From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7CE9017A300 for ; Fri, 10 Apr 2026 11:06:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775819179; cv=none; b=G7wkjRKPWCe05006bemUiQVmPWYGRZc5DsczM8efAw72u3tde9rSmuIRjGZpEFM4KpeiZAsFRC+kI1fw7GXoB363go9+rUFjmVZovuK62YzmmpnibVYo0GlZbLwL4bkczjGWRz66chhupTmRhxkgEtDjOzzeIxV0oGDloMZXfI8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775819179; c=relaxed/simple; bh=1zPAYfJ4alGeBTx9+bPmnEwVBkcQtAPgmbjN7nc0Fag=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=SiVRutmqz/GLgLqiQeosxB2m6Po7L/djU/ZSD5KvHIyYCedddko0hGkC5U21lixYSh11mGlcw0MFNUEvP5hgASr4WfkhdE3gj68pg7QgYJaC31C9Ru6wmjwiYhH5p/Iwwu5Fe+mCu+CMA9KqEKgiCIlWbtuLzpD8f6qKKav7nFc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b=VwBgSBJo; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.b="VwBgSBJo" Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 182982682; Fri, 10 Apr 2026 04:06:11 -0700 (PDT) Received: from arm.com (usa-sjc-mx-foss1.foss.arm.com [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 0A1EF3FAF5; Fri, 10 Apr 2026 04:06:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss; t=1775819176; bh=1zPAYfJ4alGeBTx9+bPmnEwVBkcQtAPgmbjN7nc0Fag=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=VwBgSBJoksX644oGKv4mneqiYz7YCISSwJEiPHkWj/MMSv/GVUZbGA9Q9x4Emk5qG NGF+vcjNByj0MDlAn6qjPEt1VOG3A/g828rYT7GsLwc7jwAg10LJEIaR9JiD9iv7Og bIoINeNP6Eb1mPGe03KcWgpGktjF1V77SfS//pI0= Date: Fri, 10 Apr 2026 12:06:12 +0100 From: Catalin Marinas To: Kameron Carr Cc: will@kernel.org, suzuki.poulose@arm.com, steven.price@arm.com, ryan.roberts@arm.com, dev.jain@arm.com, yang@os.amperecomputing.com, shijie@os.amperecomputing.com, kevin.brodsky@arm.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [RFC PATCH] arm64: mm: support set_memory_encrypted/decrypted for vmalloc addresses Message-ID: References: <20260406213317.216171-1-kameroncarr@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260406213317.216171-1-kameroncarr@linux.microsoft.com> On Mon, Apr 06, 2026 at 02:33:17PM -0700, Kameron Carr wrote: > Currently __set_memory_enc_dec() only handles linear map (lm) addresses > and returns -EINVAL for anything else. This means callers using > vmalloc'd buffers cannot mark memory as shared/protected with the RMM > via set_memory_decrypted()/set_memory_encrypted(). > > Extend the implementation to handle vmalloc (non-linear-map) addresses > by introducing __set_va_addr_enc_dec(). For vmalloc addresses, the page > table entries are not contiguous in the physical address space, so the > function walks the vm_area's pages array and issues per-page RSI calls > to transition each page between shared and protected states. > > The original linear-map path is factored out into __set_lm_addr_enc_dec(), > and __set_memory_enc_dec() now dispatches to the appropriate helper based > on whether the address is a linear map address. Could you give more details about the user of set_memory_decrypted() on vmalloc()'ed addresses? I think this came up in the past and I wondered whether something like GFP_DECRYPTED would be simpler to implement (even posted a hack but without vmalloc() support). If it is known upfront that the memory will be decrypted, it's easier/cheaper to do this on the page allocation time to change the linear map and just use pgprot_decrypted() for vmap(). No need to rewrite the page table after mapping the pages. -- Catalin