From nobody Thu Apr 9 21:50:51 2026 Received: from mail-ej1-f74.google.com (mail-ej1-f74.google.com [209.85.218.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C93681DB125 for ; Thu, 5 Mar 2026 17:03:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772730235; cv=none; b=nFZXHOkn0U2HB6RIuWx8XNw+ttFGb1cQr89RLP1K3AE1o5g/CyPzaFhpa6r5WFx2ffoX328aycxkwsHZPhTjk0+dS11kV7LGVaH1J1FgSGr3g6p9iw79EwUYE9rx9zU5LlEyZfBSqMbJrW4lLBjUR7Be6ePHayeHazlznBN1LTQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772730235; c=relaxed/simple; bh=JDueDHhsxXmc1y6n5S4DYcGj2eQqYmuSsuhRKPpQiKg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=G4wgffqWLj81+zO1KBXASM6g1ky00dtDiodOpgw4Pm7IlI/R/2r21G+nkmM0kkc9zXQop3YSZuCPv0oaeWnTParoxT5YsrE95xtBIAedv4/TZ7IB6ZsTUgNDEtJxcTSG9uPRa736rYlZPAB7f+r/Wra0l34bvRBYIU00buSROTE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--smostafa.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=oOWiDrXD; arc=none smtp.client-ip=209.85.218.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--smostafa.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="oOWiDrXD" Received: by mail-ej1-f74.google.com with SMTP id a640c23a62f3a-b8fbe7a6f41so731130766b.0 for ; Thu, 05 Mar 2026 09:03:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1772730232; x=1773335032; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Z0p6wM34Mfv4MrdThZ0NuNbl/BQ6PjSinfQE/9xPBxo=; b=oOWiDrXDM4LucYueE/ldGGoP/JmSLefQKpVZuA5Nj7ZR/qbaaalldwfn7cb2E5/rNK GxIqAiKLUfSWrNQ9UJJXMppoluq41wKTUSMqbt9/e/+Pm1zRhW7rFLm5d/GnPkazzGn1 ImIVZUl/yrgRS058jMKKtsjLchGjXvg2QSumo32LUX/4mN5xqb8dlnRtqmZipl4l8bvs UJSJ98SEIEU8+wjK39gFmX+3KCL7HVAYp13UlDunRiHfbmGPyyAVBs4ZvPBV7ScnhFlY Xf19Y8QOIoNyPQVYOemNrSon2kCYUARS0b3jCyn7Zn5tInHxNp5jT4TuKwAWIOIDxgx8 FAsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772730232; x=1773335032; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Z0p6wM34Mfv4MrdThZ0NuNbl/BQ6PjSinfQE/9xPBxo=; b=TGy2E4gb7Lkv/3fwYc5TFAurvfLGe5Nev/gCCDMoktVolD/ng/3NYzwiCVBNBkqUPo dh5Z21xQ05f8K5qJe8rOCaAPSsiJNC6zjAf5ge8IRpUc2iQqgKmrcapGzuCaNgOaJ/iJ TMNTKPX9IzqJhPV9VVOeaiviAy6we3v3bGIWkcMj9BmbOPr+fKnUwn1vCuOtEEb7p/W0 fVCBpaULy4vGpwkB/QKqiH4mdHo+KInf5WKMfvfeyjetyqEy0DXhwqWDFWM9qKcP0NZv 4v5EnYXDEoqdLqmw5llTsTqaC0hx0nRpXX3gpOsmlhurGfdEg/0fP6AMLOncC9N9orgV /cnA== X-Forwarded-Encrypted: i=1; AJvYcCUuFDD0KlC95OcGgfNaRZIYFVhOVpRVeV/uieX8dg6BmKhB4Cht73h6VbyV4NiT+NCEV2pUiy7ys1VILa4=@vger.kernel.org X-Gm-Message-State: AOJu0YwHQn7seF2Lwcs9JVR3dCKGf2gR5SdkecsD8X/AGo+FmblJBETp OuL1MCEgfVT5O0caKfUGktNK9xD8YEYnWdVqvQI5XQfjEJgChGx8xJzLBlu+vsA7H4vcm8LhfJd MdXwEkl7GH991Zw== X-Received: from ejgi22.prod.google.com ([2002:a17:906:3c56:b0:b93:eebb:ad41]) (user=smostafa job=prod-delivery.src-stubby-dispatcher) by 2002:a17:907:2d8d:b0:b8f:e424:ae56 with SMTP id a640c23a62f3a-b9422a20e24mr21885266b.44.1772730231858; Thu, 05 Mar 2026 09:03:51 -0800 (PST) Date: Thu, 5 Mar 2026 17:03:34 +0000 In-Reply-To: <20260305170335.963568-1-smostafa@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260305170335.963568-1-smostafa@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260305170335.963568-2-smostafa@google.com> Subject: [RFC PATCH 1/2] dma-mapping: Avoid double decrypting with DMA_RESTRICTED_POOL From: Mostafa Saleh To: iommu@lists.linux.dev, linux-kernel@vger.kernel.org Cc: robin.murphy@arm.com, m.szyprowski@samsung.com, will@kernel.org, maz@kernel.org, suzuki.poulose@arm.com, catalin.marinas@arm.com, Mostafa Saleh Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In case a device have a restricted DMA pool, it will be decrypted. However, in the path of dma_direct_alloc() memory can be allocated from this pool using, __dma_direct_alloc_pages() =3D> dma_direct_alloc_swiotlb() After that from the same function, it will attempt to decrypt it using dma_set_decrypted() if force_dma_unencrypted(). Which results in the memory being decrypted twice. It's not clear how the does realm world/hypervisors deal with that, for example: - Clear a bit in the page table and call realm IPA_STATE_SET - TDX: Seems to issue a hypercall also. - pKVM: Which doesn't implement force_dma_unencrypted() at the moment, uses a share hypercall which is definitely not Idempotent. This patch will only encrypt/decrypt memory that are not allocated form the restricted dma pools. Signed-off-by: Mostafa Saleh --- kernel/dma/direct.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/dma/direct.c b/kernel/dma/direct.c index 8f43a930716d..27d804f0473f 100644 --- a/kernel/dma/direct.c +++ b/kernel/dma/direct.c @@ -79,7 +79,7 @@ bool dma_coherent_ok(struct device *dev, phys_addr_t phys= , size_t size) =20 static int dma_set_decrypted(struct device *dev, void *vaddr, size_t size) { - if (!force_dma_unencrypted(dev)) + if (!force_dma_unencrypted(dev) || is_swiotlb_for_alloc(dev)) return 0; return set_memory_decrypted((unsigned long)vaddr, PFN_UP(size)); } @@ -88,7 +88,7 @@ static int dma_set_encrypted(struct device *dev, void *va= ddr, size_t size) { int ret; =20 - if (!force_dma_unencrypted(dev)) + if (!force_dma_unencrypted(dev) || is_swiotlb_for_alloc(dev)) return 0; ret =3D set_memory_encrypted((unsigned long)vaddr, PFN_UP(size)); if (ret) --=20 2.53.0.473.g4a7958ca14-goog From nobody Thu Apr 9 21:50:51 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0BECD3DEAEA for ; Thu, 5 Mar 2026 17:03:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772730236; cv=none; b=fETzT9CYK6NERsZx3MD+FHbUmkV/c/agfmy6wlapw283+39xHkjUjjLw82dkxl6hz35fdEYKpqHFjMAKvBaNvMzHjpAC9MaVHG61ko8fS4lSLIDo19nxxK4qfDDihj1RGVBUj1BemvXdPnD+s9nsZT4I8NheVHQyFw8zth9FA58= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772730236; c=relaxed/simple; bh=ehXww4EBP5o9XNrGQRSCbBb/4KpkUed7aGW0wp59lFw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=RPbKjmtWYkJfbMbt3phD54joXpXTIsslvQjhyCL2UnEQa0EYk1PH8R/xJOriTIwvd8xUj8ipH9bxIMFOYH8qRrhn+VXs47tC5Ssv6QqEziri95YWOembgqlIzd8ouK88wyI+j9fJd6FNYXK0T1N3eCJ/dDn6QXwnaTE0qi85L1k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--smostafa.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=FtUxYjBq; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--smostafa.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="FtUxYjBq" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4837246211bso106052565e9.0 for ; Thu, 05 Mar 2026 09:03:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1772730233; x=1773335033; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=fS2TCdg+GqqKaNVQW4sApbDZr60XuAkM6k9PmxbMvJo=; b=FtUxYjBqVV8bTQgp7/1Y0EZcFW0hVRQyn3hAcjaJH9qVCieKXlLKVI+b00YO8NoTrJ 676j1xEMnSjiMIWQQ00mpv2jiEZUwU05uMqNwCxf8doNLzOtAzJWLCdfW5Ox6mMiMTna os0gcLmP+zONCMUAW7oOXd3KbEErBCkP19s5amoyR9p5bZ9PEgSC6TgNWExip63Sz9T7 KEGSg6vposU9c9tm61aqv95SRgehqVsr9ZsfKoRDMrlTlUxaGJApID2yore6S+2VH+uO lh7af1AVrd6PiFyB5dGK2csO7yr9+OdhD3LmaWZkF1Q3bBDYG0TxtIR2GterXmEa59Yy N/sQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772730233; x=1773335033; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fS2TCdg+GqqKaNVQW4sApbDZr60XuAkM6k9PmxbMvJo=; b=xUvbL69RZWIF/lJnU953YOm2FZwz+Pbu/cq4tr7+eKlfwC2gU2luiTRkWxmy1hlcO0 vx1tvQoCHMMjboZ/wbcWsOtap97O64lPLUsC8DhaXt9tn7Nwe/gmr2tjMx/JKSGyAV6f GxXLxPoOTbjvL+bFwCMdaw/jtVI+nUGFT/gbYv+ioZX0/JeVERp/oInq5Zc4NTy+bYyB M2MxyaEtBP8wkxVq6hfgRdP17Ra80bX11cwsk3fOIfhcQM1ivYlX3Sd/L4IkBmAfRbjh l5FdjGkmsDXBR8JGksrEiBKcVkEMaVK3SvnlRRp9usgyRNtEhc0MOB6R5hhb5Cih/1r7 G2lA== X-Forwarded-Encrypted: i=1; AJvYcCW4Wrk/4bDXpzykRk0OwMzbUb8Zr5N2fdcdKZ1HUwsUUnyTCaSKSllxfZgDYk8JdQqmvkZqHqKMP927X+s=@vger.kernel.org X-Gm-Message-State: AOJu0YxqQUb7ijPyfskpC8oNWe9fu2bZrzxkVquBYKOZd6xIYM7+x2QJ loYkmcwEnadJ6FXBqI/GSLd14c780eWLH3yB4WqPPU0qKhIrpYUQHstBGUGY30+Ck+m59YQno1i rFB5fFjf/1IwIKg== X-Received: from wmbgy7.prod.google.com ([2002:a05:600c:8807:b0:483:6e65:5bb9]) (user=smostafa job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:6098:b0:483:71f7:2782 with SMTP id 5b1f17b1804b1-485235bc44emr2834755e9.12.1772730233280; Thu, 05 Mar 2026 09:03:53 -0800 (PST) Date: Thu, 5 Mar 2026 17:03:35 +0000 In-Reply-To: <20260305170335.963568-1-smostafa@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260305170335.963568-1-smostafa@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260305170335.963568-3-smostafa@google.com> Subject: [RFC PATCH 2/2] dma-mapping: Use the correct phys_to_dma() for DMA_RESTRICTED_POOL From: Mostafa Saleh To: iommu@lists.linux.dev, linux-kernel@vger.kernel.org Cc: robin.murphy@arm.com, m.szyprowski@samsung.com, will@kernel.org, maz@kernel.org, suzuki.poulose@arm.com, catalin.marinas@arm.com, Mostafa Saleh Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" As restricted dma pools are always decrypted, in swiotlb.c it uses phys_to_dma_unencrypted() for address conversion. However, in DMA-direct, calls to phys_to_dma_direct() with force_dma_unencrypted() returning false, will fallback to phys_to_dma() which is inconsistent for memory allocated from restricted dma pools. Signed-off-by: Mostafa Saleh --- kernel/dma/direct.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/dma/direct.c b/kernel/dma/direct.c index 27d804f0473f..1a402bb956d9 100644 --- a/kernel/dma/direct.c +++ b/kernel/dma/direct.c @@ -26,7 +26,7 @@ u64 zone_dma_limit __ro_after_init =3D DMA_BIT_MASK(24); static inline dma_addr_t phys_to_dma_direct(struct device *dev, phys_addr_t phys) { - if (force_dma_unencrypted(dev)) + if (force_dma_unencrypted(dev) || is_swiotlb_for_alloc(dev)) return phys_to_dma_unencrypted(dev, phys); return phys_to_dma(dev, phys); } --=20 2.53.0.473.g4a7958ca14-goog