Re: [PATCH v3 3/3] arm64: realm: Use aliased addresses for device DMA to shared buffers

[Suzuki K Poulose]

On 27/02/2025 16:05, Catalin Marinas wrote:
> On Thu, Feb 27, 2025 at 02:41:50PM +0000, Suzuki K Poulose wrote:
> > When a device performs DMA to a shared buffer using physical addresses,
> > (without Stage1 translation), the device must use the "{I}PA address" with the
> > top bit set in Realm. This is to make sure that a trusted device will be able
> > to write to shared buffers as well as the protected buffers. Thus, a Realm must
> > always program the full address including the "protection" bit, like AMD SME
> > encryption bits.
> >
> > Enable this by providing arm64 specific dma_addr_{encrypted, canonical}
> > helpers for Realms. Please note that the VMM needs to similarly make sure that
> > the SMMU Stage2 in the Non-secure world is setup accordingly to map IPA at the
> > unprotected alias.
> >
> > Cc: Will Deacon <will@xxxxxxxxxx>
> > Cc: Jean-Philippe Brucker <jean-philippe@xxxxxxxxxx>
> > Cc: Catalin Marinas <catalin.marinas@xxxxxxx>
> > Cc: Robin Murphy <robin.murphy@xxxxxxx>
> > Cc: Steven Price <steven.price@xxxxxxx>
> > Cc: Christoph Hellwig <hch@xxxxxx>
> > Cc: Marek Szyprowski <m.szyprowski@xxxxxxxxxxx>
> > Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> > Cc: Aneesh Kumar K.V <aneesh.kumar@xxxxxxxxxx>
> > Signed-off-by: Suzuki K Poulose <suzuki.poulose@xxxxxxx>
>
> In case this goes in via the DMA API tree:
>
> Acked-by: Catalin Marinas <catalin.marinas@xxxxxxx>

Thanks Catalin.

> (we could bikeshed on the names like unencrypted vs decrypted but I'm
> not fussed about)

It was initially decrypted, but Robin suggested that the DMA layer 
already uses "encrypted" and "unencrypted" (e.g., 
force_dma_unencrypted(), phys_to_dma_unencrypted() etc)

Cheers
Suzuki