From: Zhen Lei <[email protected]>
First, add build options IOMMU_DEFAULT_{LAZY|STRICT}, so that we have the
opportunity to set {lazy|strict} mode as default at build time. Then put
the two config options in an choice, as they are mutually exclusive.
[jpg: Make choice between strict and lazy only (and not passthrough)]
Signed-off-by: Zhen Lei <[email protected]>
Signed-off-by: John Garry <[email protected]>
Reviewed-by: Robin Murphy <[email protected]>
---
.../admin-guide/kernel-parameters.txt | 3 +-
drivers/iommu/Kconfig | 40 +++++++++++++++++++
drivers/iommu/iommu.c | 2 +-
3 files changed, 43 insertions(+), 2 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 673952379900..a1b7c8526bb5 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2046,9 +2046,10 @@
throughput at the cost of reduced device isolation.
Will fall back to strict mode if not supported by
the relevant IOMMU driver.
- 1 - Strict mode (default).
+ 1 - Strict mode.
DMA unmap operations invalidate IOMMU hardware TLBs
synchronously.
+ unset - Use value of CONFIG_IOMMU_DEFAULT_{LAZY,STRICT}.
Note: on x86, the default behaviour depends on the
equivalent driver-specific parameters, but a strict
mode explicitly specified by either method takes
diff --git a/drivers/iommu/Kconfig b/drivers/iommu/Kconfig
index 1f111b399bca..0327a942fdb7 100644
--- a/drivers/iommu/Kconfig
+++ b/drivers/iommu/Kconfig
@@ -90,6 +90,46 @@ config IOMMU_DEFAULT_PASSTHROUGH
If unsure, say N here.
+choice
+ prompt "IOMMU default DMA IOTLB invalidation mode"
+ depends on IOMMU_DMA
+
+ default IOMMU_DEFAULT_STRICT
+ help
+ This option allows an IOMMU DMA IOTLB invalidation mode to be
+ chosen at build time, to override the default mode of each ARCH,
+ removing the need to pass in kernel parameters through command line.
+ It is still possible to provide common boot params to override this
+ config.
+
+ If unsure, keep the default.
+
+config IOMMU_DEFAULT_STRICT
+ bool "strict"
+ help
+ For every IOMMU DMA unmap operation, the flush operation of IOTLB and
+ the free operation of IOVA are guaranteed to be done in the unmap
+ function.
+
+config IOMMU_DEFAULT_LAZY
+ bool "lazy"
+ help
+ Support lazy mode, where for every IOMMU DMA unmap operation, the
+ flush operation of IOTLB and the free operation of IOVA are deferred.
+ They are only guaranteed to be done before the related IOVA will be
+ reused.
+
+ The isolation provided in this mode is not as secure as STRICT mode,
+ such that a vulnerable time window may be created between the DMA
+ unmap and the mappings cached in the IOMMU IOTLB or device TLB
+ finally being invalidated, where the device could still access the
+ memory which has already been unmapped by the device driver.
+ However this mode may provide better performance in high throughput
+ scenarios, and is still considerably more secure than passthrough
+ mode or no IOMMU.
+
+endchoice
+
config OF_IOMMU
def_bool y
depends on OF && IOMMU_API
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index cf58949cc2f3..60b1ec42e73b 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -29,7 +29,7 @@ static struct kset *iommu_group_kset;
static DEFINE_IDA(iommu_group_ida);
static unsigned int iommu_def_domain_type __read_mostly;
-static bool iommu_dma_strict __read_mostly = true;
+static bool iommu_dma_strict __read_mostly = IS_ENABLED(CONFIG_IOMMU_DEFAULT_STRICT);
static u32 iommu_cmd_line __read_mostly;
struct iommu_group {
--
2.26.2
On 2021/6/18 19:34, John Garry wrote:
> From: Zhen Lei <[email protected]>
>
> First, add build options IOMMU_DEFAULT_{LAZY|STRICT}, so that we have the
> opportunity to set {lazy|strict} mode as default at build time. Then put
> the two config options in an choice, as they are mutually exclusive.
>
> [jpg: Make choice between strict and lazy only (and not passthrough)]
> Signed-off-by: Zhen Lei <[email protected]>
> Signed-off-by: John Garry <[email protected]>
> Reviewed-by: Robin Murphy <[email protected]>
> ---
> .../admin-guide/kernel-parameters.txt | 3 +-
> drivers/iommu/Kconfig | 40 +++++++++++++++++++
> drivers/iommu/iommu.c | 2 +-
> 3 files changed, 43 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 673952379900..a1b7c8526bb5 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -2046,9 +2046,10 @@
> throughput at the cost of reduced device isolation.
> Will fall back to strict mode if not supported by
> the relevant IOMMU driver.
> - 1 - Strict mode (default).
> + 1 - Strict mode.
> DMA unmap operations invalidate IOMMU hardware TLBs
> synchronously.
> + unset - Use value of CONFIG_IOMMU_DEFAULT_{LAZY,STRICT}.
> Note: on x86, the default behaviour depends on the
> equivalent driver-specific parameters, but a strict
> mode explicitly specified by either method takes
> diff --git a/drivers/iommu/Kconfig b/drivers/iommu/Kconfig
> index 1f111b399bca..0327a942fdb7 100644
> --- a/drivers/iommu/Kconfig
> +++ b/drivers/iommu/Kconfig
> @@ -90,6 +90,46 @@ config IOMMU_DEFAULT_PASSTHROUGH
>
> If unsure, say N here.
>
> +choice
> + prompt "IOMMU default DMA IOTLB invalidation mode"
> + depends on IOMMU_DMA
> +
> + default IOMMU_DEFAULT_STRICT
> + help
> + This option allows an IOMMU DMA IOTLB invalidation mode to be
> + chosen at build time, to override the default mode of each ARCH,
> + removing the need to pass in kernel parameters through command line.
> + It is still possible to provide common boot params to override this
> + config.
> +
> + If unsure, keep the default.
> +
> +config IOMMU_DEFAULT_STRICT
> + bool "strict"
> + help
> + For every IOMMU DMA unmap operation, the flush operation of IOTLB and
> + the free operation of IOVA are guaranteed to be done in the unmap
> + function.
> +
> +config IOMMU_DEFAULT_LAZY
> + bool "lazy"
> + help
> + Support lazy mode, where for every IOMMU DMA unmap operation, the
> + flush operation of IOTLB and the free operation of IOVA are deferred.
> + They are only guaranteed to be done before the related IOVA will be
> + reused.
> +
> + The isolation provided in this mode is not as secure as STRICT mode,
> + such that a vulnerable time window may be created between the DMA
> + unmap and the mappings cached in the IOMMU IOTLB or device TLB
> + finally being invalidated, where the device could still access the
> + memory which has already been unmapped by the device driver.
> + However this mode may provide better performance in high throughput
> + scenarios, and is still considerably more secure than passthrough
> + mode or no IOMMU.
> +
> +endchoice
> +
> config OF_IOMMU
> def_bool y
> depends on OF && IOMMU_API
> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> index cf58949cc2f3..60b1ec42e73b 100644
> --- a/drivers/iommu/iommu.c
> +++ b/drivers/iommu/iommu.c
> @@ -29,7 +29,7 @@ static struct kset *iommu_group_kset;
> static DEFINE_IDA(iommu_group_ida);
>
> static unsigned int iommu_def_domain_type __read_mostly;
> -static bool iommu_dma_strict __read_mostly = true;
> +static bool iommu_dma_strict __read_mostly = IS_ENABLED(CONFIG_IOMMU_DEFAULT_STRICT);
> static u32 iommu_cmd_line __read_mostly;
>
> struct iommu_group {
>
Reviewed-by: Lu Baolu <[email protected]>
Best regards,
baolu