Re: [PATCH 1/1] iommu/vt-d: Add opt-in for ATS support on discrete devices

[Jason Gunthorpe]

On Tue, Feb 28, 2023 at 10:33:41AM +0800, Lu Baolu wrote:
> In normal processing of PCIe ATS requests, the IOMMU performs address
> translation and returns the device a physical memory address which
> will be stored in that device's IOTLB. The device may subsequently
> issue Translated DMA request containing physical memory address. The
> IOMMU only checks that the device was allowed to issue such requests
> and does not attempt to validate the physical address.
> 
> The Intel IOMMU implementation only allows PCIe ATS on several SOC-
> integrated devices which are opt-in’ed through the ACPI tables to
> prevent any compromised device from accessing arbitrary physical
> memory.
> 
> Add a kernel option intel_iommu=relax_ats to allow users to have an
> opt-in to allow turning on ATS at as wish, especially for CSP-owned
> vertical devices. In any case, risky devices are not allowed to use
> ATS.

Why is this an intel specific option? all it does is effectively
disable untrusted? Why not a global option? All iommu with ATS will
need this?

Also, why doesn't a "CSP" set their ACPI to make the devices they want
to use ATS with trusted instead of this?

Jason