From patchwork Wed Feb 19 22:07:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suzuki K Poulose X-Patchwork-Id: 13983073 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4C7A7C021AA for ; Wed, 19 Feb 2025 22:12:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=kJ2dBFghlAXfrUpuust14xZsCtKSfXDmHz+MLMhKZlM=; b=gdIynxcI9KhOeTdZU5DdFikdnj YcfUj/Qw9fqPv2QVEeFDgThdLU9udmCHsSnNwxuWwZYszNe1DhpuLYoBOmspPt6De3dhSXoF4aPQj yOgcjcPomZl0NTNgnv4u5oZzMf3oRZDlDysF1Qy3yEeNlitSKWgvXlvJEhTy0kI8LYlZfz6gvGc+d M21XXFyquhj420Zs+VYJ/Ex38xAzW4T/oNsGHeVPKkgDHWoWaniORdDwin6SAeVKt3TqXdwLmdi6t VB2mVuHVh2+fNP96Mg6TeIdetGNsWllnrrPUkhtWDIAk/5iKJ37YvhT1i5QvtJZHRIi2JHxFxJxl/ iZwzN2rg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tksJ4-0000000FNao-03XD; Wed, 19 Feb 2025 22:12:38 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tksGA-0000000FMZB-2fCf for linux-arm-kernel@lists.infradead.org; Wed, 19 Feb 2025 22:09:40 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E74EA153B; Wed, 19 Feb 2025 14:09:55 -0800 (PST) Received: from ewhatever.cambridge.arm.com (ewhatever.cambridge.arm.com [10.1.197.1]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 0B9793F6A8; Wed, 19 Feb 2025 14:09:35 -0800 (PST) From: Suzuki K Poulose To: will@kernel.org, robin.murphy@arm.com, catalin.marinas@arm.com Cc: maz@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, gregkh@linuxfoundation.org, aneesh.kumar@kernel.org, steven.price@arm.com, suzuki.poulose@arm.com, Jean-Philippe Brucker , Christoph Hellwig , Tom Lendacky Subject: [PATCH v2 1/3] dma: Fix encryption bit clearing for dma_to_phys Date: Wed, 19 Feb 2025 22:07:49 +0000 Message-ID: <20250219220751.1276854-2-suzuki.poulose@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250219220751.1276854-1-suzuki.poulose@arm.com> References: <20250219220751.1276854-1-suzuki.poulose@arm.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250219_140938_714531_CEAD7C99 X-CRM114-Status: GOOD ( 12.59 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org phys_to_dma() sets the encryption bit on the translated DMA address. But dma_to_phys() clears the encryption bit after it has been translated back to the physical address, which could fail if the device uses DMA ranges. Hopefully, AMD SME doesn't use it. Anyways, let us fix it, before cleanup the infrastructure for supporting other architectures. Reported-by: Aneesh Kumar K.V Link: https://lkml.kernel.org/r/yq5amsen9stc.fsf@kernel.org Cc: Will Deacon Cc: Jean-Philippe Brucker Cc: Catalin Marinas Cc: Robin Murphy Cc: Steven Price Cc: Christoph Hellwig Cc: Tom Lendacky Signed-off-by: Suzuki K Poulose --- include/linux/dma-direct.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index d7e30d4f7503..d20ecc24cb0f 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -101,12 +101,13 @@ static inline phys_addr_t dma_to_phys(struct device *dev, dma_addr_t dma_addr) { phys_addr_t paddr; + dma_addr = __sme_clr(dma_addr); if (dev->dma_range_map) paddr = translate_dma_to_phys(dev, dma_addr); else paddr = dma_addr; - return __sme_clr(paddr); + return paddr; } #endif /* !CONFIG_ARCH_HAS_PHYS_TO_DMA */ From patchwork Wed Feb 19 22:07:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suzuki K Poulose X-Patchwork-Id: 13983075 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6639DC021AA for ; Wed, 19 Feb 2025 22:15:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=QI029+WDO/xAkXHC8GLNwppyd21ngB4Kt1M32/siHM4=; b=vdj49GlQ6QiefUDDa36eSdEqHh l8um0sgRNErEMqAdQjEq+8fh8b6DwpZPupPheH9chWjnrULNSZ+YYE6X2RtPxnEImpSm1tLmNVwfz GwYHNeagg9EYVGO8siJLpqsGs+upHwxU6L6nfy1yrPWCfP4iIBWyvmN9wMv4HqI/kS72dIV58YZPh GAZSChNqfRSWYu01SY+NHCG/Hc5Yz547I9BQM8DuctfJrKD+hMqiF1pDDEQ9efmKLlV+xvlqqoDFp +UE17xos1KWWq9NzUha9DllcYWmnhxj5xGsy4lIlSv08JjHwXVllfpjvQFbwlXPdHRsB6Sh4w5bCK LFyKgVYA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tksLy-0000000FOMg-1b8y; Wed, 19 Feb 2025 22:15:38 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tksGP-0000000FMen-1XaG for linux-arm-kernel@bombadil.infradead.org; Wed, 19 Feb 2025 22:09:53 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Transfer-Encoding:MIME-Version :References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=QI029+WDO/xAkXHC8GLNwppyd21ngB4Kt1M32/siHM4=; b=FSPSuuuodjpg7NuYRIxx/TGhXW pjcPO1Grt7IBP6Jn2/u4QLvemRR1v/6K6fYaLADhsuc+hmrguFdIdbJ9bJcYiXXgJm/SSa4ciOo1Y WsX97FGj8sGbdUDLF8JsyKWcna5IebZZJgLrftxVM1FXkKo/h0F+mo3wL9Xkb0vh/XDX17AA2c+qb yUszfMNHGXblEkoQqwaDOcrNEmfsjkAEH/VXLoSGBeWK8cqwGt2hlbGQxRdS41Uv5fCOEfb28Y1E6 oWMB/pyqwUp7G6H8RSyAQIFRKbxE8pYQ5Cv0Hv+SEcJbvpGLKXcG1t6C1F1dAwPRCb7EubpnZtDYv HKeIH5kg==; Received: from foss.arm.com ([217.140.110.172]) by desiato.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tksGE-00000002L0U-3zIH for linux-arm-kernel@lists.infradead.org; Wed, 19 Feb 2025 22:09:51 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BA64B1595; Wed, 19 Feb 2025 14:09:57 -0800 (PST) Received: from ewhatever.cambridge.arm.com (ewhatever.cambridge.arm.com [10.1.197.1]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id D106D3F6A8; Wed, 19 Feb 2025 14:09:37 -0800 (PST) From: Suzuki K Poulose To: will@kernel.org, robin.murphy@arm.com, catalin.marinas@arm.com Cc: maz@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, gregkh@linuxfoundation.org, aneesh.kumar@kernel.org, steven.price@arm.com, suzuki.poulose@arm.com, Jean-Philippe Brucker , Christoph Hellwig , Tom Lendacky Subject: [PATCH v2 2/3] dma: Introduce generic dma_decrypted/dma_encrypted helpers Date: Wed, 19 Feb 2025 22:07:50 +0000 Message-ID: <20250219220751.1276854-3-suzuki.poulose@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250219220751.1276854-1-suzuki.poulose@arm.com> References: <20250219220751.1276854-1-suzuki.poulose@arm.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250219_220949_661556_2310D3EE X-CRM114-Status: GOOD ( 19.11 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org AMD SME added __sme_set/__sme_clr primitives to modify the DMA address for encrypted/decrypted traffic. However this doesn't fit in with other models, e.g., Arm CCA where the meanings are the opposite. i.e., "decrypted" traffic has a bit set and "encrypted" traffic has the top bit cleared. In preparation for adding the support for Arm CCA DMA conversions, convert the existing primitives to more generic ones that can be provided by the backends. i.e., add helpers to 1. dma_encrypted - Convert a DMA address to "encrypted" [ == __sme_set() ] 2. dma_decrypted - Convert a DMA address to "decrypted" [ None exists today ] 3. dma_clear_encryption - Clear any "encryption"/"decryption" bits from DMA address [ SME uses __sme_clr() ] Since the original __sme_xxx helpers come from linux/mem_encrypt.h, use that as the home for the new definitions and provide dummy ones when none is provided by the architectures. With the above, phys_to_dma_unencrypted() uses the newly added dma_decrypted() helper and to make it a bit more easier to read and avoid double conversion, provide __phys_to_dma(). No functional changes intended. Compile tested on x86 defconfig with CONFIG_AMD_MEM_ENCRYPT. Suggested-by: Robin Murphy Cc: Will Deacon Cc: Jean-Philippe Brucker Cc: Catalin Marinas Cc: Robin Murphy Cc: Steven Price Cc: Christoph Hellwig Cc: Tom Lendacky Cc: Aneesh Kumar K.V Signed-off-by: Suzuki K Poulose --- include/linux/dma-direct.h | 12 ++++++++---- include/linux/mem_encrypt.h | 23 +++++++++++++++++++++++ 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index d20ecc24cb0f..9b5cc0ee86d5 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -78,14 +78,18 @@ static inline dma_addr_t dma_range_map_max(const struct bus_dma_region *map) #define phys_to_dma_unencrypted phys_to_dma #endif #else -static inline dma_addr_t phys_to_dma_unencrypted(struct device *dev, - phys_addr_t paddr) +static inline dma_addr_t __phys_to_dma(struct device *dev, phys_addr_t paddr) { if (dev->dma_range_map) return translate_phys_to_dma(dev, paddr); return paddr; } +static inline dma_addr_t phys_to_dma_unencrypted(struct device *dev, + phys_addr_t paddr) +{ + return dma_decrypted(__phys_to_dma(dev, paddr)); +} /* * If memory encryption is supported, phys_to_dma will set the memory encryption * bit in the DMA address, and dma_to_phys will clear it. @@ -94,14 +98,14 @@ static inline dma_addr_t phys_to_dma_unencrypted(struct device *dev, */ static inline dma_addr_t phys_to_dma(struct device *dev, phys_addr_t paddr) { - return __sme_set(phys_to_dma_unencrypted(dev, paddr)); + return dma_encrypted(__phys_to_dma(dev, paddr)); } static inline phys_addr_t dma_to_phys(struct device *dev, dma_addr_t dma_addr) { phys_addr_t paddr; - dma_addr = __sme_clr(dma_addr); + dma_addr = dma_clear_encryption(dma_addr); if (dev->dma_range_map) paddr = translate_dma_to_phys(dev, dma_addr); else diff --git a/include/linux/mem_encrypt.h b/include/linux/mem_encrypt.h index ae4526389261..c8dcc1be695a 100644 --- a/include/linux/mem_encrypt.h +++ b/include/linux/mem_encrypt.h @@ -26,11 +26,34 @@ */ #define __sme_set(x) ((x) | sme_me_mask) #define __sme_clr(x) ((x) & ~sme_me_mask) + +#define dma_encrypted(x) __sme_set(x) +#define dma_clear_encryption(x) __sme_clr(x) + #else #define __sme_set(x) (x) #define __sme_clr(x) (x) #endif +/* + * dma_encrypted() and dma_decrypted() are for converting a given DMA + * address to the respective type of addressing. + * + * dma_clear_encryption() is used to reverse the conversion back to "normal" + * DMA address. + */ +#ifndef dma_encrypted +#define dma_encrypted(x) (x) +#endif + +#ifndef dma_decrypted +#define dma_decrypted(x) (x) +#endif + +#ifndef dma_clear_encryption +#define dma_clear_encryption(x) (x) +#endif + #endif /* __ASSEMBLY__ */ #endif /* __MEM_ENCRYPT_H__ */ From patchwork Wed Feb 19 22:07:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Suzuki K Poulose X-Patchwork-Id: 13983074 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5D769C021AA for ; Wed, 19 Feb 2025 22:14:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=wZI+/6tdY/z4vCnpV+dVtX1fvFdzmOvnyvtXI8pfsiE=; b=hoN2g11wLGM7YpDq9boVkzKhd4 nvxj/86IOXKVgdKernf6xC01gGnZqrqBFCTTzNmEFUi6lGqB+4BBNRm7RTCH8KNe0de8ZSyLiDP0J X5r28EO7Qp6H1q5gv3Xjox+MxH4a9Xh6xztp3R9v2iMBa3mj6JpdIGZmf59CYWyWyuUIgLlsTvvUJ rZP4n7FkJazjB5W8gjJ9fI7WKA56hvlAFn+woTAW6M+kPLTOhzm/Cg273RWYg6UpFZ603llD/yF6W +mzFPB/oZG9x5ZGonW34D61C480IUa9QO9/YL79EEoeoauQnVaF3IRsHkIMf5EowO0h5X4tz41re0 fLJcpKmw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tksKW-0000000FNzZ-35Bn; Wed, 19 Feb 2025 22:14:08 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tksGE-0000000FMbt-10hr for linux-arm-kernel@lists.infradead.org; Wed, 19 Feb 2025 22:09:43 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8989B153B; Wed, 19 Feb 2025 14:09:59 -0800 (PST) Received: from ewhatever.cambridge.arm.com (ewhatever.cambridge.arm.com [10.1.197.1]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id A20153F6A8; Wed, 19 Feb 2025 14:09:39 -0800 (PST) From: Suzuki K Poulose To: will@kernel.org, robin.murphy@arm.com, catalin.marinas@arm.com Cc: maz@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, gregkh@linuxfoundation.org, aneesh.kumar@kernel.org, steven.price@arm.com, suzuki.poulose@arm.com, Jean-Philippe Brucker , Christoph Hellwig , Tom Lendacky Subject: [PATCH v2 3/3] arm64: realm: Use aliased addresses for device DMA to shared buffers Date: Wed, 19 Feb 2025 22:07:51 +0000 Message-ID: <20250219220751.1276854-4-suzuki.poulose@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250219220751.1276854-1-suzuki.poulose@arm.com> References: <20250219220751.1276854-1-suzuki.poulose@arm.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250219_140942_320464_B875639F X-CRM114-Status: GOOD ( 12.17 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When a device performs DMA to a shared buffer using physical addresses, (without Stage1 translation), the device must use the "{I}PA address" with the top bit set in Realm. This is to make sure that a trusted device will be able to write to shared buffers as well as the protected buffers. Thus, a Realm must always program the full address including the "protection" bit, like AMD SME encryption bits. Enable this by providing arm64 specific dma_{encrypted,decrypted,clear_encryption} helpers for Realms. Please note that the VMM needs to similarly make sure that the SMMU Stage2 in the Non-secure world is setup accordingly to map IPA at the unprotected alias. Cc: Will Deacon Cc: Jean-Philippe Brucker Cc: Catalin Marinas Cc: Robin Murphy Cc: Steven Price Cc: Christoph Hellwig Cc: Tom Lendacky Cc: Aneesh Kumar K.V Signed-off-by: Suzuki K Poulose --- arch/arm64/include/asm/mem_encrypt.h | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/arch/arm64/include/asm/mem_encrypt.h b/arch/arm64/include/asm/mem_encrypt.h index f8f78f622dd2..aeda3bba255e 100644 --- a/arch/arm64/include/asm/mem_encrypt.h +++ b/arch/arm64/include/asm/mem_encrypt.h @@ -21,4 +21,26 @@ static inline bool force_dma_unencrypted(struct device *dev) return is_realm_world(); } +static inline dma_addr_t dma_decrypted(dma_addr_t daddr) +{ + if (is_realm_world()) + daddr |= prot_ns_shared; + return daddr; +} +#define dma_decrypted dma_decrypted + +static inline dma_addr_t dma_encrypted(dma_addr_t daddr) +{ + if (is_realm_world()) + daddr &= prot_ns_shared - 1; + return daddr; +} +#define dma_encrypted dma_encrypted + +static inline dma_addr_t dma_clear_encryption(dma_addr_t daddr) +{ + return dma_encrypted(daddr); +} +#define dma_clear_encryption dma_clear_encryption + #endif /* __ASM_MEM_ENCRYPT_H */