> From: Zhao, Yan Y <yan.y.zhao@xxxxxxxxx> > Sent: Tuesday, May 7, 2024 2:21 PM > > + > +/* > + * Flush a reserved page or !pfn_valid() PFN. > + * Flush is not performed if the PFN is accessed in uncacheable type. i.e. > + * - PAT type is UC/UC-/WC when PAT is enabled > + * - MTRR type is UC/WC/WT/WP when PAT is not enabled. > + * (no need to do CLFLUSH though WT/WP is cacheable). > + */ As long as a page is cacheable (being WB/WT/WP) the malicious guest can always use non-coherent DMA to make cache/memory inconsistent, hence clflush is still required after unmapping such page from the IOMMU page table to avoid leaking the inconsistency state back to the host. > + > +/** > + * arch_clean_nonsnoop_dma - flush a cache range for non-coherent DMAs > + * (DMAs that lack CPU cache snooping). > + * @phys_addr: physical address start > + * @length: number of bytes to flush > + */ > +void arch_clean_nonsnoop_dma(phys_addr_t phys_addr, size_t length) > +{ > + unsigned long nrpages, pfn; > + unsigned long i; > + > + pfn = PHYS_PFN(phys_addr); > + nrpages = PAGE_ALIGN((phys_addr & ~PAGE_MASK) + length) >> > PAGE_SHIFT; > + > + for (i = 0; i < nrpages; i++, pfn++) > + clflush_pfn(pfn); > +} > +EXPORT_SYMBOL_GPL(arch_clean_nonsnoop_dma); this is not a good name. The code has nothing to do with nonsnoop dma aspect. It's just a general helper accepting a physical pfn to flush CPU cache, with nonsnoop dma as one potential caller usage. It's clearer to be arch_flush_cache_phys(). and probably drm_clflush_pages() can be converted to use this helper too.