RE: [PATCH v2 1/2] iommu/amd: Add IOMMU_PROT_IE flag for memory encryption

From: Wei Wang
Date: Mon Nov 10 2025 - 20:39:05 EST

Next message: patchwork-bot+netdevbpf: "Re: [PATCH net] net: dsa: tag_brcm: do not mark link local traffic as offloaded"
Previous message: Greg Kroah-Hartman: "[PATCH 6.12 000/562] 6.12.58-rc2 review"
In reply to: Vasant Hegde: "Re: [PATCH v2 1/2] iommu/amd: Add IOMMU_PROT_IE flag for memory encryption"
Next in thread: Vasant Hegde: "Re: [PATCH v2 1/2] iommu/amd: Add IOMMU_PROT_IE flag for memory encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday, November 10, 2025 5:55 PM, Vasant Hegde wrote:
> To: Wei Wang <wei.w.wang@xxxxxxxxxxx>; alex@xxxxxxxxxxx;
> jgg@xxxxxxxxxx; suravee.suthikulpanit@xxxxxxx;
> thomas.lendacky@xxxxxxx; joro@xxxxxxxxxx
> Cc: kevin.tian@xxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx;
> iommu@xxxxxxxxxxxxxxx
> Subject: Re: [PATCH v2 1/2] iommu/amd: Add IOMMU_PROT_IE flag for
> memory encryption
>
> Hi Wei,
>
> On 11/3/2025 7:30 PM, Wei Wang wrote:
> > Introduce the IOMMU_PROT_IE flag to allow callers of
> > iommu_v1_map_pages() to explicitly request memory encryption for
> specific mappings.
> >
> > With SME enabled, the C-bit (encryption bit) in IOMMU page table
> > entries is now set only when IOMMU_PROT_IE is specified. This provides
> > fine-grained control over which IOVAs are encrypted through the IOMMU
> > page tables.
> >
> > Current PCIe devices and switches do not interpret the C-bit, so
> > applying it to MMIO mappings would break PCIe peer‑to‑peer
> > communication. Update the implementation to restrict C-bit usage to
> non‑MMIO backed IOVAs.
>
> Right. Quote from AMD Programmers Manual Vol2, "any pages
> corresponding to MMIO addresses must be configured with the C-bit clear."
>

Yes, thanks.

> >
> > Fixes: 2543a786aa25 ("iommu/amd: Allow the AMD IOMMU to work with
> > memory encryption")
> > Suggested-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
> > Signed-off-by: Wei Wang <wei.w.wang@xxxxxxxxxxx>
> > ---> drivers/iommu/amd/amd_iommu_types.h | 3 ++-
> > drivers/iommu/amd/io_pgtable.c | 7 +++++--
>
> May be apply same fix for io_pgtable_v2.c as well? (Of course filename
> changed with generic pt series).

Yes. I was uncertain about the 1st stage mapping as it has a usage for
GVA->GPA mappings, and for the trusted MMIO case, we do need the
C-bit added to GPA. But since vIOMMU isn’t supported for SNP guests,
and the trusted MMIO isn't ready yet, I think it should be safe to proceed
with this now. The above consideration can be re-visited when the trusted
MMIO gets landed.

I'll add it in the next version and see if others might have a different
perspective on this.

Next message: patchwork-bot+netdevbpf: "Re: [PATCH net] net: dsa: tag_brcm: do not mark link local traffic as offloaded"
Previous message: Greg Kroah-Hartman: "[PATCH 6.12 000/562] 6.12.58-rc2 review"
In reply to: Vasant Hegde: "Re: [PATCH v2 1/2] iommu/amd: Add IOMMU_PROT_IE flag for memory encryption"
Next in thread: Vasant Hegde: "Re: [PATCH v2 1/2] iommu/amd: Add IOMMU_PROT_IE flag for memory encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]