[PATCH v2 0/2] iommu/amd: Avoid setting C-bit for MMIO addresses

[Wei Wang]

When SME is enabled, iommu_v1_map_pages() currently sets the C-bit for
all physical addresses. This is correct for system RAM, since the C-bit is
required by SME to indicate encrypted memory and ensure proper
encryption/decryption.

However, applying the C-bit to MMIO addresses is incorrect. Devices and
PCIe switches do not interpret the C-bit currently, and doing so can break
PCIe peer-to-peer communication. To prevent this, avoid setting the C-bit
when the physical address is backed by MMIO.

Note: this patchset only updates vfio_iommu_type1. Corresponding changes
to iommufd to pass the IOMMU_MMIO prot flag will be added if this approach
is accepted.

v1->v2 changes:
- 1 used page_is_ram() in the AMD IOMMU driver to detect non-RAM
  addresses, avoiding changes to upper-layer callers (vfio and iommufd).
  v2 instead lets upper layers explicitly indicate MMIO mappings via the
  IOMMU_MMIO prot flag. This avoids the potential overhead of
  page_is_ram(). (suggested by Jason Gunthorpe) 
  v1 link: https://lkml.org/lkml/2025/10/23/1211

Wei Wang (2):
  iommu/amd: Add IOMMU_PROT_IE flag for memory encryption
  vfio/type1: Set IOMMU_MMIO in dma->prot for MMIO-backed addresses

 drivers/iommu/amd/amd_iommu_types.h |  3 ++-
 drivers/iommu/amd/io_pgtable.c      |  7 +++++--
 drivers/iommu/amd/iommu.c           |  2 ++
 drivers/vfio/vfio_iommu_type1.c     | 14 +++++++++-----
 4 files changed, 18 insertions(+), 8 deletions(-)

-- 
2.51.1