iommu/amd: Do not identity map v2 capable device when snp is enabled

Flow:
  - Booted system with SNP enabled, memory encryption off and
    IOMMU DMA translation mode
  - AMD driver detects v2 capable device and amd_iommu_def_domain_type()
    returns identity mode
  - amd_iommu_domain_alloc() returns NULL an SNP is enabled
  - System will fail to register device

On SNP enabled system, passthrough mode is not supported. IOMMU default
domain is set to translation mode. We need to return zero from
amd_iommu_def_domain_type() so that it allocates translation domain.

Fixes: fb2accadaa94 ("iommu/amd: Introduce function to check and enable SNP")
CC: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Signed-off-by: Vasant Hegde <vasant.hegde@amd.com>
Link: https://lore.kernel.org/r/20230207091752.7656-1-vasant.hegde@amd.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>

diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
index 33c134a2b581ea6b9d9571bdac924bda12b8c0de..80749b99472fcc69f8c107fa4cf67c02c424680e 100644 (file)
--- a/drivers/iommu/amd/iommu.c
+++ b/drivers/iommu/amd/iommu.c
@@ -2403,12 +2403,17 @@ static int amd_iommu_def_domain_type(struct device *dev)
                return 0;
 
        /*
-        * Do not identity map IOMMUv2 capable devices when memory encryption is
-        * active, because some of those devices (AMD GPUs) don't have the
-        * encryption bit in their DMA-mask and require remapping.
+        * Do not identity map IOMMUv2 capable devices when:
+        *  - memory encryption is active, because some of those devices
+        *    (AMD GPUs) don't have the encryption bit in their DMA-mask
+        *    and require remapping.
+        *  - SNP is enabled, because it prohibits DTE[Mode]=0.
         */
-       if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT) && dev_data->iommu_v2)
+       if (dev_data->iommu_v2 &&
+           !cc_platform_has(CC_ATTR_MEM_ENCRYPT) &&
+           !amd_iommu_snp_en) {
                return IOMMU_DOMAIN_IDENTITY;
+       }
 
        return 0;
 }