Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp146731ybz; Wed, 15 Apr 2020 06:11:40 -0700 (PDT) X-Google-Smtp-Source: APiQypJcZWMoxDogZ89agr6Hu4IRZ3K/JcOwVhingrqOmUM/ejrHn036sFufvhLspXvL/TrsL5Ob X-Received: by 2002:aa7:c90d:: with SMTP id b13mr8523639edt.14.1586956300515; Wed, 15 Apr 2020 06:11:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586956300; cv=none; d=google.com; s=arc-20160816; b=WGawK43wy8650Zhw0TSndYuvhhkq9ERFR7pbomgMuh70BtIMeZtRWgso5IFUAlveS3 Zp6IjU5BG+1FSG/1LllU+VuzEzIU+Z1cI0lGSY7t1aeYHYk2O/+pbkX0zQtti4KXP9Ym x98+i1H8VeuprBnUkLnyEYUGk8O7XLagt5BY5eaGxM5YYdVe5tEoElcbR7OJu2uftzpG K/L4smG+A/or2nf/0lTZZx3+6EPGUoG1upW7pD1+LTzgWLqkBXnFvvWSYVJh3xxIO8US EJ+d2CENvKB7JxRUUZ3ClStdvzDkiRTcf54lz/9rzCL50egQFtnqt7q50WjkUdoMyL0Y eHMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature; bh=P9uGK/l9+upt2147+kcKvfUBL5T6QGch+S3tGbTmzhg=; b=yifyL/E5XyXBTvusmIQh5SE7OKyysOZhz5UFGGnI7mVa+fMiu5yOHJFlQZisSf+ept oNabtOVOuGxUM+E+BxuAc6l3NZyG7iTND4aA0Kuj3e/nQa4/q8K9Hkixma1jCE+cnJ9g AUiqUAP63oyiYSiCUYSoSdxozs1NBxJLKW5FvhQC6/acHFh/hKyxbIJRJ20qExbnVCUv qprkXT4Lkhsf37krKJ5iuQXUOxL76jwidoRlY79SGJlBidn6VelacdjQ0OoS+Z7zBcuX lrBJ5qUSsoLYbyv2zSuaxuAaf/iVvydogQV8bcAQyuVIMBkJR78zkpdCwjYuXat0Ga4X rc8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=WFGud2tB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m9si11248274eda.117.2020.04.15.06.11.16; Wed, 15 Apr 2020 06:11:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=WFGud2tB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2504715AbgDNT04 (ORCPT + 99 others); Tue, 14 Apr 2020 15:26:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56642 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1730049AbgDNTYp (ORCPT ); Tue, 14 Apr 2020 15:24:45 -0400 Received: from mail-pg1-x542.google.com (mail-pg1-x542.google.com [IPv6:2607:f8b0:4864:20::542]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2FBB0C08C5F2 for ; Tue, 14 Apr 2020 12:18:40 -0700 (PDT) Received: by mail-pg1-x542.google.com with SMTP id p8so340542pgi.5 for ; Tue, 14 Apr 2020 12:18:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:mime-version; bh=P9uGK/l9+upt2147+kcKvfUBL5T6QGch+S3tGbTmzhg=; b=WFGud2tBPWFna3TtJBPDwDAuc3HGHK64EaaZKf9mtGIDlcqcqYj+zc5/SdWWRMWshu raTwvHD7blUEj+visUbTeVR/CmwIC4XYp9lmYsXLyaJPZ3ZVp14dQCZwCgF6//ssCtXR 0kMk3I6NrQ4quQmpa5nYNEojOp7zczNpCEM3vPAfNRSWnufba2qs902hbkoro4+2x/iz FPjdJMuI04crXUgqCwJxr1hpuJZEo3UncZ80cbCsoRkZx4R1HlU/ZxJ+rB759ZBSsmWA 9BJEu8ErySIBz8RRagX/0hFlQTX/hsOlz4XJF+DTn0lVQLrx/oGqN0SNRXj4fZuBebnL eKYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:in-reply-to:message-id :references:user-agent:mime-version; bh=P9uGK/l9+upt2147+kcKvfUBL5T6QGch+S3tGbTmzhg=; b=YBY1K+nswlZChucjvQQK9FjJ+htp5nNrdlbw3paa3dzQZPk9fqwoqLx/5eFkoiuMza TbW0bV1Vo+n9YOpggiG0iXR+F3dEOm3eVFai4JEslJzTZNujzxy18n3BgjJZG0KFGwJs r2C++ZY7klV8Pk5kCJAn8VS2RZpIIR5+duhgYwBb3k3eKyHi0yyQgViLxaLIc5PAaFTQ 6HE8+qL4AiekXuJWFuL0As4AEBxa67yFBDjtXUBs6ESHzLyoFdrhEsAEtcN4muIC9xSY g8xIJeLJDYogo9PQeCrtjtgIITNqmiyVpv3A8NFFYem/5oX1HuneczafkE2GM/65kwH9 xEgA== X-Gm-Message-State: AGi0PuYyMN5NCy6T/IfFyG2QmfkhqPw9JSfBVfJae5tQ440t2qm4Ysx+ iMSJ4gf0vuiHYTyBvyC8BgEZUw== X-Received: by 2002:aa7:9d89:: with SMTP id f9mr3546328pfq.194.1586891919386; Tue, 14 Apr 2020 12:18:39 -0700 (PDT) Received: from [2620:15c:17:3:3a5:23a7:5e32:4598] ([2620:15c:17:3:3a5:23a7:5e32:4598]) by smtp.gmail.com with ESMTPSA id r28sm5417712pfg.186.2020.04.14.12.18.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Apr 2020 12:18:38 -0700 (PDT) Date: Tue, 14 Apr 2020 12:18:37 -0700 (PDT) From: David Rientjes X-X-Sender: rientjes@chino.kir.corp.google.com To: Tom Lendacky cc: Christoph Hellwig , "Singh, Brijesh" , "Grimm, Jon" , Joerg Roedel , "linux-kernel@vger.kernel.org" , "iommu@lists.linux-foundation.org" Subject: Re: [rfc v2 4/6] dma-direct: atomic allocations must come from atomic coherent pools In-Reply-To: <26df6b35-af63-bf17-0c21-51684afa6f67@amd.com> Message-ID: References: <26df6b35-af63-bf17-0c21-51684afa6f67@amd.com> User-Agent: Alpine 2.22 (DEB 394 2020-01-19) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 9 Apr 2020, Tom Lendacky wrote: > > When a device required unencrypted memory and the context does not allow > > required => requires > Fixed, thanks. > > blocking, memory must be returned from the atomic coherent pools. > > > > This avoids the remap when CONFIG_DMA_DIRECT_REMAP is not enabled and the > > config only requires CONFIG_DMA_COHERENT_POOL. This will be used for > > CONFIG_AMD_MEM_ENCRYPT in a subsequent patch. > > > > Keep all memory in these pools unencrypted. > > > > Signed-off-by: David Rientjes > > --- > > kernel/dma/direct.c | 16 ++++++++++++++++ > > kernel/dma/pool.c | 15 +++++++++++++-- > > 2 files changed, 29 insertions(+), 2 deletions(-) > > > > diff --git a/kernel/dma/direct.c b/kernel/dma/direct.c > > index 70800ca64f13..44165263c185 100644 > > --- a/kernel/dma/direct.c > > +++ b/kernel/dma/direct.c > > @@ -124,6 +124,18 @@ void *dma_direct_alloc_pages(struct device *dev, size_t > > size, > > struct page *page; > > void *ret; > > + /* > > + * Unencrypted memory must come directly from DMA atomic pools if > > + * blocking is not allowed. > > + */ > > + if (IS_ENABLED(CONFIG_DMA_COHERENT_POOL) && > > + force_dma_unencrypted(dev) && !gfpflags_allow_blocking(gfp)) { > > + ret = dma_alloc_from_pool(dev, PAGE_ALIGN(size), &page, gfp); > > + if (!ret) > > + return NULL; > > + goto done; > > + } > > + > > if (IS_ENABLED(CONFIG_DMA_DIRECT_REMAP) && > > dma_alloc_need_uncached(dev, attrs) && > > !gfpflags_allow_blocking(gfp)) { > > @@ -203,6 +215,10 @@ void dma_direct_free_pages(struct device *dev, size_t > > size, void *cpu_addr, > > { > > unsigned int page_order = get_order(size); > > + if (IS_ENABLED(CONFIG_DMA_COHERENT_POOL) && > > + dma_free_from_pool(dev, cpu_addr, PAGE_ALIGN(size))) > > + return; > > + > > if ((attrs & DMA_ATTR_NO_KERNEL_MAPPING) && > > !force_dma_unencrypted(dev)) { > > /* cpu_addr is a struct page cookie, not a kernel address */ > > diff --git a/kernel/dma/pool.c b/kernel/dma/pool.c > > index e14c5a2da734..6685ab89cfa7 100644 > > --- a/kernel/dma/pool.c > > +++ b/kernel/dma/pool.c > > @@ -9,6 +9,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -55,12 +56,20 @@ static int atomic_pool_expand(struct gen_pool *pool, > > size_t pool_size, > > arch_dma_prep_coherent(page, pool_size); > > +#ifdef CONFIG_DMA_DIRECT_REMAP > > addr = dma_common_contiguous_remap(page, pool_size, > > pgprot_dmacoherent(PAGE_KERNEL), > > __builtin_return_address(0)); > > if (!addr) > > goto free_page; > > - > > +#else > > + addr = page_to_virt(page); > > +#endif > > + /* > > + * Memory in the atomic DMA pools must be unencrypted, the pools do > > not > > + * shrink so no re-encryption occurs in dma_direct_free_pages(). > > + */ > > + set_memory_decrypted((unsigned long)page_to_virt(page), 1 << order); > > ret = gen_pool_add_virt(pool, (unsigned long)addr, page_to_phys(page), > > pool_size, NUMA_NO_NODE); > > if (ret) > > @@ -69,8 +78,10 @@ static int atomic_pool_expand(struct gen_pool *pool, > > size_t pool_size, > > return 0; > > remove_mapping: > > +#ifdef CONFIG_DMA_DIRECT_REMAP > > dma_common_free_remap(addr, pool_size); > > You're about to free the memory, but you've called set_memory_decrypted() > against it, so you need to do a set_memory_encrypted() to bring it back to a > state ready for allocation again. > Ah, good catch, thanks. I notice that I should also be checking the return value of set_memory_decrypted() because pages added to the coherent pools *must* be unencrypted. If it fails, we fail the expansion. And do the same thing for set_memory_encrypted(), which would be a bizarre situation (decrypt succeeded, encrypt failed), by simply leaking the page. diff --git a/kernel/dma/pool.c b/kernel/dma/pool.c --- a/kernel/dma/pool.c +++ b/kernel/dma/pool.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include #include @@ -53,22 +54,42 @@ static int atomic_pool_expand(struct gen_pool *pool, size_t pool_size, arch_dma_prep_coherent(page, pool_size); +#ifdef CONFIG_DMA_DIRECT_REMAP addr = dma_common_contiguous_remap(page, pool_size, pgprot_dmacoherent(PAGE_KERNEL), __builtin_return_address(0)); if (!addr) goto free_page; - +#else + addr = page_to_virt(page); +#endif + /* + * Memory in the atomic DMA pools must be unencrypted, the pools do not + * shrink so no re-encryption occurs in dma_direct_free_pages(). + */ + ret = set_memory_decrypted((unsigned long)page_to_virt(page), + 1 << order); + if (ret) + goto remove_mapping; ret = gen_pool_add_virt(pool, (unsigned long)addr, page_to_phys(page), pool_size, NUMA_NO_NODE); if (ret) - goto remove_mapping; + goto encrypt_mapping; return 0; +encrypt_mapping: + ret = set_memory_encrypted((unsigned long)page_to_virt(page), + 1 << order); + if (WARN_ON_ONCE(ret)) { + /* Decrypt succeeded but encrypt failed, purposely leak */ + goto out; + } remove_mapping: +#ifdef CONFIG_DMA_DIRECT_REMAP dma_common_free_remap(addr, pool_size); -free_page: +#endif +free_page: __maybe_unused if (!dma_release_from_contiguous(NULL, page, 1 << order)) __free_pages(page, order); out: