[PATCH v4 0/9] iommu/amd: Enforce IOMMU restrictions for SNP-enabled system

From: Suravee Suthikulpanit
Date: Wed Jul 13 2022 - 18:57:20 EST

Next message: Suravee Suthikulpanit: "[PATCH v4 3/9] iommu/amd: Introduce global variable for storing common EFR and EFR2"
Previous message: Guenter Roeck: "Re: Linux 5.19-rc6"
Next in thread: Suravee Suthikulpanit: "[PATCH v4 3/9] iommu/amd: Introduce global variable for storing common EFR and EFR2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To support the new AMD Secure Nested Paging (SNP) feature, AMD IOMMU driver
needs to be modified to comply with new restrictions enforced by the SNP
feature.

The SNP feature detection needs to happen early in the IOMMU driver
initialization, and the feature must be supported across all IOMMUs.

To simplify the detection process, this series introduces global variables
for tracking IOMMU Extended Feature Registers (EFR and EFR2), which store
common feature bits across all IOMMUs. These global variables are available
as soon as the IVRS table is parsed, which happens at the beginning of
the driver initialization. Therefore, they can be used for early detection
of SNP feature. (See patch 2 - 5)

Once the feature is detected, IOMMU driver needs to be informed when the
feature system-wide. Therefor, the function amd_iommu_snp_enable() is
introduced in patch 6, and will be called by SEV-SNP driver.

When IOMMU driver initializing the device table entries (DTEs), care must
be taken when setting up the DTE[TV] bit on SNP-enabled system.
(See patch 7)

Lastly, an SNP-enabled system requires IOMMU v1 page table to be configured
with non-zero DTE[Mode] for DMA-capable devices. This affects a number of
use cases such as IOMMU pass-through mode and AMD IOMMUv2 APIs for binding/
unbinding pasid cannot be supported with SNP. These are handled in patch 8
and 9.

Testing:
- Tested booting and verify dmesg.
- Tested booting with iommu=pt
- Tested changing the iommu domain to identity at runtime
- Tested loading amd_iommu_v2 driver
- Tested booting SEV/SNP-enabled guest
- Tested when CONFIG_AMD_MEM_ENCRYPT is not set

Chanages from v3:
(https://www.spinics.net/lists/kernel/msg4409539.html)
- Patch 1, 2, and 5 are new.
- Patch 3: Modify to use global common EFR/EFR2 vaiable
when tracking supported features.

Best Regards,
Suravee

Brijesh Singh (1):
iommu/amd: Introduce function to check and enable SNP

Suravee Suthikulpanit (8):
iommu/amd: Change macro for IOMMU control register bit shift to
decimal value
iommu/amd: Introduce Support for Extended Feature 2 Register
iommu/amd: Introduce global variable for storing common EFR and EFR2
iommu/amd: Process all IVHDs before enabling IOMMU features
iommu/amd: Globally detect SNP support
iommu/amd: Set translation valid bit only when IO page tables are in
use
iommu/amd: Do not support IOMMU_DOMAIN_IDENTITY after SNP is enabled
iommu/amd: Do not support IOMMUv2 APIs when SNP is enabled

drivers/iommu/amd/amd_iommu.h | 5 +
drivers/iommu/amd/amd_iommu_types.h | 46 +++++----
drivers/iommu/amd/init.c | 153 +++++++++++++++++++++++-----
drivers/iommu/amd/iommu.c | 24 ++++-
include/linux/amd-iommu.h | 4 +
5 files changed, 183 insertions(+), 49 deletions(-)

--
2.32.0

Next message: Suravee Suthikulpanit: "[PATCH v4 3/9] iommu/amd: Introduce global variable for storing common EFR and EFR2"
Previous message: Guenter Roeck: "Re: Linux 5.19-rc6"
Next in thread: Suravee Suthikulpanit: "[PATCH v4 3/9] iommu/amd: Introduce global variable for storing common EFR and EFR2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]