From: Robin Murphy <robin.murphy@arm.com>
To: lirongqing <lirongqing@baidu.com>, Joerg Roedel <joro@8bytes.org>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
Will Deacon <will@kernel.org>,
iommu@lists.linux.dev, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] iommu/amd: Default to passthrough mode for improved performance
Date: Thu, 26 Mar 2026 10:36:32 +0000 [thread overview]
Message-ID: <ee12aa71-b5ea-4364-be36-5d902ef035f2@arm.com> (raw)
In-Reply-To: <20260326093801.2213-1-lirongqing@baidu.com>
On 2026-03-26 9:38 am, lirongqing wrote:
> From: Li RongQing <lirongqing@baidu.com>
>
> On x86 platforms, AMD IOMMU is typically enabled by default. When the
> kernel is compiled with CONFIG_IOMMU_DEFAULT_DMA_LAZY, the IOMMU
> operates in translated mode with deferred TLB flushing. While this
> provides a security layer, it introduces measurable performance
> overhead compared to Intel systems where the IOMMU often defaults
> to a disabled state.
>
> To optimize out-of-the-box performance for AMD users, shift the
> default to passthrough mode when the following conditions are met:
> 1. No explicit IOMMU mode was requested via the command line.
> 2. The kernel was configured to use 'lazy' DMA remapping by default.
> 3. Memory encryption (SME/SEV) is not active, as these features
> require translation for security.
>
> This change allows standard DMA operations to bypass remapping
> overhead while maintaining the ability for users to explicitly
> enable translation if required.
>
> To support this, export iommu_dma_is_user_configured() from the
> IOMMU core to allow vendor drivers to check if the DMA API
> configuration was overridden by the user.
Frankly, no. CONFIG_IOMMU_DEFAULT_PASSTHROUGH already exists for users
who want that behaviour. IF you want an equivalent of
CONFIG_INTEL_IOMMU_DEFAULT_ON which prevents the IOMMU being used at all
then implement that (however I imagine a lot of VFIO users would be
unhappy about changing the default of that at this point). You can't
just completely break CONFIG_IOMMU_DEFAULT_DMA_LAZY for all the users
who do want its particular behaviour.
Note that "lazy" mode does still represent nearly all of the
security/memory safety functionality offered by the IOMMU, so it does
have significant value - strict mode only adds protection for
use-after-free of memory which _was_ already a legitimate DMA buffer for
the given device at one point. A better title for this patch would be
"Silently make AMD systems less secure unless users go out of their way
to add command-line arguments to work around this change"...
There may well also still be some performance difference between the
IOMMU being enabled in passthrough, and being truly disabled - I seem to
recall the Intel GPU folks saying that was significant enough to care
about at least on some older Intel systems.
Thansk,
Robin.
> Signed-off-by: Li RongQing <lirongqing@baidu.com>
> ---
> drivers/iommu/amd/init.c | 9 +++++++++
> drivers/iommu/iommu.c | 6 ++++++
> include/linux/iommu.h | 1 +
> 3 files changed, 16 insertions(+)
>
> diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c
> index f3fd7f3..e89a5ce 100644
> --- a/drivers/iommu/amd/init.c
> +++ b/drivers/iommu/amd/init.c
> @@ -3619,6 +3619,15 @@ void __init amd_iommu_detect(void)
> amd_iommu_detected = true;
> iommu_detected = 1;
> x86_init.iommu.iommu_init = amd_iommu_init;
> +
> + if (!iommu_dma_is_user_configured()) {
> + if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT) &&
> + IS_ENABLED(CONFIG_IOMMU_DEFAULT_DMA_LAZY)) {
> + pr_info("Defaulting to Passthrough mode for performance\n");
> + iommu_set_default_passthrough(false);
> + }
> + }
> +
> return;
>
> disable_snp:
> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> index 50718ab..a950dbb 100644
> --- a/drivers/iommu/iommu.c
> +++ b/drivers/iommu/iommu.c
> @@ -4091,3 +4091,9 @@ int iommu_dma_prepare_msi(struct msi_desc *desc, phys_addr_t msi_addr)
> return ret;
> }
> #endif /* CONFIG_IRQ_MSI_IOMMU */
> +
> +bool iommu_dma_is_user_configured(void)
> +{
> + return !!(iommu_cmd_line & IOMMU_CMD_LINE_DMA_API);
> +}
> +EXPORT_SYMBOL_GPL(iommu_dma_is_user_configured);
> diff --git a/include/linux/iommu.h b/include/linux/iommu.h
> index 54b8b48..c3ff8a9 100644
> --- a/include/linux/iommu.h
> +++ b/include/linux/iommu.h
> @@ -967,6 +967,7 @@ int iommu_set_pgtable_quirks(struct iommu_domain *domain,
> unsigned long quirks);
>
> void iommu_set_dma_strict(void);
> +bool iommu_dma_is_user_configured(void);
>
> extern int report_iommu_fault(struct iommu_domain *domain, struct device *dev,
> unsigned long iova, int flags);
next prev parent reply other threads:[~2026-03-26 10:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-26 9:38 [PATCH] iommu/amd: Default to passthrough mode for improved performance lirongqing
2026-03-26 10:36 ` Robin Murphy [this message]
2026-03-27 9:25 ` 答复: [外部邮件] " Li,Rongqing(ACG CCN)
2026-04-01 15:47 ` Robin Murphy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ee12aa71-b5ea-4364-be36-5d902ef035f2@arm.com \
--to=robin.murphy@arm.com \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lirongqing@baidu.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox