Commit 18792e99 authored Feb 07, 2023 by Vasant Hegde Committed by Joerg Roedel Feb 16, 2023

iommu/amd: Do not identity map v2 capable device when snp is enabled



Flow:
  - Booted system with SNP enabled, memory encryption off and
    IOMMU DMA translation mode
  - AMD driver detects v2 capable device and amd_iommu_def_domain_type()
    returns identity mode
  - amd_iommu_domain_alloc() returns NULL an SNP is enabled
  - System will fail to register device

On SNP enabled system, passthrough mode is not supported. IOMMU default
domain is set to translation mode. We need to return zero from
amd_iommu_def_domain_type() so that it allocates translation domain.

Fixes: fb2accad ("iommu/amd: Introduce function to check and enable SNP")
CC: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Vasant Hegde <vasant.hegde@amd.com>
Link: https://lore.kernel.org/r/20230207091752.7656-1-vasant.hegde@amd.com


Signed-off-by: Joerg Roedel <jroedel@suse.de>

parent b6b26d86

drivers/iommu/amd/iommu.c

+9 −4

Original line number	Diff line number	Diff line
		@@ -2403,12 +2403,17 @@ static int amd_iommu_def_domain_type(struct device *dev)
		return 0;

		/*
		* Do not identity map IOMMUv2 capable devices when memory encryption is
		* active, because some of those devices (AMD GPUs) don't have the
		* encryption bit in their DMA-mask and require remapping.
		* Do not identity map IOMMUv2 capable devices when:
		* - memory encryption is active, because some of those devices
		* (AMD GPUs) don't have the encryption bit in their DMA-mask
		* and require remapping.
		* - SNP is enabled, because it prohibits DTE[Mode]=0.
		*/
		if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT) && dev_data->iommu_v2)
		if (dev_data->iommu_v2 &&
		!cc_platform_has(CC_ATTR_MEM_ENCRYPT) &&
		!amd_iommu_snp_en) {
		return IOMMU_DOMAIN_IDENTITY;
		}

		return 0;
		}