[PATCH 9/9] iommu/amd: Set default domain to IDENTITY_DOMAIN when running in SEV guest
From: Suravee Suthikulpanit
Date: Tue Apr 30 2024 - 11:27:04 EST
Since SEV guest depends on the unencrypted swiotlb bounce buffer
to support DMA, the guest AMD IOMMU driver must be force to setup to
pass-through mode.
Suggested-by: Thomas Lendacky <thomas.lendacky@xxxxxxx>
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>
---
drivers/iommu/amd/init.c | 15 +++++++++++++++
drivers/iommu/amd/iommu.c | 6 ++++++
2 files changed, 21 insertions(+)
diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c
index b3ff89952c7f..1dccf030f674 100644
--- a/drivers/iommu/amd/init.c
+++ b/drivers/iommu/amd/init.c
@@ -3179,6 +3179,20 @@ static bool __init detect_ivrs(void)
return true;
}
+static void iommu_sev_guest_enable(void)
+{
+ /*
+ * Force IOMMU default domain to pass-through for
+ * SEV guest since we cannot support DMA-remapping.
+ * Note: This check must be done after IOMMU_ENABLED state.
+ */
+ if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
+ return;
+
+ pr_info("Force pass-through for SEV guest\n");
+ iommu_set_default_passthrough(false);
+}
+
static void iommu_snp_enable(void)
{
#ifdef CONFIG_KVM_AMD_SEV
@@ -3247,6 +3261,7 @@ static int __init state_next(void)
break;
case IOMMU_ENABLED:
register_syscore_ops(&amd_iommu_syscore_ops);
+ iommu_sev_guest_enable();
iommu_snp_enable();
ret = amd_iommu_init_pci();
init_state = ret ? IOMMU_INIT_ERROR : IOMMU_PCI_INIT;
diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
index f98a10b7925b..c985d23c8528 100644
--- a/drivers/iommu/amd/iommu.c
+++ b/drivers/iommu/amd/iommu.c
@@ -2876,6 +2876,12 @@ static int amd_iommu_def_domain_type(struct device *dev)
return IOMMU_DOMAIN_IDENTITY;
}
+ /*
+ * Force identity map for SEV guest.
+ */
+ if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
+ return IOMMU_DOMAIN_IDENTITY;
+
return 0;
}
--
2.34.1