Re: generic DMA bypass flag

From: Robin Murphy
Date: Tue Nov 19 2019 - 12:42:02 EST

On 16/11/2019 6:22 am, Christoph Hellwig wrote:
On Fri, Nov 15, 2019 at 06:12:48PM +0000, Robin Murphy wrote:
And is that any different from where you would choose to "just" set a
generic bypass flag?

Same spots, as intel-iommu moves from the identify to a dma domain when
setting a 32-bit mask. But that means once a 32-bit mask is set we can't
ever go back to the 64-bit one.

Is that a problem though? It's not safe in general to rewrite the default domain willy-nilly, so if it's a concern that drivers get stuck having to use a translation domain if they do something dumb like:

if (!dma_set_mask(DMA_BIT_MASK(32))

then the simple solution is "don't do that" - note that this doesn't affect overriding of the default 32-bit mask, because we don't use the driver API to initialise those.

And we had a couple drivers playing
interesting games there.

If the games you're worried about are stuff like:

dma_set_mask(dev, DMA_BIT_MASK(64));
high_buf = dma_alloc_coherent(dev, ...);
dma_set_mask(dev, DMA_BIT_MASK(32));
low_buf = dma_alloc_coherent(dev, ...);

then iommu_need_mapping() already ensures that will end spectacularly badly. Unless we can somehow log when a mask has been "committed" by a mapping operation, I don't think any kind of opportunistic bypass mechanism is ever not going to blow up that case.

FYI, this is the current intel-iommu
WIP conversion to the dma bypass flag:

Having thought a bit more, I guess my idea does end up with one slightly ugly corner wherein dma_direct_supported() has to learn to look for an IOMMU default domain and try iommu_dma_supported() before saying no, even if it's clean everywhere else. The bypass flag is more 'balanced' in terms of being equally invasive everywhere and preserving abstraction a bit better. Plus I think it might let us bring back the default assignment of dma_dummy_ops, which I do like the thought of :D

Either way, making sure that the fundamental bypass decision is correct and robust is still far more important than the implementation details.