From patchwork Fri Jan 26 04:11:19 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Roth <michael.roth@amd.com>
X-Patchwork-Id: 13532056
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 136B3C47DDB
	for <linux-mm@archiver.kernel.org>; Fri, 26 Jan 2024 04:44:26 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id A00876B00A3; Thu, 25 Jan 2024 23:44:25 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 9B0916B00A4; Thu, 25 Jan 2024 23:44:25 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 878B96B00A5; Thu, 25 Jan 2024 23:44:25 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com
 [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 78F746B00A3
	for <linux-mm@kvack.org>; Thu, 25 Jan 2024 23:44:25 -0500 (EST)
Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay10.hostedemail.com (Postfix) with ESMTP id 3F6D9C04E2
	for <linux-mm@kvack.org>; Fri, 26 Jan 2024 04:44:25 +0000 (UTC)
X-FDA: 81720220890.17.49F2BD4
Received: from NAM12-BN8-obe.outbound.protection.outlook.com
 (mail-bn8nam12on2045.outbound.protection.outlook.com [40.107.237.45])
	by imf13.hostedemail.com (Postfix) with ESMTP id 87B9320008
	for <linux-mm@kvack.org>; Fri, 26 Jan 2024 04:44:22 +0000 (UTC)
Authentication-Results: imf13.hostedemail.com;
	dkim=pass header.d=amd.com header.s=selector1 header.b=iCYTuyQX;
	spf=pass (imf13.hostedemail.com: domain of Michael.Roth@amd.com designates
 40.107.237.45 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com;
	arc=pass ("microsoft.com:s=arcselector9901:i=1");
	dmarc=pass (policy=quarantine) header.from=amd.com
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1706244262;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=+qG75r4WHkgWbMzwHKr0H1I3Mb70xWCu5pDmxLxzbm0=;
	b=P3St7wtf35Wg2lutY0uFFiUy55PZ2qE5Rjo6x1galPsrhkB7y3PX4xuQruhM32pUa8Lxkk
	YSejNvs8f3PleTYVl64tF0WK8O9wVUV4JMQP6p87oT+q32yVjWRN4o20MBt03wEAiRUiS9
	A8LQf2YE+vqzLGe+axp6w82dvHM3wUQ=
ARC-Authentication-Results: i=2;
	imf13.hostedemail.com;
	dkim=pass header.d=amd.com header.s=selector1 header.b=iCYTuyQX;
	spf=pass (imf13.hostedemail.com: domain of Michael.Roth@amd.com designates
 40.107.237.45 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com;
	arc=pass ("microsoft.com:s=arcselector9901:i=1");
	dmarc=pass (policy=quarantine) header.from=amd.com
ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1706244262; a=rsa-sha256;
	cv=pass;
	b=00hXLvJl/qzlfLK222Y5yfwpQprxIhbvvDuJrTLsBRieY0gV1yD57n6j3jUqJjrU/D31n0
	35d6SrCGFX30f5h5jTXvfnDtUB2cW1mz0+5Q5z1AJNi6F/XyBOf8ugHw4Otq4Mf6wpymvp
	21Q1G8PJE2tHiOdWWNaWcyoqnbXzw2c=
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=arIXtEDaW2ZrrZdfdRWg6FDXMREgjXCopdMb673d6b1hgWTbFIaygcXcjdQhCYkVPrvQg4K6c1DGFGIXIuI+HFYF2huxYmXpAgGmLcgn2hrwPDlXk7YoEaDAq9vSs8KDXd2wJYP0OwajB5zO2YtJSNxgMSug9LMj1vbtkiyxMNdYviRS2n9UP2jqGqWoXihINzN0CltLIqhTIAHZaDig9obn0LtqGOWfGN1j/aqhXrNKgviPJcHLvOYETZmtbRuNgjjxbWKDKJFR0kBuuRmNl+5RB30JSuHFijjlT4tQUsT4cq3QYsS1YoKMpYvtOvMKpYqv4qa0O6X/9iPiQ70sMg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=+qG75r4WHkgWbMzwHKr0H1I3Mb70xWCu5pDmxLxzbm0=;
 b=FCFdqCGWmi9ZHUZhSUNMEAniKR0J4+9hEWV5TIvnFfAEyw2ovdLPQlzGc1UGKHcRTBL8Gup3dGViUtSFQ3GHs68YLM9VrE2iSU8FccSrczg2zS/9lOdDYtzDxjpZQczclxX0xO2XEHg5wffx93rQ992u4adBo1c1yoiARtym1X1ehdyme7AKoLl5qgZAxu+Y8p66QkTYwq3R5VK4I6Xg1doW6GjOw/1KBXU0pNwoOD57VhQMaTbYUvAD3SwdNVTfv+Xhv0axY7z1ry0up1GAxwFYvrWwJdZaip1nxREQbatowbQLEOCpynRDY5Y8zrhk4SxMBSLuFdZ9SN4HmzohpQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=+qG75r4WHkgWbMzwHKr0H1I3Mb70xWCu5pDmxLxzbm0=;
 b=iCYTuyQXK9QqQXk+8+TeDi6mI7k8g7wYKx3vfgFNIrFc+qzXjbgYbkYDcBfVQYQ+WuNKK+vhigzeVCWu7tYAT27fmcf078+Cvej+O0HQNA9wj/l6of5CSXpVtAtkz7AoVEz13sdxk+qVKKoQ+I3TGC4uRgZLLQw3btH2z+XK5yg=
Received: from BY5PR16CA0027.namprd16.prod.outlook.com (2603:10b6:a03:1a0::40)
 by IA1PR12MB6555.namprd12.prod.outlook.com (2603:10b6:208:3a1::20) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan
 2024 04:44:19 +0000
Received: from MWH0EPF000971E7.namprd02.prod.outlook.com
 (2603:10b6:a03:1a0:cafe::a5) by BY5PR16CA0027.outlook.office365.com
 (2603:10b6:a03:1a0::40) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend
 Transport; Fri, 26 Jan 2024 04:44:18 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
 MWH0EPF000971E7.mail.protection.outlook.com (10.167.243.75) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 04:44:18 +0000
Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 25 Jan
 2024 22:44:17 -0600
From: Michael Roth <michael.roth@amd.com>
To: <x86@kernel.org>
CC: <kvm@vger.kernel.org>, <linux-coco@lists.linux.dev>, <linux-mm@kvack.org>,
	<linux-crypto@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<tglx@linutronix.de>, <mingo@redhat.com>, <jroedel@suse.de>,
	<thomas.lendacky@amd.com>, <hpa@zytor.com>, <ardb@kernel.org>,
	<pbonzini@redhat.com>, <seanjc@google.com>, <vkuznets@redhat.com>,
	<jmattson@google.com>, <luto@kernel.org>, <dave.hansen@linux.intel.com>,
	<slp@redhat.com>, <pgonda@google.com>, <peterz@infradead.org>,
	<srinivas.pandruvada@linux.intel.com>, <rientjes@google.com>,
	<tobin@ibm.com>, <bp@alien8.de>, <vbabka@suse.cz>, <kirill@shutemov.name>,
	<ak@linux.intel.com>, <tony.luck@intel.com>,
	<sathyanarayanan.kuppuswamy@linux.intel.com>, <alpergun@google.com>,
	<jarkko@kernel.org>, <ashish.kalra@amd.com>, <nikunj.dadhania@amd.com>,
	<pankaj.gupta@amd.com>, <liam.merwick@oracle.com>
Subject: [PATCH v2 19/25] iommu/amd: Clean up RMP entries for IOMMU pages
 during SNP shutdown
Date: Thu, 25 Jan 2024 22:11:19 -0600
Message-ID: <20240126041126.1927228-20-michael.roth@amd.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20240126041126.1927228-1-michael.roth@amd.com>
References: <20240126041126.1927228-1-michael.roth@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MWH0EPF000971E7:EE_|IA1PR12MB6555:EE_
X-MS-Office365-Filtering-Correlation-Id: ce8654d0-eb09-4f90-6a13-08dc1e29753c
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	c1/N+NOdlDEYkL8nup6ZrqkbaTUwNTx4w1tb1kYLBF2ZsRUeoE/t4rCcWjHvSbOskC3cZ3B/D1Z4m4Dj9X31dfu/fKaKzwuoqfGO+iO0wqy6dTi/W1e2g3vLPSmO6K5ShdywZCLi+EPavjm3W8nicVnWvVQMUTNB0yiuYpdifelJd2jrgFT5O9X9JSzpK9ZcQbXmkabI92VThui4MTF0YR1TW8j97jWjVUVuLQwrLAMBk5zrHYbyVe0SUSbTF3qWMwisNZLJUEdVaI+7r+3qubvVtKWwK4bavN6LPixo4hEZ/T8LlYo8a4Y6KT1K7GDjAQHOTOhUvPnNukiY4oMVoyLOfXCSIKBsG6XyljAE7mPr+YlrAavs18G8K3LfmkCzRSaEUEMbXPifsR3F0mMHoOQ37KFWu8xj+diXpGq/iE0pQBKVwDxVVNsgJZ+YfpzkiyMbcT89heNQ8IAsmtgPYO6MMVnKDJbeM4lFmrtC5/08d2YmUjIMXLPk5x/H101OZRw4TAn6yc6Io4VucyT1P9kkFTsXKhgyCXufEA27X4R7F3P/9617yVnYS8Oaw/V3JMrRVUyyT5hI4MpNm0VncYs9RWAEnZo9q6xtE0TUh9ERq8HP6JPgdwLhUg2clR/l9BTwCnLQArCW7rQsp8Usgtq2ls+qV/Rk69kB6rk1HizZkvwx7pNbs3oUDudfPGW0rswQZ3XSu9kPTn56lnby1PisRRKjomyNU27UiemNwbazxDGQZxi4oPrxY5yn3JcBTToQ9fGqY9qtxXOX3oiSpA==
X-Forefront-Antispam-Report: 
	CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(396003)(136003)(376002)(39860400002)(346002)(230922051799003)(186009)(1800799012)(82310400011)(64100799003)(451199024)(36840700001)(40470700004)(46966006)(8936002)(8676002)(4326008)(36860700001)(5660300002)(82740400003)(7406005)(7416002)(2616005)(1076003)(70586007)(70206006)(54906003)(83380400001)(44832011)(47076005)(6916009)(316002)(36756003)(356005)(81166007)(40460700003)(40480700001)(2906002)(336012)(426003)(478600001)(26005)(16526019)(86362001)(41300700001)(36900700001);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 04:44:18.7591
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 ce8654d0-eb09-4f90-6a13-08dc1e29753c
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	MWH0EPF000971E7.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6555
X-Rspamd-Queue-Id: 87B9320008
X-Rspam-User: 
X-Stat-Signature: c3r46kni5mxhqpgynp9mm5ugn4jx5pij
X-Rspamd-Server: rspam01
X-HE-Tag: 1706244262-553227
X-HE-Meta: 
 U2FsdGVkX19vwycLVNUq0Hcl0KyHr2ZcL59LJycHclduoAgyFwsyFtEyWyJZcs61AwsEEdmLsLMlQcZks3JEq1dVC7Y7uApPb4efBVKGdeYTq5Hp2wi1uS6aVmEd/ZxeZVXD7BhS0bYprzpy7rs1wYmOaNRlhpjDBEYsga5YP9GTXGsQb5oXYW4qTLvxj6m3Xxo8jwt0f636NzkN7NhNbCY4udjMct5nDiKrWSkNM+x2XeyE+s9lxbCy5Qyh85EqhZQ6jYeozedNV0oLEAOR9oHzQA53+d04lDP5ECroikgnIeU12KUbHjb0tL7RLvnl6/68kb40uCcah6ApX5X+DWiBDRU63IM6dcNHljfXvx+1yfIGquL0orKaXPIC7Ggujk+3tri/7AkXNjELzZgSJ9XfPKYttjv4zXxE2e4TQOaPrM13+FRiPSGvAezp9EUNiZWZ1suj5QwNfXUwKaSjEm6Oxjd2cxyotnkxE05mvTUUE41UuzcR5dBHDAwGRRJB0Di6SH0+zJJVjHrLaMhPnyH4vYIAtKHHbPw9wOy39YIpWcF+UIYptfi3QCTnMPqPSR4yC1bCBKtluex06Py5P59Rmf01IUfX51RR96K51qHtikFv0NTn3Oo8oCH1wUUu7QdN/45wHJxBkNiswbk15X6myIZiKntt873IRww05ttCk/XfW8teQNvUnACA6CJTopqrcY0nt5kpSEx2j35v8N2Lbp/i23EtXCQ3al0vWbCFUbFRf8y25k7vyw45TuuxksuVuNiNbrptQh+qjhLKH96uNpjGYXsXTevXHIu3wRcns/+LXvHE4vqpA025HerGbOEdmk6ZasgWxyMKLxFpFoxmjDCCv/UI4GDiDFOkebmept1WJt3NqDfS7Hjgfn9AxXpFll34GAaJSphfWkBtV41Qae9XYlAu9fpSCcVWUGuvuSV1iT9LN9kugnkGeuVlDwbqFiQe3Ihi9QxWNDV
 e2A==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

From: Ashish Kalra <ashish.kalra@amd.com>

Add a new IOMMU API interface amd_iommu_snp_disable() to transition
IOMMU pages to Hypervisor state from Reclaim state after SNP_SHUTDOWN_EX
command. Invoke this API from the CCP driver after SNP_SHUTDOWN_EX
command.

Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 drivers/crypto/ccp/sev-dev.c | 20 +++++++++
 drivers/iommu/amd/init.c     | 79 ++++++++++++++++++++++++++++++++++++
 include/linux/amd-iommu.h    |  6 +++
 3 files changed, 105 insertions(+)

diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index b2ad41ce5f77..d26bff55ec93 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -26,6 +26,7 @@
 #include <linux/fs.h>
 #include <linux/fs_struct.h>
 #include <linux/psp.h>
+#include <linux/amd-iommu.h>
 
 #include <asm/smp.h>
 #include <asm/cacheflush.h>
@@ -1633,6 +1634,25 @@ static int __sev_snp_shutdown_locked(int *error)
 		return ret;
 	}
 
+	/*
+	 * SNP_SHUTDOWN_EX with IOMMU_SNP_SHUTDOWN set to 1 disables SNP
+	 * enforcement by the IOMMU and also transitions all pages
+	 * associated with the IOMMU to the Reclaim state.
+	 * Firmware was transitioning the IOMMU pages to Hypervisor state
+	 * before version 1.53. But, accounting for the number of assigned
+	 * 4kB pages in a 2M page was done incorrectly by not transitioning
+	 * to the Reclaim state. This resulted in RMP #PF when later accessing
+	 * the 2M page containing those pages during kexec boot. Hence, the
+	 * firmware now transitions these pages to Reclaim state and hypervisor
+	 * needs to transition these pages to shared state. SNP Firmware
+	 * version 1.53 and above are needed for kexec boot.
+	 */
+	ret = amd_iommu_snp_disable();
+	if (ret) {
+		dev_err(sev->dev, "SNP IOMMU shutdown failed\n");
+		return ret;
+	}
+
 	sev->snp_initialized = false;
 	dev_dbg(sev->dev, "SEV-SNP firmware shutdown\n");
 
diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c
index 3a4eeb26d515..88bb08ae39b2 100644
--- a/drivers/iommu/amd/init.c
+++ b/drivers/iommu/amd/init.c
@@ -30,6 +30,7 @@
 #include <asm/io_apic.h>
 #include <asm/irq_remapping.h>
 #include <asm/set_memory.h>
+#include <asm/sev.h>
 
 #include <linux/crash_dump.h>
 
@@ -3797,3 +3798,81 @@ int amd_iommu_pc_set_reg(struct amd_iommu *iommu, u8 bank, u8 cntr, u8 fxn, u64
 
 	return iommu_pc_get_set_reg(iommu, bank, cntr, fxn, value, true);
 }
+
+#ifdef CONFIG_KVM_AMD_SEV
+static int iommu_page_make_shared(void *page)
+{
+	unsigned long paddr, pfn;
+
+	paddr = iommu_virt_to_phys(page);
+	/* Cbit maybe set in the paddr */
+	pfn = __sme_clr(paddr) >> PAGE_SHIFT;
+
+	if (!(pfn % PTRS_PER_PMD)) {
+		int ret, level;
+		bool assigned;
+
+		ret = snp_lookup_rmpentry(pfn, &assigned, &level);
+		if (ret)
+			pr_warn("IOMMU PFN %lx RMP lookup failed, ret %d\n",
+				pfn, ret);
+
+		if (!assigned)
+			pr_warn("IOMMU PFN %lx not assigned in RMP table\n",
+				pfn);
+
+		if (level > PG_LEVEL_4K) {
+			ret = psmash(pfn);
+			if (ret) {
+				pr_warn("IOMMU PFN %lx had a huge RMP entry, but attempted psmash failed, ret: %d, level: %d\n",
+					pfn, ret, level);
+			}
+		}
+	}
+
+	return rmp_make_shared(pfn, PG_LEVEL_4K);
+}
+
+static int iommu_make_shared(void *va, size_t size)
+{
+	void *page;
+	int ret;
+
+	if (!va)
+		return 0;
+
+	for (page = va; page < (va + size); page += PAGE_SIZE) {
+		ret = iommu_page_make_shared(page);
+		if (ret)
+			return ret;
+	}
+
+	return 0;
+}
+
+int amd_iommu_snp_disable(void)
+{
+	struct amd_iommu *iommu;
+	int ret;
+
+	if (!amd_iommu_snp_en)
+		return 0;
+
+	for_each_iommu(iommu) {
+		ret = iommu_make_shared(iommu->evt_buf, EVT_BUFFER_SIZE);
+		if (ret)
+			return ret;
+
+		ret = iommu_make_shared(iommu->ppr_log, PPR_LOG_SIZE);
+		if (ret)
+			return ret;
+
+		ret = iommu_make_shared((void *)iommu->cmd_sem, PAGE_SIZE);
+		if (ret)
+			return ret;
+	}
+
+	return 0;
+}
+EXPORT_SYMBOL_GPL(amd_iommu_snp_disable);
+#endif
diff --git a/include/linux/amd-iommu.h b/include/linux/amd-iommu.h
index 7365be00a795..2b90c48a6a87 100644
--- a/include/linux/amd-iommu.h
+++ b/include/linux/amd-iommu.h
@@ -85,4 +85,10 @@ int amd_iommu_pc_get_reg(struct amd_iommu *iommu, u8 bank, u8 cntr, u8 fxn,
 		u64 *value);
 struct amd_iommu *get_amd_iommu(unsigned int idx);
 
+#ifdef CONFIG_KVM_AMD_SEV
+int amd_iommu_snp_disable(void);
+#else
+static inline int amd_iommu_snp_disable(void) { return 0; }
+#endif
+
 #endif /* _ASM_X86_AMD_IOMMU_H */