Thu, Mar 12, 2026 at 01:06:06PM +0100, [email protected] wrote: >On Thu, Mar 12, 2026 at 10:03:37AM +0100, Jiri Pirko wrote: >> >Alot of device MMIO is decrypted by nature and can't be encrypted, so >> >you'd have to use both flags. eg in VFIO we'd want to do this. >> >> Why both flags? Why MMIO flag is not enough? You still want to hit >> "if (attrs & DMA_ATTR_MMIO) {" path, don't you? > >Because we will eventually have both decrypted and encrypted MMIO. > >> I mean, CC_DECRYPTED says the memory to be mapped was explicitly >> decrypted before the call. MMIO was not explicitly decrypted, it is >> decrypted by definition. For me that does not fit the CC_DECRYPTED >> semantics. > >I would say CC_DECRYPTED means that pgprot_decrypted must be used to >form a PTE, and !CC_DECRYPTED means that pgprot_encrypted() was used > >This flag should someday flow down into the vIOMMU driver and set the >corresponding C bit the IOPTE (for AMD) exactly as the pgprot does. > >Less about set_memory_encrypted as that is only for DRAM.
Okay, that makes sense. Thanks!
