From: Mika Westerberg <mika.westerberg-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
To: Yehezkel Bernat <yehezkelshb-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: ashok.raj-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
Mario Limonciello
<Mario.Limonciello-8PEkshWhKlo@public.gmane.org>,
michael.jamet-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
Christian Kellner
<ckellner-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
rjw-LthD3rsA81gm4RdzfppkhA@public.gmane.org,
Anthony Wong
<anthony.wong-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Andreas Noever
<andreas.noever-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
lukas-JFq808J9C/izQB+pC5nmwQ@public.gmane.org,
jacob.jun.pan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org,
linux-pci-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Bjorn Helgaas <bhelgaas-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
linux-acpi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
David Woodhouse <dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
Subject: Re: [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace
Date: Tue, 13 Nov 2018 18:12:58 +0200 [thread overview]
Message-ID: <20181113161258.GE2500@lahna.fi.intel.com> (raw)
In-Reply-To: <CA+CmpXteN1PJEHMV8rvfeBXK6Eb4z6BgZwa8Ojavi1y9pKN-jA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Tue, Nov 13, 2018 at 05:38:53PM +0200, Yehezkel Bernat wrote:
> Good point. But I thought about per-TBT-device decision. If the platform is
> configured for IOMMU+"user" security level, while approving the device the user
> may want to set also in which IOMMU group to put all the PCIe devices connected
> to it. The same goes if kernel is supposed to auto-approve such devices based on
> an internal table. The point is that we can think on a configuration where the
> devices aren't tunneled yet and the decision about IOMMU can still be changed.
Right, some of these systems have security level set to "user" so there
we could have a way to put the device into passthrough mode before it
appears on the PCIe bus. That would require some sort of API on the
IOMMU side, though.
> As you mentioned this isn't the common configuration anyway, so it probably
> doesn't worth all this hassle.
AFAIK mixing the two is not something they are going to be supporting in
Windows so I would not expect it to be common. I think the ultimate goal
is to move away from security levels towards IOMMU DMA protection so in
future I would expect more and more systems with IOMMU enabled +
security level set to "none".
So I agree with you that it probably is not worth doing at least without
having more data about real performance issues around this. ;-)
WARNING: multiple messages have this Message-ID (diff)
From: Mika Westerberg <mika.westerberg@linux.intel.com>
To: Yehezkel Bernat <yehezkelshb@gmail.com>
Cc: iommu@lists.linux-foundation.org, joro@8bytes.org,
David Woodhouse <dwmw2@infradead.org>,
baolu.lu@linux.intel.com, ashok.raj@intel.com,
Bjorn Helgaas <bhelgaas@google.com>,
rjw@rjwysocki.net, jacob.jun.pan@intel.com,
Andreas Noever <andreas.noever@gmail.com>,
michael.jamet@intel.com, lukas@wunner.de,
Christian Kellner <ckellner@redhat.com>,
Mario Limonciello <Mario.Limonciello@dell.com>,
Anthony Wong <anthony.wong@canonical.com>,
linux-acpi@vger.kernel.org, linux-pci@vger.kernel.org,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace
Date: Tue, 13 Nov 2018 18:12:58 +0200 [thread overview]
Message-ID: <20181113161258.GE2500@lahna.fi.intel.com> (raw)
In-Reply-To: <CA+CmpXteN1PJEHMV8rvfeBXK6Eb4z6BgZwa8Ojavi1y9pKN-jA@mail.gmail.com>
On Tue, Nov 13, 2018 at 05:38:53PM +0200, Yehezkel Bernat wrote:
> Good point. But I thought about per-TBT-device decision. If the platform is
> configured for IOMMU+"user" security level, while approving the device the user
> may want to set also in which IOMMU group to put all the PCIe devices connected
> to it. The same goes if kernel is supposed to auto-approve such devices based on
> an internal table. The point is that we can think on a configuration where the
> devices aren't tunneled yet and the decision about IOMMU can still be changed.
Right, some of these systems have security level set to "user" so there
we could have a way to put the device into passthrough mode before it
appears on the PCIe bus. That would require some sort of API on the
IOMMU side, though.
> As you mentioned this isn't the common configuration anyway, so it probably
> doesn't worth all this hassle.
AFAIK mixing the two is not something they are going to be supporting in
Windows so I would not expect it to be common. I think the ultimate goal
is to move away from security levels towards IOMMU DMA protection so in
future I would expect more and more systems with IOMMU enabled +
security level set to "none".
So I agree with you that it probably is not worth doing at least without
having more data about real performance issues around this. ;-)
next prev parent reply other threads:[~2018-11-13 16:12 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-12 16:06 [PATCH 0/4] PCI / iommu / thunderbolt: IOMMU based DMA protection Mika Westerberg
[not found] ` <20181112160628.86620-1-mika.westerberg-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
2018-11-12 16:06 ` [PATCH 1/4] PCI / ACPI: Identify external PCI devices Mika Westerberg
2018-11-12 16:06 ` Mika Westerberg
2018-11-12 18:02 ` Lukas Wunner
[not found] ` <20181112180203.lx72gjfplb6xlur7-JFq808J9C/izQB+pC5nmwQ@public.gmane.org>
2018-11-13 10:56 ` Lorenzo Pieralisi
2018-11-13 10:56 ` Lorenzo Pieralisi
2018-11-13 11:27 ` Mika Westerberg
[not found] ` <20181113112700.GT2500-3PARRvDOhMZrdx17CPfAsdBPR1lH4CV8@public.gmane.org>
2018-11-13 11:45 ` Lorenzo Pieralisi
2018-11-13 11:45 ` Lorenzo Pieralisi
2018-11-15 10:22 ` Mika Westerberg
2018-11-15 11:13 ` Lorenzo Pieralisi
[not found] ` <20181115111356.GA599-4tUPXFaYRHv6sAKXYmQ0tx/iLCjYCKR+VpNB7YpNyf8@public.gmane.org>
2018-11-15 11:37 ` Mika Westerberg
2018-11-15 11:37 ` Mika Westerberg
2018-11-15 12:07 ` Lukas Wunner
2018-11-15 12:16 ` Mika Westerberg
2018-11-15 17:46 ` Lorenzo Pieralisi
2018-11-15 17:58 ` Yehezkel Bernat
2018-11-15 17:58 ` Yehezkel Bernat
2018-11-15 19:10 ` Mika Westerberg
2018-11-15 19:27 ` Lukas Wunner
2018-11-15 19:32 ` Mika Westerberg
2018-11-16 9:18 ` Christoph Hellwig
2018-11-16 9:32 ` Mika Westerberg
2018-11-22 10:48 ` Mika Westerberg
2018-11-22 10:59 ` Christoph Hellwig
2018-11-15 19:00 ` Mika Westerberg
2018-11-15 19:33 ` Mario.Limonciello
2018-11-15 19:33 ` Mario.Limonciello
2018-11-16 10:57 ` Lorenzo Pieralisi
2018-11-20 21:43 ` Rafael J. Wysocki
2018-11-21 12:40 ` Lorenzo Pieralisi
2018-11-16 7:01 ` Mika Westerberg
2018-11-12 16:06 ` [PATCH 2/4] iommu/vt-d: Force IOMMU on for platform opt in hint Mika Westerberg
2018-11-12 16:06 ` Mika Westerberg
2018-11-12 17:49 ` Raj, Ashok
2018-11-12 18:09 ` Alex Williamson
2018-11-12 19:51 ` Raj, Ashok
2018-11-12 16:06 ` [PATCH 3/4] iommu/vt-d: Do not enable ATS for external devices Mika Westerberg
2018-11-12 17:53 ` Raj, Ashok
2018-11-12 16:06 ` [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace Mika Westerberg
2018-11-12 16:22 ` Mario.Limonciello
2018-11-12 16:22 ` Mario.Limonciello
2018-11-13 10:36 ` Mika Westerberg
2018-11-12 16:59 ` Yehezkel Bernat
2018-11-13 10:55 ` Mika Westerberg
2018-11-13 11:13 ` Yehezkel Bernat
2018-11-13 11:40 ` Mika Westerberg
2018-11-13 14:42 ` Yehezkel Bernat
[not found] ` <CA+CmpXt1cfqjz94=WsggKpNCUw3761-cewa_HTa0ETcYK7o+Hw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-11-13 15:20 ` Mika Westerberg
[not found] ` <20181113152038.GD2500-3PARRvDOhMZrdx17CPfAsdBPR1lH4CV8@public.gmane.org>
2018-11-13 15:38 ` Yehezkel Bernat
2018-11-13 15:38 ` Yehezkel Bernat
[not found] ` <CA+CmpXteN1PJEHMV8rvfeBXK6Eb4z6BgZwa8Ojavi1y9pKN-jA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-11-13 16:12 ` Mika Westerberg [this message]
2018-11-13 16:12 ` Mika Westerberg
2018-11-12 18:12 ` [PATCH 0/4] PCI / iommu / thunderbolt: IOMMU based DMA protection Lukas Wunner
[not found] ` <20181112181214.xaahc5wni4vuwl6h-JFq808J9C/izQB+pC5nmwQ@public.gmane.org>
2018-11-12 19:04 ` Yehezkel Bernat
2018-11-12 19:04 ` Yehezkel Bernat
2018-11-13 11:13 ` Mika Westerberg
2018-11-13 11:13 ` Mika Westerberg
2018-11-13 8:54 ` Joerg Roedel
2018-11-13 11:32 ` Mika Westerberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181113161258.GE2500@lahna.fi.intel.com \
--to=mika.westerberg-vuqaysv1563yd54fqh9/ca@public.gmane.org \
--cc=Mario.Limonciello-8PEkshWhKlo@public.gmane.org \
--cc=andreas.noever-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=anthony.wong-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=ashok.raj-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=bhelgaas-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=ckellner-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=jacob.jun.pan-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=linux-acpi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-pci-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=lukas-JFq808J9C/izQB+pC5nmwQ@public.gmane.org \
--cc=michael.jamet-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=rjw-LthD3rsA81gm4RdzfppkhA@public.gmane.org \
--cc=yehezkelshb-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.