[PATCH 6/9] iommu/vt-d: Call dmar_can_force_on() for tboot optin

Next message: K Prateek Nayak: "Re: [PATCH v3 06/20] sched/core: allow only preferred CPUs in is_cpu_allowed"
Previous message: Kevin Tian: "[PATCH 5/9] iommu/vt-d: Use dmar_can_force_on() for platform optin"
In reply to: Kevin Tian: "[PATCH 5/9] iommu/vt-d: Use dmar_can_force_on() for platform optin"
Next in thread: Kevin Tian: "[PATCH 7/9] iommu/vt-d: Remove the 'force_on' variable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kevin Tian

Date: Thu Jun 04 2026 - 01:11:14 EST

So the policy of requesting ACS in detect_intel_iommu() is consistent
with that in tboot_force_iommu().

Though tboot is the strongest override so far, add a panic() in case
dmar_can_force_on() may return false due to future extensions.

No functional impact at this point.

Signed-off-by: Kevin Tian <kevin.tian@xxxxxxxxx>
---
drivers/iommu/intel/iommu.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index edf01261a41d..ed227de6d0ba 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -2544,12 +2544,16 @@ static int __init probe_acpi_namespace_devices(void)

static __init int tboot_force_iommu(void)
{
- if (!tboot_enabled())
+ if (!tboot_enabled() || intel_iommu_tboot_noforce)
return 0;

- if (no_iommu || dmar_disabled)
+ if (!dmar_can_force_on(DMAR_FORCEON_TBOOT))
+ panic("tboot: Failed to force IOMMU on\n");
+
+ if (dmar_is_disabled())
pr_warn("Forcing Intel-IOMMU to enabled\n");

+ dmar_state = DMAR_ENABLED_FORCE;
dmar_disabled = 0;
no_iommu = 0;

@@ -2566,8 +2570,7 @@ int __init intel_iommu_init(void)
* Intel IOMMU is required for a TXT/tboot launch or platform
* opt in, so enforce that.
*/
- force_on = (!intel_iommu_tboot_noforce && tboot_force_iommu()) ||
- platform_optin_force_iommu();
+ force_on = tboot_force_iommu() || platform_optin_force_iommu();

down_write(&dmar_global_lock);
if (dmar_table_init()) {
--
2.43.0