Re: [PATCH v6 00/20] dma-mapping: Use DMA_ATTR_CC_SHARED through direct, pool and swiotlb paths
From: Aneesh Kumar K.V <aneesh.kumar@kernel.org>
Date: 2026-06-29 09:51:32
Also in:
linux-arm-kernel, linux-coco, linux-iommu, linux-s390, lkml
Subsystem:
dma mapping helpers, the rest · Maintainers:
Marek Szyprowski, Linus Torvalds
Alexey, Aneesh Kumar K.V [off-list ref] writes:
The current code already does this and uses the swiotlb pool correctly
on SME. The challenge arises when we want to force SWIOTLB
bouncing even for devices that can handle encrypted DMA addresses (more
on that below). For such a config force_dma_uencrypted(dev) will return
false and swiotlb will be marked cc_shared/decrypted = true; This trip
the new check we added.
/* swiotlb pool is incorrect for this device */
if (unlikely(mem->cc_shared != force_dma_unencrypted(dev)))
return (phys_addr_t)DMA_MAPPING_ERROR;
We can also do
if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) {
/* swiotlb pool is incorrect for this device */
if (unlikely(mem->cc_shared != force_dma_unencrypted(dev)))
return (phys_addr_t)DMA_MAPPING_ERROR;
/* Force attrs to match the kind of memory in the pool */
if (mem->cc_shared)
*attrs |= DMA_ATTR_CC_SHARED;
else
*attrs &= ~DMA_ATTR_CC_SHARED;
} else {
/*
* Host memory encryption where device requires an
* unencrypted dma_addr_t due to dma mask limit
*/
if (force_dma_unencrypted(dev))
*attrs |= DMA_ATTR_CC_SHARED;
else
*attrs &= ~DMA_ATTR_CC_SHARED;
}
Here I see value in having DMA_ATTR_UNENCRYPTED. The question is do we
need to split this into two flags and introduce the resulting code
duplication.
Can you help to test this patch?
commit 0275ed870ff8dadb4890fe8342e84b294f657c43
Author: Aneesh Kumar K.V (Arm) [off-list ref]
Date: Mon Jun 29 11:55:08 2026 +0530
swiotlb: Return unencrypted DMA addresses for SME bounce buffers
On hosts with memory encryption, the default swiotlb pool is marked shared
and decrypted when memory encryption is active.
Make host-memory-encryption swiotlb mappings consistently return
unencrypted DMA addresses. This applies regardless of whether the device
itself requires unencrypted DMA due to its DMA mask, because the bounce
buffer memory backing the mapping is already unencrypted. It also preserves
swiotlb=force for devices that can address encrypted memory: forced bounce
mappings use the unencrypted swiotlb pool and receive unencrypted DMA
addresses.
Signed-off-by: Aneesh Kumar K.V (Arm) [off-list ref]
diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
index a62e1571ec95..9ba23cf8d97b 100644
--- a/kernel/dma/swiotlb.c
+++ b/kernel/dma/swiotlb.c@@ -1514,15 +1514,26 @@ phys_addr_t swiotlb_tbl_map_single(struct device *dev, phys_addr_t orig_addr, if (cc_platform_has(CC_ATTR_MEM_ENCRYPT)) pr_warn_once("Memory encryption is active and system is using DMA bounce buffers\n"); - /* swiotlb pool is incorrect for this device */ - if (unlikely(mem->cc_shared != force_dma_unencrypted(dev))) - return (phys_addr_t)DMA_MAPPING_ERROR; + if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) { + /* swiotlb pool is incorrect for this device */ + if (unlikely(mem->cc_shared != force_dma_unencrypted(dev))) + return (phys_addr_t)DMA_MAPPING_ERROR; - /* Force attrs to match the kind of memory in the pool */ - if (mem->cc_shared) + /* Force attrs to match the kind of memory in the pool */ + if (mem->cc_shared) + *attrs |= DMA_ATTR_CC_SHARED; + else + *attrs &= ~DMA_ATTR_CC_SHARED; + } else if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) { + /* + * On hosts with memory encryption, SWIOTLB-backed memory + * is unencrypted memory. DMA addresses returned for bounce + * buffers must therefore have the C-bit cleared, even for + * devices that can address encrypted memory. This also + * preserves swiotlb=force for those devices. + */ *attrs |= DMA_ATTR_CC_SHARED; - else - *attrs &= ~DMA_ATTR_CC_SHARED; + } /* * The default swiotlb memory pool is allocated with PAGE_SIZE