Hi Robin, On Fri, Jul 09, 2021 at 02:56:47PM +0100, Robin Murphy wrote: > As I mentioned before, conceptually I think this very much belongs in sysfs > as a user decision. We essentially have 4 levels of "strictness": > > 1: DMA domain with bounce pages > 2: DMA domain > 3: DMA domain with flush queue > 4: Identity domain Together with reasonable defaults (influenced by compile-time options) it seems to be a good thing to configure at runtime via sysfs. We already have CONFIG_IOMMU_DEFAULT_PASSTHROUGH, which can probably be extended to be an option list: - CONFIG_IOMMU_DEFAULT_PASSTHROUGH: Trusted devices are identity mapped - CONFIG_IOMMU_DEFAULT_DMA_STRICT: Trusted devices are DMA mapped with strict flush behavior on unmap - CONFIG_IOMMU_DEFAULT_DMA_LAZY: Trusted devices are DMA mapped with flush queues for performance Untrusted devices always get into the DMA domain with bounce pages by default. The defaults can be changed at runtime via sysfs. We already have basic support for runtime switching of the default domain, so that can be re-used. Regards, Joerg
