From: Joerg Roedel <jroedel@suse.de>
To: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
David Woodhouse <dwmw2@infradead.org>,
Shamir Rabinovitch <shamir.rabinovitch@oracle.com>,
corbet@lwn.net, linux-doc@vger.kernel.org,
linux-arch@vger.kernel.org, Andy Lutomirski <luto@kernel.org>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Cornelia Huck <cornelia.huck@de.ibm.com>,
Sebastian Ott <sebott@linux.vnet.ibm.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Christoph Hellwig <hch@lst.de>, KVM <kvm@vger.kernel.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
linux-s390 <linux-s390@vger.kernel.org>
Subject: Re: [PATCH v1 2/2] dma-mapping-common: add DMA attribute - DMA_ATTR_IOMMU_BYPASS
Date: Mon, 2 Nov 2015 15:51:15 +0100 [thread overview]
Message-ID: <20151102145115.GB2876@suse.de> (raw)
In-Reply-To: <3880193.j0XDKyhAXH@wuerfel>
On Fri, Oct 30, 2015 at 11:32:06AM +0100, Arnd Bergmann wrote:
> I wonder if the 'iommu=force' attribute is too coarse-grained though,
> and if we should perhaps allow a per-device setting on architectures
> that allow this.
Yeah, definitly. Currently we only have iommu=pt to enable pass-through
mode for _all_ devices. I think it makes sense to introduce a per-device
opt-in for pass-through, but have it configured by the user and not by
the device driver.
If the user enables the IOMMU in his system, he expects to be secure
against DMA attacks. If drivers could opt-out, every protection would be
voided.
Joerg
next prev parent reply other threads:[~2015-11-02 14:51 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-25 16:07 [PATCH v1 1/2] dma-mapping-common: add dma_map_page_attrs API Shamir Rabinovitch
2015-10-25 16:07 ` [PATCH v1 2/2] dma-mapping-common: add DMA attribute - DMA_ATTR_IOMMU_BYPASS Shamir Rabinovitch
2015-10-28 6:30 ` David Woodhouse
2015-10-28 11:10 ` Shamir Rabinovitch
2015-10-28 11:10 ` Shamir Rabinovitch
2015-10-28 13:31 ` David Woodhouse
2015-10-28 13:31 ` David Woodhouse
2015-10-28 14:07 ` David Miller
2015-10-28 13:57 ` David Woodhouse
2015-10-28 13:57 ` David Woodhouse
2015-10-29 0:23 ` David Miller
2015-10-29 0:23 ` David Miller
2015-10-28 14:07 ` David Miller
2015-10-29 0:32 ` Benjamin Herrenschmidt
2015-10-29 0:32 ` Benjamin Herrenschmidt
2015-10-29 0:42 ` David Woodhouse
2015-10-29 0:42 ` David Woodhouse
2015-10-29 1:10 ` Benjamin Herrenschmidt
2015-10-29 1:10 ` Benjamin Herrenschmidt
2015-10-29 18:31 ` Andy Lutomirski
2015-10-29 18:31 ` Andy Lutomirski
2015-10-29 22:35 ` David Woodhouse
2015-11-01 7:45 ` Shamir Rabinovitch
2015-11-01 7:45 ` Shamir Rabinovitch
2015-11-01 21:10 ` Benjamin Herrenschmidt
2015-11-01 21:10 ` Benjamin Herrenschmidt
2015-11-02 7:23 ` Shamir Rabinovitch
2015-11-02 10:00 ` Benjamin Herrenschmidt
2015-11-02 12:07 ` Shamir Rabinovitch
2015-11-02 20:13 ` Benjamin Herrenschmidt
2015-11-02 21:45 ` Arnd Bergmann
2015-11-02 21:45 ` Arnd Bergmann
2015-11-02 23:08 ` Benjamin Herrenschmidt
2015-11-02 23:08 ` Benjamin Herrenschmidt
2015-11-03 13:11 ` Christoph Hellwig
2015-11-03 13:11 ` Christoph Hellwig
2015-11-03 19:35 ` Benjamin Herrenschmidt
2015-11-03 19:35 ` Benjamin Herrenschmidt
2015-11-02 21:49 ` Shamir Rabinovitch
2015-11-02 22:48 ` David Woodhouse
2015-11-02 23:10 ` Benjamin Herrenschmidt
2015-11-02 23:10 ` Benjamin Herrenschmidt
2015-11-05 21:08 ` David Miller
2015-11-05 21:08 ` David Miller
2015-10-30 1:51 ` Benjamin Herrenschmidt
2015-10-30 1:51 ` Benjamin Herrenschmidt
2015-10-30 10:32 ` Arnd Bergmann
2015-10-30 10:32 ` Arnd Bergmann
2015-10-30 23:17 ` Benjamin Herrenschmidt
2015-10-30 23:17 ` Benjamin Herrenschmidt
2015-10-30 23:24 ` Arnd Bergmann
2015-11-02 14:51 ` Joerg Roedel [this message]
2015-10-29 7:32 ` Shamir Rabinovitch
2015-11-02 14:44 ` Joerg Roedel
2015-11-02 17:32 ` Shamir Rabinovitch
2015-11-02 17:32 ` Shamir Rabinovitch
2015-11-05 13:42 ` Joerg Roedel
2015-11-05 21:11 ` David Miller
2015-11-05 21:11 ` David Miller
2015-11-07 15:06 ` Shamir Rabinovitch
[not found] ` <CAN+hb0UvztgwNuAh93XdJEe7vgiZgNMc9mHNziHpEopg8Oi4Mg@mail.gmail.com>
2015-11-16 8:42 ` David Woodhouse
[not found] ` <CAN+hb0UWpfcS5DvgMxNjY-5JOztw2mO1r2FJAW17fn974mhxPA@mail.gmail.com>
2015-11-16 18:42 ` Benjamin Serebrin
2015-11-16 18:42 ` Benjamin Serebrin
-- strict thread matches above, loose matches on Subject: below --
2015-10-25 16:37 [PATCH v1 1/2] dma-mapping-common: add dma_map_page_attrs API Shamir Rabinovitch
2015-10-25 16:37 ` [PATCH v1 2/2] dma-mapping-common: add DMA attribute - DMA_ATTR_IOMMU_BYPASS Shamir Rabinovitch
2015-11-16 6:56 Benjamin Serebrin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151102145115.GB2876@suse.de \
--to=jroedel@suse.de \
--cc=arnd@arndb.de \
--cc=benh@kernel.crashing.org \
--cc=borntraeger@de.ibm.com \
--cc=corbet@lwn.net \
--cc=cornelia.huck@de.ibm.com \
--cc=dwmw2@infradead.org \
--cc=hch@lst.de \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=luto@kernel.org \
--cc=pbonzini@redhat.com \
--cc=schwidefsky@de.ibm.com \
--cc=sebott@linux.vnet.ibm.com \
--cc=shamir.rabinovitch@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).