From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A8F7342CB3
	for <linux-kernel@vger.kernel.org>; Fri, 12 Jun 2026 15:07:49 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1781276872; cv=none; b=rbE//VBs/EisuNe20e5QCWYLm7wCjZS+CsMuWDyYS5NbvHiI8rcind6NcAiSTYENOErgkUa1XMttb/hzqfePxwLD90jVhqbd8pBBbAJoPM7lNCG8BANqv9/JtnF9lZsR6xUvc9E6SeJHCJ6VG4jPymx33Q32qpZQHu8Z40kFm9w=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1781276872; c=relaxed/simple;
	bh=uelFSqVnj/O2p/1gh7Fp6KxWE7eL4seV0hMvT0nAkfQ=;
	h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID:
	 MIME-Version:Content-Type; b=d8UHZpv2CjW6jCZ2v8bRi33wabmaW8AG5djTnhZjb1ULZ7owYGmDnJPWcZKh6MX2mkC5mL0iNCUHnsJ+yA/oqDGI2fW13qdMr+jmpsqdwkwqH3QUEv2dFKT2EAm0vmlvngMcm8mzWc6MK2TiqLtUwo6No/9rppK9EQs3Y9u0YmY=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=omkZbzHe; arc=none smtp.client-ip=100.103.45.18
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="omkZbzHe"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5E7D01F000E9;
	Fri, 12 Jun 2026 15:07:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org;
	s=k20260515; t=1781276869;
	bh=oj4OSBQnz0GA7HPixnt9F0Aom2fdEs5ktfnUHvQDLXM=;
	h=From:To:Cc:Subject:In-Reply-To:References:Date;
	b=omkZbzHekNdZpuoApEYoUVzTwjapKbAMA0o5TIjJZrmKExMXJOYICab2C2FeR01zx
	 tt62XIO3fJ0r+wJLprm6nhm5psF5O8tXI5uxb4D0ECTylNQqJD3bYHx1oad+JGXyfU
	 pLde+K/DmBPVW14Fiax7+pOhEDYHwjSS/k9PBiRJn6MYFKI5OGhh2wOD0LUZS2YMb3
	 ewDdAyJYLXarD2zcy9DY5fNOF3O53rp3IDu+8PKT8okNIv0K/MFr9pxmsR445k+Agn
	 IwxcT7dKkMBX/WdesRXz+XcvIWKiSULbI7lLFMnTr6ELuS9YIiL0Eg90Ap4aU3H0Mb
	 Ux4iQxyHhuPsw==
X-Mailer: emacs 30.2 (via feedmail 11-beta-1 I)
From: Aneesh Kumar K.V <aneesh.kumar@kernel.org>
To: Mostafa Saleh <smostafa@google.com>
Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
	akpm@linux-foundation.org, catalin.marinas@arm.com,
	will@kernel.org, rppt@kernel.org, maz@kernel.org
Subject: Re: [PATCH 3/3] arm64/coco: Add pKVM as a CC platform
In-Reply-To: <aivG1rEi3y4GN8kX@google.com>
References: <20260603110522.3331819-1-smostafa@google.com>
 <20260603110522.3331819-4-smostafa@google.com>
 <yq5a1pemsmuj.fsf@kernel.org> <aivG1rEi3y4GN8kX@google.com>
Date: Fri, 12 Jun 2026 20:37:42 +0530
Message-ID: <yq5av7bnlrup.fsf@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain

Mostafa Saleh <smostafa@google.com> writes:

> On Thu, Jun 04, 2026 at 02:29:00PM +0530, Aneesh Kumar K.V wrote:
>> Mostafa Saleh <smostafa@google.com> writes:
>> 
>> > pKVM does support memory encryption, expose that to the rest of
>> > the kernel through cc_platform_has()
>> >
>> > At the moment, all devices inside the guest are emulated which
>> > requires its memory to be shared back to the host (decrypted), so
>> > set force_dma_unencrypted() to always return true.
>> >
>> > Although, typically pKVM guests rely on restricted-dma-pools to
>> > bounce traffic, with this change, it is possible to solely rely on
>> > the default SWIOTLB for that (assuming the appropriate size is set
>> > from the command line)
>> >
>> > Signed-off-by: Mostafa Saleh <smostafa@google.com>
>> > ---
>> > This change is critical for the ongoing refactoring of the DMA-API[1]
>> > that will break protected guests under pKVM with this patch. That is
>> > due to this rework will make the state of the SWIOTLB and restricted
>> > dma pools depends on the value returned by cc_platform_has()
>> >
>> > [1] https://lore.kernel.org/all/20260522042815.370873-1-aneesh.kumar@kernel.org/
>> > ---
>> >  arch/arm64/include/asm/hypervisor.h           | 13 +++++++++++++
>> >  arch/arm64/include/asm/mem_encrypt.h          |  3 ++-
>> >  arch/arm64/kernel/rsi.c                       | 12 ------------
>> >  arch/arm64/mm/init.c                          | 15 ++++++++++++++-
>> >  drivers/virt/coco/pkvm-guest/arm-pkvm-guest.c |  3 +++
>> >  5 files changed, 32 insertions(+), 14 deletions(-)
>> >
>> > index d66291def0f4..26fe9c3f22e3 100644
> [...]
>> > --- a/drivers/virt/coco/pkvm-guest/arm-pkvm-guest.c
>> > +++ b/drivers/virt/coco/pkvm-guest/arm-pkvm-guest.c
>> > @@ -17,6 +17,7 @@
>> >  #include <asm/hypervisor.h>
>> >  
>> >  static size_t pkvm_granule;
>> > +DEFINE_STATIC_KEY_FALSE_RO(pkvm_guest);
>> >
>> 
>> Do we need EXPORT_SYMBOL on this? 
>
> I was not sure about that, all users of this are in tree, I saw RME
> code have the EXPORT but did not know why?
>

arm-cca-guest is one example. I was assuming is_protected_kvm_guest()
would be a helper that could get pulled into various code paths via
force_dma_unencrypted().

If we have not found any build failures for now, we can probably avoid
that change for now.

-aneesh