From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752628AbdEFJs6 (ORCPT ); Sat, 6 May 2017 05:48:58 -0400 Received: from mail-wr0-f196.google.com ([209.85.128.196]:33332 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751611AbdEFJst (ORCPT ); Sat, 6 May 2017 05:48:49 -0400 Date: Sat, 6 May 2017 11:48:45 +0200 From: Ingo Molnar To: Joerg Roedel Cc: Shaohua Li , linux-kernel@vger.kernel.org, gang.wei@intel.com, hpa@linux.intel.com, kernel-team@fb.com, ning.sun@intel.com, srihan@fb.com, alex.eydelberg@intel.com Subject: Re: [PATCH V2] x86/tboot: add an option to disable iommu force on Message-ID: <20170506094845.djhjiugvtuvqmbpc@gmail.com> References: <1c2cadcf5cd7d19cea93c56435610e61b551bd1e.1493223474.git.shli@fb.com> <20170427065142.lnsdegq7zwxacqo2@gmail.com> <20170427084207.GU5077@suse.de> <20170505065920.qagb7qvmr3iryyzj@gmail.com> <20170505084004.GM5077@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170505084004.GM5077@suse.de> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Joerg Roedel wrote: > Hi Ingo, > > On Fri, May 05, 2017 at 08:59:20AM +0200, Ingo Molnar wrote: > > * Joerg Roedel wrote: > > > > The problem solved here is that someone wants tboot for security > > > reasons, but doesn't want the performance penalty of having the IOMMU > > > enabled and can live with the risk of an DMA attack. > > > > Yes, that makes sense - but in this case it would be far more user friendly to > > make it a sysctl, not a boot option. This is also much more manageable for > > distributions and also allows it to be more easily turned into a security policy > > feature. > > > > New boot options should be for debugging hacks in essence - any serious hardware > > configuration should be done via more user-friendly methods. > > I agree in general that a sysctl would be more user-friendly. But the > problem is that enabling/disabling the IOMMU is a boot-time option that > can't be changed at runtime. > > That is because this decission defines how the bus addresses are mapped > to physical addresses through the dma-api. When the iommu is disabled, > it is just a 1-1 mapping, but when it is enabled a physical address > could end up on any address in the bus address space. > > Once drivers are loaded that allocate those addresses we can't change > the mappings anymore as disabling the iommu would do. Ok - that makes sense - I withdraw my objections: Acked-by: Ingo Molnar Thanks, Ingo