Hi Robin,
On Fri, Jul 09, 2021 at 02:56:47PM +0100, Robin Murphy wrote:
As I mentioned before, conceptually I think this very much belongs in sysfs
as a user decision. We essentially have 4 levels of "strictness":
1: DMA domain with bounce pages
2: DMA domain
3: DMA domain with flush queue
4: Identity domain
Together with reasonable defaults (influenced by compile-time
options) it seems to be a good thing to configure at runtime via
sysfs.
We already have CONFIG_IOMMU_DEFAULT_PASSTHROUGH, which can probably be
extended to be an option list:
- CONFIG_IOMMU_DEFAULT_PASSTHROUGH: Trusted devices are identity
mapped
- CONFIG_IOMMU_DEFAULT_DMA_STRICT: Trusted devices are DMA
mapped with strict flush
behavior on unmap
- CONFIG_IOMMU_DEFAULT_DMA_LAZY: Trusted devices are DMA mapped
with flush queues for performance
Untrusted devices always get into the DMA domain with bounce pages by
default.
The defaults can be changed at runtime via sysfs. We already have basic
support for runtime switching of the default domain, so that can be
re-used.