From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9238A34845C for ; Tue, 14 Apr 2026 16:46:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776185174; cv=none; b=rteNSNw2cxARYftColBE2cjwAyT0a5dDzbemAQRAe8/S+WXPkn6yb65vo3z2MWxOpE2IAlKosInPqpOrnHEwhnvoi8e/Y1sV795m0I/jz69iKg2opJg8YB/YjVOfxh8AeK+NYEGSs3701VmQejgGHIcaoezZ1+NSTFWRGcKurdI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776185174; c=relaxed/simple; bh=16pb6KLi+++M3ZqOyN+jvU0dPCTd8Gdsh1FMrIuIiQ8=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=MUNRM2m0UGjgHipWQ5V63CdTyuN11KOFl9gN9H2OIWsLj76MuUwwU2mmYQa4b6h1rA9i3QEEgVdXxcAAeUT3SqXhXu9mrt3OUQPHRUiNy9ymvRgw+H/9zjMpaCsyW6289TZ8rxeTNfrqJU0Fy40QPAA1vpFhemWzmbmQPVwINaM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b=a2JEQqAQ; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b="a2JEQqAQ" Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 127C74521; Tue, 14 Apr 2026 09:46:06 -0700 (PDT) Received: from arm.com (usa-sjc-mx-foss1.foss.arm.com [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 0C20F3F641; Tue, 14 Apr 2026 09:46:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1776185171; bh=16pb6KLi+++M3ZqOyN+jvU0dPCTd8Gdsh1FMrIuIiQ8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=a2JEQqAQaG3kDpEKeXjDkbbui1cfzz00+HGMz3lWZhh7xjvJu9/vNBNk0XAbvzsGO bg116VQPIierhXtLi86akaK+E6XrTGSdg969zmjYvw53WpXgHO+HFkKcuEJh1d3LDo BrKPq4RaS1vMIVxwXUBnagI7pHh/YoPy1Ocp0Ax0= Date: Tue, 14 Apr 2026 17:46:06 +0100 From: Catalin Marinas To: Kameron Carr Cc: will@kernel.org, suzuki.poulose@arm.com, steven.price@arm.com, ryan.roberts@arm.com, dev.jain@arm.com, yang@os.amperecomputing.com, shijie@os.amperecomputing.com, kevin.brodsky@arm.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [RFC PATCH] arm64: mm: support set_memory_encrypted/decrypted for vmalloc addresses Message-ID: References: <20260406213317.216171-1-kameroncarr@linux.microsoft.com> <001301dcc932$21cb6d80$65624880$@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001301dcc932$21cb6d80$65624880$@linux.microsoft.com> On Fri, Apr 10, 2026 at 02:36:42PM -0700, Kameron Carr wrote: > On Friday, April 10, 2026 4:06 AM, Catalin Marinas wrote: > > Could you give more details about the user of set_memory_decrypted() on > > vmalloc()'ed addresses? I think this came up in the past and I wondered > > whether something like GFP_DECRYPTED would be simpler to implement (even > > posted a hack but without vmalloc() support). If it is known upfront > > that the memory will be decrypted, it's easier/cheaper to do this on the > > page allocation time to change the linear map and just use > > pgprot_decrypted() for vmap(). No need to rewrite the page table after > > mapping the pages. [...] > In this use case, whether to decrypt the memory can always be known at > time of allocation, so a solution like GFP_DECRYPTED is an option. > > I think I found the hack you mentioned > (https://lore.kernel.org/linux-arm-kernel/ZmNJdSxSz-sYpVgI@arm.com/). The > feedback in Michael Kelley's reply covers the key considerations well. Yes, that's the thread. It started originally as a GICv3 need (eventually we went for genpool). > He likely had netvsc's use of vmalloc in mind when he made the point > "GFP_DECRYPTED should work for the three memory allocation interfaces and > their variants: alloc_pages(), kmalloc(), and vmalloc()." His other > points already cover the concerns I had in mind around handling errors > from set_memory_decrypted()/encrypted(), etc. > > What is the current status of your proposed GFP_DECRYPTED implementation? > Is this something you are actively working on? Not really. But I've been looking at it again and I think it adds more problems than it solves. A GFP flag would be passed down to kmem_cache_alloc() and confuse the slab management if some pages are encrypted, others not for the same kmem_cache (SLAB_NO_MERGE wouldn't help). I wonder whether something like SLAB_DECRYPTED would work better for this if we really need it (not aware of any user though). Anyway, let's ignore slab for now and look at vmalloc(). I can see hv_ringbuffer_init() using an explicit vmap(pgprot_decrypted()). While you could do this, it might be better to just add a VM_DECRYPTED flag and a few wrappers like vmalloc_decrypted(). It would call set_memory_decrypted() for the allocated pages and use pgprot_decrypted() for vmap. On vfree(), it will have to set the pages back to encrypted. It should be fairly mechanical to do (or a 5 min job for an LLM ;)). -- Catalin