RE: [PATCH 1/2] iommu/amd: Do not force direct mapping when SME is active
From: Deucher, Alexander
Date: Wed Aug 26 2020 - 10:24:42 EST
[AMD Public Use]
+ Felix, Christian
> -----Original Message-----
> From: Joerg Roedel <joro@xxxxxxxxxx>
> Sent: Monday, August 24, 2020 6:54 AM
> To: iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx
> Cc: Joerg Roedel <joro@xxxxxxxxxx>; jroedel@xxxxxxx; Lendacky, Thomas
> <Thomas.Lendacky@xxxxxxx>; Suthikulpanit, Suravee
> <Suravee.Suthikulpanit@xxxxxxx>; Deucher, Alexander
> <Alexander.Deucher@xxxxxxx>; linux-kernel@xxxxxxxxxxxxxxx
> Subject: [PATCH 1/2] iommu/amd: Do not force direct mapping when SME is
> active
>
> From: Joerg Roedel <jroedel@xxxxxxx>
>
> Do not force devices supporting IOMMUv2 to be direct mapped when
> memory encryption is active. This might cause them to be unusable because
> their DMA mask does not include the encryption bit.
>
> Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
> ---
> drivers/iommu/amd/iommu.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
> index ba9f3dbc5b94..77e4268e41cf 100644
> --- a/drivers/iommu/amd/iommu.c
> +++ b/drivers/iommu/amd/iommu.c
> @@ -2659,7 +2659,12 @@ static int amd_iommu_def_domain_type(struct
> device *dev)
> if (!dev_data)
> return 0;
>
> - if (dev_data->iommu_v2)
> + /*
> + * Do not identity map IOMMUv2 capable devices when memory
> encryption is
> + * active, because some of those devices (AMD GPUs) don't have the
> + * encryption bit in their DMA-mask and require remapping.
> + */
I think on the integrated GPUs in APUs I'd prefer to have the identity mapping over SME, but I guess this is fine because you have to explicitly enable SME and if you do that you know what you are getting into.
Alex
> + if (!mem_encrypt_active() && dev_data->iommu_v2)
> return IOMMU_DOMAIN_IDENTITY;
>
> return 0;
> --
> 2.28.0