From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753118AbdEEIkJ (ORCPT ); Fri, 5 May 2017 04:40:09 -0400 Received: from mx2.suse.de ([195.135.220.15]:54520 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751482AbdEEIkI (ORCPT ); Fri, 5 May 2017 04:40:08 -0400 Date: Fri, 5 May 2017 10:40:04 +0200 From: Joerg Roedel To: Ingo Molnar Cc: Shaohua Li , linux-kernel@vger.kernel.org, gang.wei@intel.com, hpa@linux.intel.com, kernel-team@fb.com, ning.sun@intel.com, srihan@fb.com, alex.eydelberg@intel.com Subject: Re: [PATCH V2] x86/tboot: add an option to disable iommu force on Message-ID: <20170505084004.GM5077@suse.de> References: <1c2cadcf5cd7d19cea93c56435610e61b551bd1e.1493223474.git.shli@fb.com> <20170427065142.lnsdegq7zwxacqo2@gmail.com> <20170427084207.GU5077@suse.de> <20170505065920.qagb7qvmr3iryyzj@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170505065920.qagb7qvmr3iryyzj@gmail.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Ingo, On Fri, May 05, 2017 at 08:59:20AM +0200, Ingo Molnar wrote: > * Joerg Roedel wrote: > > The problem solved here is that someone wants tboot for security > > reasons, but doesn't want the performance penalty of having the IOMMU > > enabled and can live with the risk of an DMA attack. > > Yes, that makes sense - but in this case it would be far more user friendly to > make it a sysctl, not a boot option. This is also much more manageable for > distributions and also allows it to be more easily turned into a security policy > feature. > > New boot options should be for debugging hacks in essence - any serious hardware > configuration should be done via more user-friendly methods. I agree in general that a sysctl would be more user-friendly. But the problem is that enabling/disabling the IOMMU is a boot-time option that can't be changed at runtime. That is because this decission defines how the bus addresses are mapped to physical addresses through the dma-api. When the iommu is disabled, it is just a 1-1 mapping, but when it is enabled a physical address could end up on any address in the bus address space. Once drivers are loaded that allocate those addresses we can't change the mappings anymore as disabling the iommu would do. Regards, Joerg