> Subject: Re: [EXTERNAL] Re: [PATCH v2 0/2] vhost-vdpa: Add support for NO- > IOMMU mode > > On Thu, Oct 17, 2024 at 08: 53: 08AM +0000, Srujana Challa wrote: > We > observed better performance with "intel_iommu=on" in high-end x86 > machines, > indicating that the performance limitations are specific to low- > end x86 hardware. What does > On Thu, Oct 17, 2024 at 08:53:08AM +0000, Srujana Challa wrote: > > We observed better performance with "intel_iommu=on" in high-end x86 > > machines, indicating that the performance limitations are specific to low- > end x86 hardware. > > What does "low-end" vs "high-end" mean? Atom vs other cores? High-end, model name : Intel(R) Xeon(R) Platinum 8462Y+, 64 Cores Low-end, model name : 13th Gen Intel(R) Core(TM) i9-13900K, 32 Cores > > > This presents a trade-off between performance and security. Since > > intel_iommu is enabled by default, users who prioritize security over > > performance do not need to disable this option. > > Either way, just disabling essential protection because it is slow is a no-go. > We'll need to either fix your issues, or you need to use more suitable > hardware for your workload. I disagree. Why to pay more HW cost if the use case does not need demand for it? fox example, embedded environment and trusted application are running. It is the same thing is done for VFIO scheme. I don't understand your reservation on a mode you are not planning to use and default is protected. There are a lot kernel options, which does the correct trade between various parameter like performance, security, power and HW cost etc.
