Re: [PATCH v2 19/24] iommu: Expose DMA domain strictness via sysfs

From: Jean-Philippe Brucker
Date: Fri Jul 30 2021 - 05:28:48 EST

Next message: Jean-Philippe Brucker: "Re: [PATCH v2 20/24] iommu: Merge strictness and domain type configs"
Previous message: Juergen Gross: "[PATCH v2 2/2] xen: rename wrong named pfn related variables"
In reply to: Lu Baolu: "Re: [PATCH v2 19/24] iommu: Expose DMA domain strictness via sysfs"
Next in thread: John Garry: "Re: [PATCH v2 19/24] iommu: Expose DMA domain strictness via sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 28, 2021 at 04:58:40PM +0100, Robin Murphy wrote:
> The sysfs interface for default domain types exists primarily so users
> can choose the performance/security tradeoff relevant to their own
> workload. As such, the choice between the policies for DMA domains fits
> perfectly as an additional point on that scale - downgrading a
> particular device from a strict default to non-strict may be enough to
> let it reach the desired level of performance, while still retaining
> more peace of mind than with a wide-open identity domain. Now that we've
> abstracted non-strict mode as a distinct type of DMA domain, allow it to
> be chosen through the user interface as well.
>
> Signed-off-by: Robin Murphy <robin.murphy@xxxxxxx>
> ---
> Documentation/ABI/testing/sysfs-kernel-iommu_groups | 2 ++
> drivers/iommu/iommu.c | 2 ++
> 2 files changed, 4 insertions(+)
>
> diff --git a/Documentation/ABI/testing/sysfs-kernel-iommu_groups b/Documentation/ABI/testing/sysfs-kernel-iommu_groups
> index eae2f1c1e11e..43ba764ba5b7 100644
> --- a/Documentation/ABI/testing/sysfs-kernel-iommu_groups
> +++ b/Documentation/ABI/testing/sysfs-kernel-iommu_groups
> @@ -42,6 +42,8 @@ Description: /sys/kernel/iommu_groups/<grp_id>/type shows the type of default
> ======== ======================================================
> DMA All the DMA transactions from the device in this group
> are translated by the iommu.
> + DMA-FQ As above, but using batched invalidation to lazily
> + remove translations after use.

It might be useful to desribe the security/performance tradeoff here as
well. I guess a normal user is more likely to look at the doc for this
sysfs knob than the kernel config or parameters.

Thanks,
Jean

> identity All the DMA transactions from the device in this group
> are not translated by the iommu.
> auto Change to the type the device was booted with.
> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> index eecb5657de69..5a08e0806cbb 100644
> --- a/drivers/iommu/iommu.c
> +++ b/drivers/iommu/iommu.c
> @@ -3265,6 +3265,8 @@ static ssize_t iommu_group_store_type(struct iommu_group *group,
> req_type = IOMMU_DOMAIN_IDENTITY;
> else if (sysfs_streq(buf, "DMA"))
> req_type = IOMMU_DOMAIN_DMA;
> + else if (sysfs_streq(buf, "DMA-FQ"))
> + req_type = IOMMU_DOMAIN_DMA_FQ;
> else if (sysfs_streq(buf, "auto"))
> req_type = 0;
> else
> --
> 2.25.1
>
> _______________________________________________
> iommu mailing list
> iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx
> https://lists.linuxfoundation.org/mailman/listinfo/iommu

Next message: Jean-Philippe Brucker: "Re: [PATCH v2 20/24] iommu: Merge strictness and domain type configs"
Previous message: Juergen Gross: "[PATCH v2 2/2] xen: rename wrong named pfn related variables"
In reply to: Lu Baolu: "Re: [PATCH v2 19/24] iommu: Expose DMA domain strictness via sysfs"
Next in thread: John Garry: "Re: [PATCH v2 19/24] iommu: Expose DMA domain strictness via sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]