Re: iommu non-strict mode for arm64
From: Robin Murphy
Date: Fri Feb 04 2022 - 07:37:01 EST
On 2022-02-04 05:46, Josh Poimboeuf wrote:
Hi all,
We've gotten significant slowdowns on arm64 with 4k pages compared to
64k. The slowdowns can be alleviated by setting iommu.strict=0 or
iommu.passthrough=1.
Is there a reason x86 defaults to lazy iommu, while arm64 does not? Are
there security implications which are specific to arm64?
The x86 behaviour is basically 2 decades of legacy where nobody now
feels brave enough to flip the default. At the time the arm64 IOMMU DMA
ops were first added, strict mode was the only thing feasible to
implement, but there was also a conscious consideration that having a
default assumption of "IOMMU == more protection" wasn't a bad thing
anyway. Given what played out a couple of years later, and everyone now
being that much more security-aware, I think that decision has only been
reinforced.
Passthrough and non-strict mode in iommu-dma only came along later, and
most IOMMU drivers for arm64 still don't support them, which is another
reason I'm still against changing the default today. However, if you're
confident that your arm64 users care more about high-bandwidth I/O
throughput than memory protection then feel free to set
IOMMU_DEFAULT_DMA_LAZY or IOMMU_DEFAULT_PASSTHROUGH in your config.
Cheers,
Robin.