On Thursday 29 October 2015 10:10:46 Benjamin Herrenschmidt wrote: > > > Maybe we should at least coordinate IOMMU 'paranoid/fast' modes across > > architectures, and then the DMA_ATTR_IOMMU_BYPASS flag would have a > > sane meaning in the paranoid mode (and perhaps we'd want an ultra > > -paranoid mode where it's not honoured). > > Possibly, though ideally that would be a user policy but of course by > the time you get to userspace it's generally too late. IIRC, we have an 'iommu=force' command line switch for this, to ensure that no device can use a linear mapping and everything goes through the page tables. This is often useful for both debugging and as a security measure when dealing with unpriviledged DMA access (virtual machines, vfio, ...). If we add a DMA_ATTR_IOMMU_BYPASS attribute, we should clearly document which of the two we expect to take priority in cases where we have a choice. I wonder if the 'iommu=force' attribute is too coarse-grained though, and if we should perhaps allow a per-device setting on architectures that allow this. Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
