From: Jiri Pirko jiri@nvidia.com
Confidential computing (CoCo) VMs/guests, such as AMD SEV and Intel TDX, run with encrypted/protected memory which creates a challenge for devices that do not support DMA to it (no TDISP support).
For kernel-only DMA operations, swiotlb bounce buffering provides a transparent solution by copying data through decrypted memory. However, the only way to get this memory into userspace is via the DMA API's dma_alloc_pages()/dma_mmap_pages() type interfaces which limits the use of the memory to a single DMA device, and is incompatible with pin_user_pages().
These limitations are particularly problematic for the RDMA subsystem which makes heavy use of pin_user_pages() and expects flexible memory usage between many different DMA devices.
This patch series enables userspace to explicitly request decrypted (shared) memory allocations from the dma-buf system heap. Userspace can mmap this memory and pass the dma-buf fd to other existing importers such as RDMA or DRM devices to access the memory. The DMA API is improved to allow the dma heap exporter to DMA map the shared memory to each importing device.
Jiri Pirko (5): dma-mapping: avoid random addr value print out on error path dma-mapping: introduce DMA_ATTR_CC_DECRYPTED for pre-decrypted memory dma-buf: heaps: use designated initializer for exp_info dma-buf: heaps: allow heap to specify valid heap flags dma-buf: heaps: system: add an option to allocate explicitly decrypted memory
drivers/dma-buf/dma-heap.c | 5 +- drivers/dma-buf/heaps/cma_heap.c | 7 ++- drivers/dma-buf/heaps/system_heap.c | 96 ++++++++++++++++++++++++++--- include/linux/dma-heap.h | 3 + include/linux/dma-mapping.h | 7 +++ include/trace/events/dma.h | 3 +- include/uapi/linux/dma-heap.h | 12 +++- kernel/dma/direct.h | 14 ++++- 8 files changed, 128 insertions(+), 19 deletions(-)