5

I've been having an issue where my after resuming from suspend, my laptop (An HP Pavilion 15 with an AMD Ryzen 7 5700U) is not able to do anything, and I would get error messages suggesting that the disk was in a read-only mode.

After some time, I was able to find this page on the arch wiki that suggested I set the amd_iommu=off kernel parameter. This worked, but I'm not really clear what the implications of doing this are. Lessened security, slower performance, or anything else?

Edit: A commenter pointed out that I left out some details. This is my personal laptop with 16 GB of RAM that I sometimes run stuff like VMs on. Its running ubuntu 24.04.2 with kernel version 6.11.0-28-generic

BarrowWight
  • 153
  • 4
    Do you run virtual machines, Docker containers, specialized software, or connect external peripherals like video cards or PCIe storage? If the answer is “No. Never.” then there’s little need to worry about disabling this. If you do any of these things, however, then disabling the IOMMU allows any hardware or software the ability to access, read, and modify memory directly. This can result in passwords and encryption keys being read, or poorly coded things overwriting memory used by other services resulting in crashes and lost data. – matigo Jul 04 '25 at 23:50
  • @guiverc Sorry should have thought of that. I've updated the question with those details. @matigo I do use some of that stuff from time to time. I see there's some other options for the parameter, as well as a separate iommu flag. I can set. Would one of those be better? – BarrowWight Jul 05 '25 at 00:53
  • 1
    https://instinct.docs.amd.com/projects/amdgpu-docs/en/latest/conceptual/iommu.html is a better description of what this does and such ans why its in place. – Thomas Ward Jul 05 '25 at 01:24
  • When the system has the failure are you able to get a shell and inspect the contents of /var/log/syslog or dmesg? The reason for asking is that on a different system with AlmaLinux 9 and Intel CPUs, when enabled the IOMMU had issues with some file systems not being mounted, and found some Kernel drivers reporting errors. I.e. there may be bugs in some drivers when the IOMMU is enabled, and checking the logs for errors might help to identify the problematic driver. – Chester Gillon Jul 05 '25 at 07:41
  • @ChesterGillon Nope. I can't seem to do anything.

    Since the disk gets mounted read-only, nothing goes to the logs for me to read on reboot.

     – BarrowWight Jul 05 '25 at 18:14

1 Answers1

3

The IOMMU is to peripeheral devices what the CPU's MMU is to processes: it translates DMA addresses into real physical addresses using page tables that the OS controls. By disabling it, you fall back to the "old way" of doing things that remove this layer of indirection and let devices DMA into physical memory directly.

The main implication is that you lose the ability to pass PCIe devices to VMs. It doesn't sound like you were doing that - but you should be aware regardless.

A secondary caveat is that without IOMMU, a hostile or buggy PCIe device can read/write any PCIe address it wants. A Thunderbolt port without IOMMU is an open invitation to access your computer's memory.

martona
  • 168
  • Yeah. I don't see myself trying to passthrough PCIe devices on my laptop to a VM, and it does not have thunderbolt, just USB-C, so I'm guessing there's no risks there either. I did change it from amd_iommu=off to iommu=pt as the AMD link @Thomas Ward provided up above, and that works. So probably a bit better. – BarrowWight Jul 08 '25 at 01:41