amd_iommu=off or amd_iommu=fullflush

Hundreds of years ago the poet William Shakespeare wrote:

To be, or not to be?

Today, users of some HP Notebook laptops with AMD CPU (like HP Notebook 15-ba006nm) wanting to have Linux often have different dilemma:

amd_iommu=off or amd_iommu=fullflush ?

As I experienced myself, Linux with kernel in version between 4.8 and 4.12 has problems to boot on such laptops. The solution that I found in September 2017 was to add following boot-parameter for kernel: amd_iommu=off. But as I’ve recently discovered the 2nd variant (amd_iommu=fullflush) helps as well in this situation (verified with Linux Mint 18.3 LTS).

The problem with the 1st variant (amd_iommu=off) is that it turns off the IOMMU. I can bet this is not obvious for many people what the hell is this “IOMMU”? And if it can safely be turned off?

In practice you can live without IOMMU – as I did. Actually nothing changes in normal, daily using of a computer (my impression).

But only last days I’ve learned more about the IOMMU. Especially this page was very helpful: IOMMU: Virtualizing IO through IO Memory Management Unit (IOMMU), Use Cases and Internals of IOMMU. The title says about virtualization however it’s not what I see as the most important thing related to IOMMU. Thanks to the presentation found on this page, I have learned that the IOMMU is a piece of hardware that is important from the security point of view. It’s because without IOMMU:

  1. there is no protection from malicious (or vulnerable?) devices (DMA Attack)
  2. there is no protection from buggy device drivers – so poor driver can destabilize your system or even cause some corruption

There are more, but the 2 points above I see as the most important advantages of using IOMMU.

Of course there are other ways the IOMMU functionality can be… emulated. For example by OS software (bounce buffer). But it doesn’t perform as good as IOMMU – because the IOMMU is hardware. And I’m not sure if a software solution is as safe as IOMMU.

Conclusion

If you find yourself in a situation that you have to add amd_iommu=off as parameter for kernel to boot your Linux first try if this parameter instead does the job:

amd_iommu=fullflush

As the value suggests it should make that IOMMU is used, what is safer than turning IOMMU off. So dilemma solved! 🙂

How to check if IOMMU is used?

Examine output of the following command:

dmesg|grep -i iommu

If there is some output and it doesn’t mention any warning or error then it’s good.

Good news!

If you have such a problem with booting Linux on your computer that was solved only by adding kernel boot-param amd_iommu=off then try newer Linux version! Ubuntu 18.04 LTS has kernel 4.15 and the problem is gone on my HP laptop! 🙂

About krzysztoftomaszewski

I've got M.Sc. in software engineering. I graduated in 2005 at Institute of Computer Science, Warsaw University of Technology, Faculty of Electronics and Information Technology. I'm working on computer software design and engineering continuously since 2004.
This entry was posted in hardware, Linux, security and tagged , , . Bookmark the permalink.

4 Responses to amd_iommu=off or amd_iommu=fullflush

  1. user X says:

    Not a good news! I have Kernel 5.4.17-200.fc31.x86_64 and problem still exists!

  2. Etkopa says:

    fullflush worked for me (had it off beforehand). Now the only thing I have to figure out is bluetooth and suspend. The model is 13-ar0010nw BTW.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s