Re: [PATCH] iommu: Add support to filter non-strict/lazy mode based on device names
From: Sai Prakash Ranjan
Date: Wed Aug 26 2020 - 08:17:51 EST
On 2020-08-26 17:07, Robin Murphy wrote:
On 2020-08-25 16:42, Sai Prakash Ranjan wrote:
Currently the non-strict or lazy mode of TLB invalidation can only be
set
for all or no domains. This works well for development platforms where
setting to non-strict/lazy mode is fine for performance reasons but on
production devices, we need a more fine grained control to allow only
certain peripherals to support this mode where we can be sure that it
is
safe. So add support to filter non-strict/lazy mode based on the
device
names that are passed via cmdline parameter "iommu.nonstrict_device".
There seems to be considerable overlap here with both the existing
patches for per-device default domain control [1], and the broader
ongoing development on how to define, evaluate and handle "trusted"
vs. "untrusted" devices (e.g. [2],[3]). I'd rather see work done to
make sure those integrate properly together and work well for
everyone's purposes, than add more disjoint mechanisms that only
address small pieces of the overall issue.
Robin.
[1]
https://lore.kernel.org/linux-iommu/20200824051726.7xaJRTTszJuzdFWGJ8YNsshCtfNR0BNeMrlILAyqt_0@z/
[2]
https://lore.kernel.org/linux-iommu/20200630044943.3425049-1-rajatja@xxxxxxxxxx/
[3]
https://lore.kernel.org/linux-iommu/20200626002710.110200-2-rajatja@xxxxxxxxxx/
Thanks for the links, [1] definitely sounds interesting, I was under the
impression
that changing such via sysfs is late, but seems like other Sai has got
it working
for the default domain type. So we can extend that and add a strict
attribute as well,
we should be definitely OK with system booting with default strict mode
for all
peripherals as long as we have an option to change that later, Doug?
Thanks,
Sai
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a
member
of Code Aurora Forum, hosted by The Linux Foundation