> From: Zhao, Yan Y <yan.y.zhao@xxxxxxxxx>
> Sent: Tuesday, May 7, 2024 2:21 PM
>
> +
> +/*
> + * Flush a reserved page or !pfn_valid() PFN.
> + * Flush is not performed if the PFN is accessed in uncacheable type. i.e.
> + * - PAT type is UC/UC-/WC when PAT is enabled
> + * - MTRR type is UC/WC/WT/WP when PAT is not enabled.
> + * (no need to do CLFLUSH though WT/WP is cacheable).
> + */
As long as a page is cacheable (being WB/WT/WP) the malicious
guest can always use non-coherent DMA to make cache/memory
inconsistent, hence clflush is still required after unmapping such
page from the IOMMU page table to avoid leaking the inconsistency
state back to the host.
> +
> +/**
> + * arch_clean_nonsnoop_dma - flush a cache range for non-coherent DMAs
> + * (DMAs that lack CPU cache snooping).
> + * @phys_addr: physical address start
> + * @length: number of bytes to flush
> + */
> +void arch_clean_nonsnoop_dma(phys_addr_t phys_addr, size_t length)
> +{
> + unsigned long nrpages, pfn;
> + unsigned long i;
> +
> + pfn = PHYS_PFN(phys_addr);
> + nrpages = PAGE_ALIGN((phys_addr & ~PAGE_MASK) + length) >>
> PAGE_SHIFT;
> +
> + for (i = 0; i < nrpages; i++, pfn++)
> + clflush_pfn(pfn);
> +}
> +EXPORT_SYMBOL_GPL(arch_clean_nonsnoop_dma);
this is not a good name. The code has nothing to do with nonsnoop
dma aspect. It's just a general helper accepting a physical pfn to flush
CPU cache, with nonsnoop dma as one potential caller usage.
It's clearer to be arch_flush_cache_phys().
and probably drm_clflush_pages() can be converted to use this
helper too.
