DMA_ATTR_CC_SHARED describes an existing DMA mapping whose backing memory is already shared, or decrypted, for confidential computing. It is a mapping attribute: callers use it to request a shared DMA address encoding for memory that has already been prepared for shared DMA.
Allocation paths need a related but different state. Once the DMA core decides that an allocation must use shared backing pages, the lower-level allocation helpers need to select shared pools, decrypt newly allocated pages, derive the DMA address with the shared-memory translation and restore encryption on free. That state is internal to the DMA-mapping implementation and should not be passed by drivers to dma_alloc_attrs(). Signed-off-by: Aneesh Kumar K.V (Arm) <[email protected]> --- Documentation/core-api/dma-attributes.rst | 29 +++++++++++++++++++++++ include/linux/dma-mapping.h | 8 +++++++ include/trace/events/dma.h | 3 ++- 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/Documentation/core-api/dma-attributes.rst b/Documentation/core-api/dma-attributes.rst index 123c8468d58f..eee743184acd 100644 --- a/Documentation/core-api/dma-attributes.rst +++ b/Documentation/core-api/dma-attributes.rst @@ -179,3 +179,32 @@ interface when building their uAPIs, when possible. It must never be used in an in-kernel driver that only works with kernel memory. + +DMA_ATTR_CC_SHARED +------------------ + +This attribute indicates that a DMA mapping is shared, or decrypted, for +confidential computing guests. For normal system memory, the caller must +already have marked the memory decrypted with set_memory_decrypted(). CPU +PTEs for the mapping must use pgprot_decrypted(), and the same shared +semantic may be passed to a vIOMMU when it sets up the IOPTE. + +This attribute describes an existing mapping. It does not allocate shared +backing pages and must not be passed to dma_alloc_attrs(). For MMIO, use +this together with DMA_ATTR_MMIO to indicate shared MMIO. Unless +DMA_ATTR_MMIO is provided, the mapping requires a struct page. + +__DMA_ATTR_ALLOC_CC_SHARED +-------------------------- + +This is an internal DMA-mapping attribute for confidential computing guests. +It is used by allocation paths after the DMA core has determined that the +backing pages must be shared, or decrypted. For example, the direct DMA and +SWIOTLB allocation paths use it to select shared DMA pools, decrypt newly +allocated pages, derive DMA addresses using the shared-memory translation, and +restore encryption on free. + +__DMA_ATTR_ALLOC_CC_SHARED differs from DMA_ATTR_CC_SHARED in that it is not +a caller-visible DMA API attribute. DMA_ATTR_CC_SHARED describes an +already-shared mapping and requires the caller to have prepared normal +system memory before mapping it. diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h index cc0823a99cfd..a3e880649fa4 100644 --- a/include/linux/dma-mapping.h +++ b/include/linux/dma-mapping.h @@ -103,6 +103,14 @@ */ #define DMA_ATTR_CC_SHARED (1UL << 13) +/* + * __DMA_ATTR_ALLOC_CC_SHARED: Internal DMA-mapping attribute used by + * allocation paths that create shared (decrypted) backing pages for + * confidential computing guests. Drivers must not pass this attribute to + * dma_alloc_attrs(). + */ +#define __DMA_ATTR_ALLOC_CC_SHARED (1UL << 14) + /* * A dma_addr_t can hold any valid DMA or bus address for the platform. It can * be given to a device to use as a DMA source or target. It is specific to a diff --git a/include/trace/events/dma.h b/include/trace/events/dma.h index 31c9ddf72c9d..9df02c1511de 100644 --- a/include/trace/events/dma.h +++ b/include/trace/events/dma.h @@ -35,7 +35,8 @@ TRACE_DEFINE_ENUM(DMA_NONE); { DMA_ATTR_MMIO, "MMIO" }, \ { DMA_ATTR_DEBUGGING_IGNORE_CACHELINES, "CACHELINES_OVERLAP" }, \ { DMA_ATTR_REQUIRE_COHERENT, "REQUIRE_COHERENT" }, \ - { DMA_ATTR_CC_SHARED, "CC_SHARED" }) + { DMA_ATTR_CC_SHARED, "CC_SHARED" }, \ + { __DMA_ATTR_ALLOC_CC_SHARED, "ALLOC_CC_SHARED" }) DECLARE_EVENT_CLASS(dma_map, TP_PROTO(struct device *dev, phys_addr_t phys_addr, dma_addr_t dma_addr, -- 2.43.0
