This is a note to let you know that I've just added the patch titled
iommu/amd: Enhance def_domain_type to handle untrusted device
to the 6.8-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
iommu-amd-enhance-def_domain_type-to-handle-untrusted-device.patch
and it can be found in the queue-6.8 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 0f91d0795741c12cee200667648669a91b568735 Mon Sep 17 00:00:00 2001
From: Vasant Hegde <vasant.hegde@xxxxxxx>
Date: Tue, 23 Apr 2024 11:17:25 +0000
Subject: iommu/amd: Enhance def_domain_type to handle untrusted device
From: Vasant Hegde <vasant.hegde@xxxxxxx>
commit 0f91d0795741c12cee200667648669a91b568735 upstream.
Previously, IOMMU core layer was forcing IOMMU_DOMAIN_DMA domain for
untrusted device. This always took precedence over driver's
def_domain_type(). Commit 59ddce4418da ("iommu: Reorganize
iommu_get_default_domain_type() to respect def_domain_type()") changed
the behaviour. Current code calls def_domain_type() but if it doesn't
return IOMMU_DOMAIN_DMA for untrusted device it throws error. This
results in IOMMU group (and potentially IOMMU itself) in undetermined
state.
This patch adds untrusted check in AMD IOMMU driver code. So that it
allows eGPUs behind Thunderbolt work again.
Fine tuning amd_iommu_def_domain_type() will be done later.
Reported-by: Eric Wagner <ewagner12@xxxxxxxxx>
Link: https://lore.kernel.org/linux-iommu/CAHudX3zLH6CsRmLE-yb+gRjhh-v4bU5_1jW_xCcxOo_oUUZKYg@xxxxxxxxxxxxxx
Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3182
Fixes: 59ddce4418da ("iommu: Reorganize iommu_get_default_domain_type() to respect def_domain_type()")
Cc: Robin Murphy <robin.murphy@xxxxxxx>
Cc: Jason Gunthorpe <jgg@xxxxxxxx>
Cc: stable@xxxxxxxxxx # v6.7+
Signed-off-by: Vasant Hegde <vasant.hegde@xxxxxxx>
Link: https://lore.kernel.org/r/20240423111725.5813-1-vasant.hegde@xxxxxxx
Signed-off-by: Joerg Roedel <jroedel@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/iommu/amd/iommu.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/iommu/amd/iommu.c
+++ b/drivers/iommu/amd/iommu.c
@@ -2593,6 +2593,10 @@ static int amd_iommu_def_domain_type(str
if (!dev_data)
return 0;
+ /* Always use DMA domain for untrusted device */
+ if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted)
+ return IOMMU_DOMAIN_DMA;
+
/*
* Do not identity map IOMMUv2 capable devices when:
* - memory encryption is active, because some of those devices
Patches currently in stable-queue which might be from vasant.hegde@xxxxxxx are
queue-6.8/iommu-amd-enhance-def_domain_type-to-handle-untrusted-device.patch
