Re: [RFC PATCH v1 04/38] tsm: Support DMA Allocation from private memory

From: Suzuki K Poulose
Date: Wed Jul 30 2025 - 06:09:51 EST

Next message: Manikandan Muralidharan: "[PATCH v2 1/3] spi: atmel: simplify MR register update in cs_activate()"
Previous message: Wang Liang: "Re: [RFC PATCH net v2] net: drop gso udp packets in udp_rcv_segment()"
In reply to: Jason Gunthorpe: "Re: [RFC PATCH v1 04/38] tsm: Support DMA Allocation from private memory"
Next in thread: Jason Gunthorpe: "Re: [RFC PATCH v1 04/38] tsm: Support DMA Allocation from private memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 29/07/2025 15:33, Jason Gunthorpe wrote:

On Tue, Jul 29, 2025 at 01:53:10PM +0530, Aneesh Kumar K.V wrote:

Jason Gunthorpe <jgg@xxxxxxxx> writes:

On Mon, Jul 28, 2025 at 07:21:41PM +0530, Aneesh Kumar K.V (Arm) wrote:

@@ -48,3 +49,12 @@ int set_memory_decrypted(unsigned long addr, int numpages)
return crypt_ops->decrypt(addr, numpages);
}
EXPORT_SYMBOL_GPL(set_memory_decrypted);
+
+bool force_dma_unencrypted(struct device *dev)
+{
+ if (dev->tdi_enabled)
+ return false;

Is this OK? I see code like this:

static inline dma_addr_t phys_to_dma_direct(struct device *dev,
phys_addr_t phys)
{
if (force_dma_unencrypted(dev))
return phys_to_dma_unencrypted(dev, phys);
return phys_to_dma(dev, phys);

What are the ARM rules for generating dma addreses?

1) Device is T=0, memory is unencrypted, call dma_addr_unencrypted()
and do "top bit IBA set"

2) Device is T=1, memory is encrypted, use the phys_to_dma() normally

3) Device it T=1, memory is uncrypted, use the phys_to_dma()
normally??? Seems odd, I would have guessed the DMA address sould
be the same as case #1?

Can you document this in a comment?

If a device is operating in secure mode (T=1), it is currently assumed
that only access to private (encrypted) memory is supported.

No, this is no how the PCI specs were written as far as I
understand. The XT bit thing is supposed to add more fine grained
device side control over what memory the DMA can target. T alone does
not do that.

It is unclear whether devices would need to perform DMA to shared
(unencrypted) memory while operating in this mode, as TLPs with T=1
are generally expected to target private memory.

PCI SIG supports it, kernel should support it.

ACK. On Arm CCA, the device can access shared IPA, with T=1 transaction
as long as the mapping is active in the Stage2 managed by RMM.

Rather than mapping the entire memory from the host, it would be ideal
if the Coco vms have some sort of a callback to "make sure the DMA
wouldn't fault for a device". e.g, it could be as simple as touching
the page in Arm CCA (GFP_ZERO could do the trick, well one byte
per Granule is good). or an ACCEPT a given page.

Is this a problem for AMDE SNP / Intel TDX ?

Suzuki

Jason

Next message: Manikandan Muralidharan: "[PATCH v2 1/3] spi: atmel: simplify MR register update in cs_activate()"
Previous message: Wang Liang: "Re: [RFC PATCH net v2] net: drop gso udp packets in udp_rcv_segment()"
In reply to: Jason Gunthorpe: "Re: [RFC PATCH v1 04/38] tsm: Support DMA Allocation from private memory"
Next in thread: Jason Gunthorpe: "Re: [RFC PATCH v1 04/38] tsm: Support DMA Allocation from private memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]