| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4f057e37-7f6c-4daa-b99a-122aa417f0e3@arm.com>
Date: Fri, 28 Feb 2025 18:23:41 +0000
From: Robin Murphy <robin.murphy@....com>
To: Suzuki K Poulose <suzuki.poulose@....com>, linux-kernel@...r.kernel.org
Cc: will@...nel.org, catalin.marinas@....com, maz@...nel.org,
steven.price@....com, aneesh.kumar@...nel.org, gshan@...hat.com,
linux-arm-kernel@...ts.infradead.org,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
Christoph Hellwig <hch@....de>, Marek Szyprowski <m.szyprowski@...sung.com>,
Tom Lendacky <thomas.lendacky@....com>
Subject: Re: [PATCH v3 2/3] dma: Introduce generic dma_addr_*crypted helpers
On 27/02/2025 2:41 pm, Suzuki K Poulose wrote:
> AMD SME added __sme_set/__sme_clr primitives to modify the DMA address for
> encrypted/decrypted traffic. However this doesn't fit in with other models,
> e.g., Arm CCA where the meanings are the opposite. i.e., "decrypted" traffic
> has a bit set and "encrypted" traffic has the top bit cleared.
>
> In preparation for adding the support for Arm CCA DMA conversions, convert the
> existing primitives to more generic ones that can be provided by the backends.
> i.e., add helpers to
> 1. dma_addr_encrypted - Convert a DMA address to "encrypted" [ == __sme_set() ]
> 2. dma_addr_unencrypted - Convert a DMA address to "decrypted" [ None exists today ]
> 3. dma_addr_canonical - Clear any "encryption"/"decryption" bits from DMA
> address [ SME uses __sme_clr() ] and convert to a canonical DMA address.
>
> Since the original __sme_xxx helpers come from linux/mem_encrypt.h, use that
> as the home for the new definitions and provide dummy ones when none is provided
> by the architectures.
>
> With the above, phys_to_dma_unencrypted() uses the newly added dma_addr_unencrypted()
> helper and to make it a bit more easier to read and avoid double conversion,
> provide __phys_to_dma().
Yeah, I'm happy with "canonical" being the least-worst option for now; I
certainly can't think of anything snappier yet still sufficiently clear.
Reviewed-by: Robin Murphy <robin.murphy@....com>
> Suggested-by: Robin Murphy <robin.murphy@....com>
> Cc: Will Deacon <will@...nel.org>
> Cc: Jean-Philippe Brucker <jean-philippe@...aro.org>
> Cc: Catalin Marinas <catalin.marinas@....com>
> Cc: Robin Murphy <robin.murphy@....com>
> Cc: Steven Price <steven.price@....com>
> Cc: Christoph Hellwig <hch@....de>
> Cc: Marek Szyprowski <m.szyprowski@...sung.com>
> Cc: Tom Lendacky <thomas.lendacky@....com>
> Cc: Aneesh Kumar K.V <aneesh.kumar@...nel.org>
> Signed-off-by: Suzuki K Poulose <suzuki.poulose@....com>
> ---
> Changes since v2:
> - Rename helpers- s/dma_*crypted/dma_addr_*crypted (Robin)
> ---
> include/linux/dma-direct.h | 12 ++++++++----
> include/linux/mem_encrypt.h | 23 +++++++++++++++++++++++
> 2 files changed, 31 insertions(+), 4 deletions(-)
>
> diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h
> index d20ecc24cb0f..f3bc0bcd7098 100644
> --- a/include/linux/dma-direct.h
> +++ b/include/linux/dma-direct.h
> @@ -78,14 +78,18 @@ static inline dma_addr_t dma_range_map_max(const struct bus_dma_region *map)
> #define phys_to_dma_unencrypted phys_to_dma
> #endif
> #else
> -static inline dma_addr_t phys_to_dma_unencrypted(struct device *dev,
> - phys_addr_t paddr)
> +static inline dma_addr_t __phys_to_dma(struct device *dev, phys_addr_t paddr)
> {
> if (dev->dma_range_map)
> return translate_phys_to_dma(dev, paddr);
> return paddr;
> }
>
> +static inline dma_addr_t phys_to_dma_unencrypted(struct device *dev,
> + phys_addr_t paddr)
> +{
> + return dma_addr_unencrypted(__phys_to_dma(dev, paddr));
> +}
> /*
> * If memory encryption is supported, phys_to_dma will set the memory encryption
> * bit in the DMA address, and dma_to_phys will clear it.
> @@ -94,14 +98,14 @@ static inline dma_addr_t phys_to_dma_unencrypted(struct device *dev,
> */
> static inline dma_addr_t phys_to_dma(struct device *dev, phys_addr_t paddr)
> {
> - return __sme_set(phys_to_dma_unencrypted(dev, paddr));
> + return dma_addr_encrypted(__phys_to_dma(dev, paddr));
> }
>
> static inline phys_addr_t dma_to_phys(struct device *dev, dma_addr_t dma_addr)
> {
> phys_addr_t paddr;
>
> - dma_addr = __sme_clr(dma_addr);
> + dma_addr = dma_addr_canonical(dma_addr);
> if (dev->dma_range_map)
> paddr = translate_dma_to_phys(dev, dma_addr);
> else
> diff --git a/include/linux/mem_encrypt.h b/include/linux/mem_encrypt.h
> index ae4526389261..07584c5e36fb 100644
> --- a/include/linux/mem_encrypt.h
> +++ b/include/linux/mem_encrypt.h
> @@ -26,11 +26,34 @@
> */
> #define __sme_set(x) ((x) | sme_me_mask)
> #define __sme_clr(x) ((x) & ~sme_me_mask)
> +
> +#define dma_addr_encrypted(x) __sme_set(x)
> +#define dma_addr_canonical(x) __sme_clr(x)
> +
> #else
> #define __sme_set(x) (x)
> #define __sme_clr(x) (x)
> #endif
>
> +/*
> + * dma_addr_encrypted() and dma_addr_unencrypted() are for converting a given DMA
> + * address to the respective type of addressing.
> + *
> + * dma_addr_canonical() is used to reverse any conversions for encrypted/decrypted
> + * back to the canonical address.
> + */
> +#ifndef dma_addr_encrypted
> +#define dma_addr_encrypted(x) (x)
> +#endif
> +
> +#ifndef dma_addr_unencrypted
> +#define dma_addr_unencrypted(x) (x)
> +#endif
> +
> +#ifndef dma_addr_canonical
> +#define dma_addr_canonical(x) (x)
> +#endif
> +
> #endif /* __ASSEMBLY__ */
>
> #endif /* __MEM_ENCRYPT_H__ */
Powered by blists - more mailing lists