Jason Gunthorpe <[email protected]> writes:

> On Wed, Jul 01, 2026 at 11:19:15AM +0530, Aneesh Kumar K.V (Arm) wrote:
>> -static int atomic_pool_expand(struct gen_pool *pool, size_t pool_size,
>> +static int atomic_pool_expand(struct dma_gen_pool *dma_pool, size_t 
>> pool_size,
>>                            gfp_t gfp)
>>  {
>>      unsigned int order;
>> @@ -114,14 +120,17 @@ static int atomic_pool_expand(struct gen_pool *pool, 
>> size_t pool_size,
>>       * Memory in the atomic DMA pools must be unencrypted, the pools do not
>>       * shrink so no re-encryption occurs in dma_direct_free().
>>       */
>> -    ret = set_memory_decrypted((unsigned long)page_to_virt(page),
>> -                               1 << order);
>> -    if (ret) {
>> -            leak_pages = true;
>> -            goto remove_mapping;
>> +    if (dma_pool->cc_shared) {
>> +            ret = set_memory_decrypted((unsigned long)page_to_virt(page),
>> +                                       1 << order);
>> +            if (ret) {
>> +                    leak_pages = true;
>> +                    goto remove_mapping;
>> +            }
>>      }
>> -    ret = gen_pool_add_virt(pool, (unsigned long)addr, page_to_phys(page),
>> -                            pool_size, NUMA_NO_NODE);
>> +
>> +    ret = gen_pool_add_virt(dma_pool->pool, (unsigned long)addr,
>> +                            page_to_phys(page), pool_size, NUMA_NO_NODE);
>>      if (ret)
>>              goto encrypt_mapping;
>>  
>> @@ -129,12 +138,10 @@ static int atomic_pool_expand(struct gen_pool *pool, 
>> size_t pool_size,
>>      return 0;
>>  
>>  encrypt_mapping:
>> -    ret = set_memory_encrypted((unsigned long)page_to_virt(page),
>> -                               1 << order);
>> -    if (WARN_ON_ONCE(ret)) {
>> -            /* Decrypt succeeded but encrypt failed, purposely leak */
>> +    if (dma_pool->cc_shared &&
>> +        set_memory_encrypted((unsigned long)page_to_virt(page), 1 << order))
>>              leak_pages = true;
>> -    }
>> +
>
> Was it intentional to remove the WARN_ON and comment ?

That WARN_ON() was a bit inconsistent. Not all page leaks due to
encrypt/decrypt failures triggered a warning, so I removed it.

If we want to warn about such failures, we should add the warning
consistently across the code. We may also want to handle decrypt
failures by encrypting the page again to avoid leaking it.

I will work on that as a tree-wide change in a separate patch.

-aneesh

Reply via email to