From nobody Thu Apr 9 09:03:35 2026 Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB8023D544 for ; Mon, 9 Mar 2026 23:52:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773100363; cv=none; b=YKrrJ2+vwQHq/fEr0q5a8stSc4huC+EaY+i9ebddKzV7WSDqRJESVXDnCBW4SDBKu48NCthBVHIrpQmPS87/an4KMq4dsg0QTxAPT+WoKK3+vr1CtJXXcgnRSkQMkaQgAcSV8HOhD58pTydRum2oV776k7OltTDiZjvFEaKtolk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773100363; c=relaxed/simple; bh=mtzjGFsLgrT5E1Z+qJblFm43sZn4UO1lYBR5VIlWW7U=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=AwWTHb9ujKC/pDNHgYZNCWrT6SuyjDG54qrRBt1PWy8LtSLLAu6p858MGr14idHEnsKcie/WUU6tEG/4rugEdez+/3vQaWSWzTv6Y1tOmx4SrzAfor1o8RihEZHi3lFesINkd9bqtJujCYqDlvni0VHNPExEJsjnqzGArmTa0Ek= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=dama.to; spf=none smtp.mailfrom=dama.to; dkim=pass (2048-bit key) header.d=dama-to.20230601.gappssmtp.com header.i=@dama-to.20230601.gappssmtp.com header.b=0fUOSgw6; arc=none smtp.client-ip=209.85.210.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=dama.to Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=dama.to Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=dama-to.20230601.gappssmtp.com header.i=@dama-to.20230601.gappssmtp.com header.b="0fUOSgw6" Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-829a27414a3so1971072b3a.3 for ; Mon, 09 Mar 2026 16:52:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dama-to.20230601.gappssmtp.com; s=20230601; t=1773100361; x=1773705161; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=DM71VgvO3clFL330YEhFl+G5lnrrrbTwagG8j57LbrM=; b=0fUOSgw6Edg9rJtOgRjzs5CuVLWxtXde9qvQYjttCzDTUMjIW/7PZjhL8yLZ5tGyc6 3LdWYgCWquOTtRNJMZosz4kpZxbkPHnLT8h0FtXelgLQdO27cU0k/ZgDag8rrr5Oq28q 0cy8J8Zm9eBCF4V2VWHhQpayTnkTtuPDBxSWU+DCj8FLVpVMGC10u3rkK7O1RFRxDP5o jkXv5HODygTX6kmqNSP4Q3uWJN6IitdKaq14jDKjEAxkytnC/ftl3ehIsapT4a4oEnUQ h57mPclCFw4FiNiUGZXmTEcDml2KKbRfLmeTrV1FZag1+qQHyC1mTraBE2VMWc3cnwCA zI/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773100361; x=1773705161; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=DM71VgvO3clFL330YEhFl+G5lnrrrbTwagG8j57LbrM=; b=h8AvvAvqMSVYTvR4m676ci0Ti3YuI/atVhfo08tCEqkdHnMK/PqHXrxbwJZRL7NTcd odG/XzexiaLWQADy6Voq7JDmueaDiaYmcwN/oj+gnHZjl4OM1OqJoKBFRYW8bOHVDOhB VEBRAUF7B6ZIUp7h/owEyUk8LI2g7W0cOvKUa43sK++k1H1cnytoNoQ8UyQJtUlHN98J w0JOn1sotZb5W7TDxl23NrgyrjxxJfgAmF1HZcYGOszj3qdKmIwVygKfUheykUitRmYA YHFBfmCGAzYLComfJT6nUU+aev0DlF3b479yTb1NdogGndEs3rVhDCq0/h4icnIkKW91 zKlA== X-Gm-Message-State: AOJu0Yxo0EQVtQZuqdpMRwa2n7jI3IoWFCDYyg5u2CQBdru7OGMHPGFH 2CImlNXr/VxmS28jOCAS7EJlIF8j5MT1Un2tIqRWnSRfpzneAfw0s5hFVy2dQ4Z7Puw= X-Gm-Gg: ATEYQzzAQ4cYlw+r7bPI/A0eG7yMyW0ry4qWgEmeju9PouhO4Bf6f+rco6Na/xy7kW+ 3zbl6bEVB90BJwt9bzYF6hChYe3IjobULOdXC4zUHKH4i5u2yEGKX4vTzzM4jrn/P22D8miRSrO fAykAAvf0NF4AeNBCk1xaFsIos+P457j5MAi1khf94O7AA0gOWJlwe/PqpYtG0eV5EAC6Vij2Bk ES87jA9exDRjmWWBqWrI13IV8VX8QeMTw5H6xcNAlp7ahUZkhzh/S9rHdrQifx5dpQcIptVgWBy ASaTEBUqXwbOSYQbNa1Oolhd+h//VM5naUrBSNheXdeej9Zx5N1fOIjKWcf5eE4Z3R8/Jh0EClx DxEqigqx/8zFqmNJhK8X0MMHYVV02UGGvXmGoozNDNknjvayU35NtKWQPELrN0Gm8zHiShyDeRD qaEtU= X-Received: by 2002:a05:6a00:4511:b0:81c:96b7:7faa with SMTP id d2e1a72fcca58-829a2f4fa0amr12118981b3a.41.1773100361343; Mon, 09 Mar 2026 16:52:41 -0700 (PDT) Received: from localhost ([2a03:2880:2ff:3::]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-829a4676187sm13651515b3a.27.2026.03.09.16.52.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 16:52:40 -0700 (PDT) From: Joe Damato To: iommu@lists.linux.dev, Joerg Roedel , Suravee Suthikulpanit , Will Deacon , Robin Murphy , Vasant Hegde , Kevin Tian , Jason Gunthorpe Cc: linux-kernel@vger.kernel.org, Joe Damato , Joerg Roedel Subject: [PATCH] iommu/amd: Block identity domain when SNP enabled Date: Mon, 9 Mar 2026 16:52:33 -0700 Message-ID: <20260309235234.3367768-1-joe@dama.to> X-Mailer: git-send-email 2.52.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Previously, commit 8388f7df936b ("iommu/amd: Do not support IOMMU_DOMAIN_IDENTITY after SNP is enabled") prevented users from changing the IOMMU domain to identity if SNP was enabled. This resulted in an error when writing to sysfs: # echo "identity" > /sys/kernel/iommu_groups/50/type -bash: echo: write error: Cannot allocate memory However, commit 4402f2627d30 ("iommu/amd: Implement global identity domain") changed the flow of the code, skipping the SNP guard and allowing users to change the IOMMU domain to identity after a machine has booted. Once the user does that, they will probably try to bind and the device/driver will start to do DMA which will trigger errors: iommu ivhd3: AMD-Vi: Event logged [ILLEGAL_DEV_TABLE_ENTRY device=3D0000:= 43:00.0 pasid=3D0x00000 address=3D0x3737b01000 flags=3D0x0020] iommu ivhd3: AMD-Vi: Control Reg : 0xc22000142148d AMD-Vi: DTE[0]: 6000000000000003 AMD-Vi: DTE[1]: 0000000000000001 AMD-Vi: DTE[2]: 2000003088b3e013 AMD-Vi: DTE[3]: 0000000000000000 bnxt_en 0000:43:00.0 (unnamed net_device) (uninitialized): Error (timeout= : 500015) msg {0x0 0x0} len:0 iommu ivhd3: AMD-Vi: Event logged [ILLEGAL_DEV_TABLE_ENTRY device=3D0000:= 43:00.0 pasid=3D0x00000 address=3D0x3737b01000 flags=3D0x0020] iommu ivhd3: AMD-Vi: Control Reg : 0xc22000142148d AMD-Vi: DTE[0]: 6000000000000003 AMD-Vi: DTE[1]: 0000000000000001 AMD-Vi: DTE[2]: 2000003088b3e013 AMD-Vi: DTE[3]: 0000000000000000 bnxt_en 0000:43:00.0: probe with driver bnxt_en failed with error -16 To prevent this from happening, create an attach wrapper for identity_domain_ops which returns EINVAL if amd_iommu_snp_en is true. With this commit applied: # echo "identity" > /sys/kernel/iommu_groups/62/type -bash: echo: write error: Invalid argument Fixes: 4402f2627d30 ("iommu/amd: Implement global identity domain") Signed-off-by: Joe Damato Reviewed-by: Jason Gunthorpe Reviewed-by: Vasant Hegde --- drivers/iommu/amd/iommu.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c index 81c4d7733872..760d5f4623b5 100644 --- a/drivers/iommu/amd/iommu.c +++ b/drivers/iommu/amd/iommu.c @@ -2909,8 +2909,21 @@ static struct iommu_domain blocked_domain =3D { =20 static struct protection_domain identity_domain; =20 +static int amd_iommu_identity_attach(struct iommu_domain *dom, struct devi= ce *dev, + struct iommu_domain *old) +{ + /* + * Don't allow attaching a device to the identity domain if SNP is + * enabled. + */ + if (amd_iommu_snp_en) + return -EINVAL; + + return amd_iommu_attach_device(dom, dev, old); +} + static const struct iommu_domain_ops identity_domain_ops =3D { - .attach_dev =3D amd_iommu_attach_device, + .attach_dev =3D amd_iommu_identity_attach, }; =20 void amd_iommu_init_identity_domain(void) --=20 2.52.0