Re: [PATCH kernel 4/9] dma/swiotlb: Stop forcing SWIOTLB for TDISP devices
From: Robin Murphy
Date: Wed Feb 25 2026 - 11:52:00 EST
On 2026-02-25 5:37 am, Alexey Kardashevskiy wrote:
SWIOTLB is enforced when encrypted guest memory is detected
in pci_swiotlb_detect() which is required for legacy devices.
Skip SWIOTLB for TDISP devices.
Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxx>
---
include/linux/swiotlb.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/include/linux/swiotlb.h b/include/linux/swiotlb.h
index 3dae0f592063..119c25d639a7 100644
--- a/include/linux/swiotlb.h
+++ b/include/linux/swiotlb.h
@@ -173,6 +173,15 @@ static inline bool is_swiotlb_force_bounce(struct device *dev)
{
struct io_tlb_mem *mem = dev->dma_io_tlb_mem;
+ /*
+ * CC_ATTR_GUEST_MEM_ENCRYPT enforces SWIOTLB_FORCE in
+ * swiotlb_init_remap() to allow legacy devices access arbitrary
+ * VM encrypted memory.
+ * Skip it for TDISP devices capable of DMA-ing the encrypted memory.
+ */
+ if (device_cc_accepted(dev))
+ return false;
This seems backwards - how does it make sense for arch code to force SWIOTLB globally on the grounds that all DMA must be to shared memory, but then generic code override that because it claims to know better?
I'd expect to see something more like:
if (is_cc_platform && !device_cc_accepted)
return true;
here, and then get rid of the rest of the (ab)use of SWIOTLB_FORCE for this purpose entirely.
However there is the fiddly aspect that it's not necessarily strictly enough to just un-force SWIOTLB; we really want to actively ensure that no private memory can *ever* end up getting bounced through a shared SWIOTLB buffer. The private/shared state is really a property of the individual DMA mappings, though, rather than an overall property of the device itself (since a device that's trusted to access private memory isn't necessarily prohibited from still also accessing shared memory as well), hmmm...
Thanks,
Robin.
+
return mem && mem->force_bounce;
}