Re: [RFC PATCH] arm64: mm: support set_memory_encrypted/decrypted for vmalloc addresses

Next message: Swamil Jain: "Re: [PATCH v2] dt-bindings: display: ti,am65x-dss: Fix AM62L DSS reg and clock constraints"
Previous message: Jeff Layton: "Re: [PATCH v2 1/3] mm: kick writeback flusher instead of inline flush for IOCB_DONTCACHE"
Next in thread: Kameron Carr: "RE: [RFC PATCH] arm64: mm: support set_memory_encrypted/decrypted for vmalloc addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Catalin Marinas

Date: Fri Apr 10 2026 - 07:11:22 EST

On Mon, Apr 06, 2026 at 02:33:17PM -0700, Kameron Carr wrote:
> Currently __set_memory_enc_dec() only handles linear map (lm) addresses
> and returns -EINVAL for anything else. This means callers using
> vmalloc'd buffers cannot mark memory as shared/protected with the RMM
> via set_memory_decrypted()/set_memory_encrypted().
>
> Extend the implementation to handle vmalloc (non-linear-map) addresses
> by introducing __set_va_addr_enc_dec(). For vmalloc addresses, the page
> table entries are not contiguous in the physical address space, so the
> function walks the vm_area's pages array and issues per-page RSI calls
> to transition each page between shared and protected states.
>
> The original linear-map path is factored out into __set_lm_addr_enc_dec(),
> and __set_memory_enc_dec() now dispatches to the appropriate helper based
> on whether the address is a linear map address.

Could you give more details about the user of set_memory_decrypted() on
vmalloc()'ed addresses? I think this came up in the past and I wondered
whether something like GFP_DECRYPTED would be simpler to implement (even
posted a hack but without vmalloc() support). If it is known upfront
that the memory will be decrypted, it's easier/cheaper to do this on the
page allocation time to change the linear map and just use
pgprot_decrypted() for vmap(). No need to rewrite the page table after
mapping the pages.

--
Catalin