From: Jiri Pirko <[email protected]>
Confidential computing (CoCo) VMs/guests, such as AMD SEV and Intel TDX,
run with encrypted/protected memory which creates a challenge
for devices that do not support DMA to it (no TDISP support).
For kernel-only DMA operations, swiotlb bounce buffering provides a
transparent solution by copying data through decrypted memory.
However, the only way to get this memory into userspace is via the DMA
API's dma_alloc_pages()/dma_mmap_pages() type interfaces which limits
the use of the memory to a single DMA device, and is incompatible with
pin_user_pages().
These limitations are particularly problematic for the RDMA subsystem
which makes heavy use of pin_user_pages() and expects flexible memory
usage between many different DMA devices.
This patch series enables userspace to explicitly request decrypted
(shared) memory allocations from the dma-buf system heap.
Userspace can mmap this memory and pass the dma-buf fd to other
existing importers such as RDMA or DRM devices to access the
memory. The DMA API is improved to allow the dma heap exporter to DMA
map the shared memory to each importing device.
Jiri Pirko (5):
dma-mapping: avoid random addr value print out on error path
dma-mapping: introduce DMA_ATTR_CC_DECRYPTED for pre-decrypted memory
dma-buf: heaps: use designated initializer for exp_info
dma-buf: heaps: allow heap to specify valid heap flags
dma-buf: heaps: system: add an option to allocate explicitly decrypted
memory
drivers/dma-buf/dma-heap.c | 5 +-
drivers/dma-buf/heaps/cma_heap.c | 7 ++-
drivers/dma-buf/heaps/system_heap.c | 96 ++++++++++++++++++++++++++---
include/linux/dma-heap.h | 3 +
include/linux/dma-mapping.h | 7 +++
include/trace/events/dma.h | 3 +-
include/uapi/linux/dma-heap.h | 12 +++-
kernel/dma/direct.h | 14 ++++-
8 files changed, 128 insertions(+), 19 deletions(-)
--
2.51.1
