b=YFwWSYwAQ1+fb++ax5b3GsGU44k8o0AqHQ/izG7MjF3kpFmJxzi33Ve0mjwDz39ah7
         3lLSl5EVPQIrX0raLd63HMMMxMZ/CnAIOZ40CBEUwG1tkRu/d/KzU7jYwDFshZN9l2dI
         7pZfDtSSapyyw+rtynkN/EbVBQZHiqYh89qipGbHFG7R1adZhe6l1W4gJqAaS+5K9xlY
         EnM25WqG8U8W11Q6onSKGtsRvKmqXllqJHroTfB5/WT1aDH02xboaw//X1JVFbFSE9eZ
         eYc7qeApKGHLdXXyDixGD5WAyaaY56VQyS9l3qDBNd0F1YYcNR0xhZJqVFfICWChIrVm
         ko6A==
X-Forwarded-Encrypted: i=1; AJvYcCX6FEk8RVIrLesUym6UaeUQjymixDgDxp5y4tiD9oSEEP7YHvYa0CxnPOIBwW5iPVPfccKdktg90/RXi4Q=@vger.kernel.org
X-Gm-Message-State: AOJu0YyI9GVLu3hxJtOL0HnU+aIeuPSjsyfn2HIE3OTTp936XIiWDO7q
	6HWA4/ntWO4zrEENjaNv95c7hIjr4TwXbyMBld5iQJAUuPCS/zfkhI+xmJZyJOl/XQ==
X-Gm-Gg: ATEYQzy+W37MUpF05apKzTvxXMDPORqv/kUwlC8wvxIDZN4umQq4YGpGA5o0fCS6yQL
	/N8w4vjxxnQDoI94YgazYiTcPOilooG6UOa7kTlOjKqM7MRNlj5HS1+TNrW6OAq2ucCBwzrvmmu
	ekQ9R2v/WzSZt9Xb5/AaExdQ2T2e8EiwT8BQ+jSsKptPoefq6lhzKFDJqFKGKK1bcMCAjadq4xO
	2Qv8TXEMYxxAtKq4cjf3iWSmPRg3BKrhyeFGczQZ4Q8JvKTOtbCoq5/Bx/5DBV7L58qnpAT+Mfe
	ViZp08jfgKuIto2c4wuTWvNd6Gc0JNU13FY9Toea9NSaoyMDULC0OAAmsBWXuVYEoRQmRZ55yxM
	7wUXknh5vxxFEXLDVzSxfUDfXlu7AaOYDO4aBfhKryZYix3mzZOx3oo7vAhHsME2RAm3du1yTGQ
	S7CmaGyje53uX6AL0A8bRCt/zYjA5bGsyh56fNBah03TezahqIQDe3jCFU
X-Received: by 2002:a05:600c:548a:b0:485:32b7:5b87 with SMTP id 5b1f17b1804b1-48878dc0812mr286445e9.14.1774903775534;
        Mon, 30 Mar 2026 13:49:35 -0700 (PDT)
Received: from google.com (8.181.38.34.bc.googleusercontent.com. [34.38.181.8])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4873068858bsm194669315e9.9.2026.03.30.13.49.34
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 30 Mar 2026 13:49:34 -0700 (PDT)
Date: Mon, 30 Mar 2026 20:49:31 +0000
From: Mostafa Saleh <smostafa@google.com>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: iommu@lists.linux.dev, linux-kernel@vger.kernel.org,
	robin.murphy@arm.com, m.szyprowski@samsung.com, will@kernel.org,
	maz@kernel.org, suzuki.poulose@arm.com, catalin.marinas@arm.com,
	jiri@resnulli.us, aneesh.kumar@kernel.org
Subject: Re: [RFC PATCH v2 3/5] dma-mapping: Decrypt memory on remap
Message-ID: <acrh26HVqbQ8B6Eu@google.com>
References: <20260330145043.1586623-1-smostafa@google.com>
 <20260330145043.1586623-4-smostafa@google.com>
 <20260330151900.GC809900@ziepe.ca>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20260330151900.GC809900@ziepe.ca>

On Mon, Mar 30, 2026 at 12:19:00PM -0300, Jason Gunthorpe wrote:
> On Mon, Mar 30, 2026 at 02:50:41PM +0000, Mostafa Saleh wrote:
> 
> > @@ -265,6 +266,9 @@ void *dma_direct_alloc(struct device *dev, size_t size,
> >  		set_uncached = false;
> >  	}
> >  
> > +	if (dma_set_decrypted(dev, page_address(page), size))
> > +		goto out_leak_pages;
> > +
> >  	if (remap) {
> >  		pgprot_t prot = dma_pgprot(dev, PAGE_KERNEL, attrs);
> >
> >                if (force_dma_unencrypted(dev))
> >                        prot = pgprot_decrypted(prot);
> 
> It seems confusing, why do we unconditionally call something called
> dma_set_decrypted() and then conditionally call pgprot_decrypted()?

dma_set_decrypted() will call force_dma_unencrypted() so that check
is consistent.

> 
> So, I think the same remark, lets not sprinkle these tests all over
> the place and risk them becoming inconsistent. It should be much more
> direct, like:

I agree we shouldn’t be sprinkling all these random calls all over the code,
that’s why I was trying to consolidate the logic in the next patch.

> 
>     page = __dma_direct_alloc_pages(dev, size, gfp & ~__GFP_ZERO,
> 				    allow_highmem, &flags);
> 
>     if (!dev_can_dma_from_encrypted(dev) && !(flags & FLAG_DECRYPTED)) {
>        dma_set_decrypted(dev, page_address(page));
>        flags = FLAG_DECRYPTED;
>     }
> 
>     if (flags & FLAG_DECRYPTED)
>        prot = pgprot_decrypted(prot);
> 
> And so on.
> 
> The one place we should see a force_dma_unencrypted() is directly
> before setting the flag.

I will look more into this, but my main worry would be
phys_to_dma_direct() and it's callers as I am not sure if is possible to
preserve the alloction origin in all contexts.

Thanks,
Mostafa



> 
> Jason