+ Felix

From: Joerg Roedel <joro@8bytes.org>
Sent: Monday, August 24, 2020 6:54 AM
To: iommu@lists.linux-foundation.org <iommu@lists.linux-foundation.org>
Cc: Joerg Roedel <joro@8bytes.org>; jroedel@suse.de <jroedel@suse.de>; Lendacky, Thomas <Thomas.Lendacky@amd.com>; Suthikulpanit, Suravee <Suravee.Suthikulpanit@amd.com>; Deucher, Alexander <Alexander.Deucher@amd.com>; linux-kernel@vger.kernel.org <linux-kernel@vger.kernel.org>
Subject: [PATCH 0/2] iommu/amd: Fix IOMMUv2 devices when SME is active

From: Joerg Roedel <jroedel@suse.de>

Hi,

Some IOMMUv2 capable devices do not work correctly when SME is
active, because their DMA mask does not include the encryption bit, so
that they can not DMA to encrypted memory directly.

The IOMMU can jump in here, but the AMD IOMMU driver puts IOMMUv2
capable devices into an identity mapped domain. Fix that by not
forcing an identity mapped domain on devices when SME is active and
forbid using their IOMMUv2 functionality.

Please review.

Thanks,

Joerg

Joerg Roedel (2):
iommu/amd: Do not force direct mapping when SME is active
iommu/amd: Do not use IOMMUv2 functionality when SME is active

drivers/iommu/amd/iommu.c | 7 ++++++-
drivers/iommu/amd/iommu_v2.c | 7 +++++++
2 files changed, 13 insertions(+), 1 deletion(-)

--
2.28.0