[AMD Public Use]
+ Felix, Christian
> -Original Message-
> From: Joerg Roedel
> Sent: Monday, August 24, 2020 6:54 AM
> To: iommu@lists.linux-foundation.org
> Cc: Joerg Roedel ; jroe...@suse.de; Lendacky, Thomas
> ; Suthikulpanit, Suravee
> ; Deucher, Alexander
> ; linux-ker...@vger.kernel.org
> Subject: [PATCH 1/2] iommu/amd: Do not force direct mapping when SME is
> active
>
> From: Joerg Roedel
>
> Do not force devices supporting IOMMUv2 to be direct mapped when
> memory encryption is active. This might cause them to be unusable because
> their DMA mask does not include the encryption bit.
>
> Signed-off-by: Joerg Roedel
> ---
> drivers/iommu/amd/iommu.c | 7 ++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
> index ba9f3dbc5b94..77e4268e41cf 100644
> --- a/drivers/iommu/amd/iommu.c
> +++ b/drivers/iommu/amd/iommu.c
> @@ -2659,7 +2659,12 @@ static int amd_iommu_def_domain_type(struct
> device *dev)
> if (!dev_data)
> return 0;
>
> - if (dev_data->iommu_v2)
> + /*
> + * Do not identity map IOMMUv2 capable devices when memory
> encryption is
> + * active, because some of those devices (AMD GPUs) don't have the
> + * encryption bit in their DMA-mask and require remapping.
> + */
I think on the integrated GPUs in APUs I'd prefer to have the identity mapping
over SME, but I guess this is fine because you have to explicitly enable SME
and if you do that you know what you are getting into.
Alex
> + if (!mem_encrypt_active() && dev_data->iommu_v2)
> return IOMMU_DOMAIN_IDENTITY;
>
> return 0;
> --
> 2.28.0
___
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu