dma-mapping: Fix dma_pgprot() for unencrypted coherent pages
[ Upstream commit 17c4a2ae15
]
When dma_mmap_coherent() sets up a mapping to unencrypted coherent memory
under SEV encryption and sometimes under SME encryption, it will actually
set up an encrypted mapping rather than an unencrypted, causing devices
that DMAs from that memory to read encrypted contents. Fix this.
When force_dma_unencrypted() returns true, the linear kernel map of the
coherent pages have had the encryption bit explicitly cleared and the
page content is unencrypted. Make sure that any additional PTEs we set
up to these pages also have the encryption bit cleared by having
dma_pgprot() return a protection with the encryption bit cleared in this
case.
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lkml.kernel.org/r/20200304114527.3636-3-thomas_os@shipmail.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
aa04e8d359
commit
e88ee287fd
|
@ -169,6 +169,8 @@ EXPORT_SYMBOL(dma_get_sgtable_attrs);
|
||||||
*/
|
*/
|
||||||
pgprot_t dma_pgprot(struct device *dev, pgprot_t prot, unsigned long attrs)
|
pgprot_t dma_pgprot(struct device *dev, pgprot_t prot, unsigned long attrs)
|
||||||
{
|
{
|
||||||
|
if (force_dma_unencrypted(dev))
|
||||||
|
prot = pgprot_decrypted(prot);
|
||||||
if (dev_is_dma_coherent(dev) ||
|
if (dev_is_dma_coherent(dev) ||
|
||||||
(IS_ENABLED(CONFIG_DMA_NONCOHERENT_CACHE_SYNC) &&
|
(IS_ENABLED(CONFIG_DMA_NONCOHERENT_CACHE_SYNC) &&
|
||||||
(attrs & DMA_ATTR_NON_CONSISTENT)))
|
(attrs & DMA_ATTR_NON_CONSISTENT)))
|
||||||
|
|
Loading…
Reference in New Issue