lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID:
 <SI2PR01MB439373CA7A023D8EC4C42040DCC7A@SI2PR01MB4393.apcprd01.prod.exchangelabs.com>
Date: Mon,  3 Nov 2025 22:00:32 +0800
From: Wei Wang <wei.w.wang@...mail.com>
To: alex@...zbot.org,
	jgg@...dia.com,
	suravee.suthikulpanit@....com,
	thomas.lendacky@....com,
	joro@...tes.org
Cc: kevin.tian@...el.com,
	wei.w.wang@...mail.com,
	linux-kernel@...r.kernel.org,
	iommu@...ts.linux.dev
Subject: [PATCH v2 0/2] iommu/amd: Avoid setting C-bit for MMIO addresses

When SME is enabled, iommu_v1_map_pages() currently sets the C-bit for
all physical addresses. This is correct for system RAM, since the C-bit is
required by SME to indicate encrypted memory and ensure proper
encryption/decryption.

However, applying the C-bit to MMIO addresses is incorrect. Devices and
PCIe switches do not interpret the C-bit currently, and doing so can break
PCIe peer-to-peer communication. To prevent this, avoid setting the C-bit
when the physical address is backed by MMIO.

Note: this patchset only updates vfio_iommu_type1. Corresponding changes
to iommufd to pass the IOMMU_MMIO prot flag will be added if this approach
is accepted.

v1->v2 changes:
- 1 used page_is_ram() in the AMD IOMMU driver to detect non-RAM
  addresses, avoiding changes to upper-layer callers (vfio and iommufd).
  v2 instead lets upper layers explicitly indicate MMIO mappings via the
  IOMMU_MMIO prot flag. This avoids the potential overhead of
  page_is_ram(). (suggested by Jason Gunthorpe) 
  v1 link: https://lkml.org/lkml/2025/10/23/1211

Wei Wang (2):
  iommu/amd: Add IOMMU_PROT_IE flag for memory encryption
  vfio/type1: Set IOMMU_MMIO in dma->prot for MMIO-backed addresses

 drivers/iommu/amd/amd_iommu_types.h |  3 ++-
 drivers/iommu/amd/io_pgtable.c      |  7 +++++--
 drivers/iommu/amd/iommu.c           |  2 ++
 drivers/vfio/vfio_iommu_type1.c     | 14 +++++++++-----
 4 files changed, 18 insertions(+), 8 deletions(-)

-- 
2.51.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ