On Tue, Feb 28, 2023 at 10:33:41AM +0800, Lu Baolu wrote:
In normal processing of PCIe ATS requests, the IOMMU performs addressWhy is this an intel specific option?
translation and returns the device a physical memory address which
will be stored in that device's IOTLB. The device may subsequently
issue Translated DMA request containing physical memory address. The
IOMMU only checks that the device was allowed to issue such requests
and does not attempt to validate the physical address.
The Intel IOMMU implementation only allows PCIe ATS on several SOC-
integrated devices which are opt-in’ed through the ACPI tables to
prevent any compromised device from accessing arbitrary physical
memory.
Add a kernel option intel_iommu=relax_ats to allow users to have an
opt-in to allow turning on ATS at as wish, especially for CSP-owned
vertical devices. In any case, risky devices are not allowed to use
ATS.
all it does is effectively
disable untrusted?
Why not a global option? All iommu with ATS will
need this?
Also, why doesn't a "CSP" set their ACPI to make the devices they want
to use ATS with trusted instead of this?