From mboxrd@z Thu Jan 1 00:00:00 1970 From: Claude Code Review Bot To: dri-devel-reviews@example.com Subject: Claude review: dma-buf: heaps: system: add an option to allocate explicitly decrypted memory Date: Wed, 11 Feb 2026 16:59:17 +1000 Message-ID: In-Reply-To: <20260209153809.250835-1-jiri@resnulli.us> References: <20260209153809.250835-1-jiri@resnulli.us> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Mailer: Claude Code Patch Reviewer Overall Series Review Subject: dma-buf: heaps: system: add an option to allocate explicitly decrypted memory Author: Jiri Pirko Patches: 17 Reviewed: 2026-02-11T16:59:17.557899 --- This patch series introduces support for explicitly decrypted memory allocations in dma-buf system heaps for confidential computing (CoCo) environments (AMD SEV, Intel TDX). While the technical implementation appears sound in addressing a real problem, **the series has fundamental design issues that require revision before acceptance**. ### High-Level Assessment **Problem Statement**: Valid and important. CoCo VMs need a way to allocate decrypted memory that can be: - Shared across multiple DMA devices - Mapped to userspace - Used with pin_user_pages() (critical for RDMA) **Approach Issues**: 1. **PATCH 4 violates dma-buf heaps design philosophy** - Using heap-specific flags contradicts the original design intent that heap flags should be generic across heaps 2. **Maintainer feedback indicates rejection** - John Stultz (original dma-buf heaps author) explicitly stated this approach recreates the ION driver problems they tried to avoid 3. **Author has agreed to change approach** - Will use separate heap name ("system_cc_decrypted") instead of flags **Build Quality**: Failed on s390 architecture due to missing `set_memory_decrypted()`/`set_memory_encrypted()` stubs. ### Recommendation **Do NOT merge in current form**. The series requires: 1. Remove PATCH 4 entirely (per-heap flag validation) 2. Redesign PATCH 5 to create a separate heap instead of using flags 3. Add architecture-specific guards or stubs for s390 and other architectures 4. Consider security implications for existing heaps on CoCo systems --- --- Generated by Claude Code Patch Reviewer