[PATCH v6 00/20] dma-mapping: Use DMA_ATTR_CC_SHARED through direct, pool and swiotlb paths
Jason Gunthorpe
jgg at ziepe.ca
Mon Jul 6 12:52:08 PDT 2026
On Mon, Jul 06, 2026 at 01:45:33PM -0500, Tom Lendacky wrote:
> In that situation, with SME enabled on the host, the SWIOTLB must be
> mapped by the kernel without the encryption bit set and DMA addresses
> must be provided to devices without the encryption bit set. This is
> because if SWIOTLB is mapped encrypted, requiring the encryption bit be
> part of the DMA address, any device that cannot perform DMA at the
> address width where the encryption bit exists will fail to DMA properly.
Ideally there would be two SWIOTLBs and "decrypted" aka low address,
one is only used if the device requires it.
Alternatively we don't support this questionable security choice and
using swiotlb with an incapable device just fails. Use the iommu, or
don't force swiotlb.
Jason
More information about the linux-arm-kernel
mailing list