no_platform_optin is redundant with dmar_disabled and it's only used in
platform_optin_force_iommu(), remove it and use dmar_disabled instead.
Meanwhile remove all the dead code in platform_optin_force_iommu().
Signed-off-by: Zhenzhong Duan <[email protected]>
---
drivers/iommu/intel/iommu.c | 14 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 8651f6d4dfa0..a011d1ed63ef 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -180,7 +180,6 @@ static int rwbf_quirk;
*/
static int force_on = 0;
int intel_iommu_tboot_noforce;
-static int no_platform_optin;
#define ROOT_ENTRY_NR (VTD_PAGE_SIZE/sizeof(struct root_entry))
@@ -440,7 +439,6 @@ static int __init intel_iommu_setup(char *str)
pr_info("IOMMU enabled\n");
} else if (!strncmp(str, "off", 3)) {
dmar_disabled = 1;
- no_platform_optin = 1;
pr_info("IOMMU disabled\n");
} else if (!strncmp(str, "igfx_off", 8)) {
dmar_map_gfx = 0;
@@ -4810,20 +4808,12 @@ static inline bool has_external_pci(void)
static int __init platform_optin_force_iommu(void)
{
- if (!dmar_platform_optin() || no_platform_optin || !has_external_pci())
+ if (!dmar_platform_optin() || dmar_disabled || !has_external_pci())
return 0;
- if (no_iommu || dmar_disabled)
+ if (no_iommu)
pr_info("Intel-IOMMU force enabled due to platform opt in\n");
- /*
- * If Intel-IOMMU is disabled by default, we will apply identity
- * map for all devices except those marked as being untrusted.
- */
- if (dmar_disabled)
- iommu_set_default_passthrough(false);
-
- dmar_disabled = 0;
no_iommu = 0;
return 1;
--
2.25.1
Hi Zhenzhong,
On 11/4/20 4:19 PM, Zhenzhong Duan wrote:
> no_platform_optin is redundant with dmar_disabled and it's only used in
> platform_optin_force_iommu(), remove it and use dmar_disabled instead.
It's actually not.
If CONFIG_INTEL_IOMMU_DEFAULT_ON is not set, we will get "dmar_disable =
1" and "no_platform_optin = 0". In this case, we must force the iommu on
and set dmar_disable = 0.
The real use case: if a kernel built with [CONFIG_INTEL_IOMMU_DEFAULT_ON
= n] running on a platform with thunderbolt ports, we must force IOMMU
on so that the system could be protected from possible malicious
peripherals.
Best regards,
baolu
>
> Meanwhile remove all the dead code in platform_optin_force_iommu().
>
> Signed-off-by: Zhenzhong Duan <[email protected]>
> ---
> drivers/iommu/intel/iommu.c | 14 ++------------
> 1 file changed, 2 insertions(+), 12 deletions(-)
>
> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
> index 8651f6d4dfa0..a011d1ed63ef 100644
> --- a/drivers/iommu/intel/iommu.c
> +++ b/drivers/iommu/intel/iommu.c
> @@ -180,7 +180,6 @@ static int rwbf_quirk;
> */
> static int force_on = 0;
> int intel_iommu_tboot_noforce;
> -static int no_platform_optin;
>
> #define ROOT_ENTRY_NR (VTD_PAGE_SIZE/sizeof(struct root_entry))
>
> @@ -440,7 +439,6 @@ static int __init intel_iommu_setup(char *str)
> pr_info("IOMMU enabled\n");
> } else if (!strncmp(str, "off", 3)) {
> dmar_disabled = 1;
> - no_platform_optin = 1;
> pr_info("IOMMU disabled\n");
> } else if (!strncmp(str, "igfx_off", 8)) {
> dmar_map_gfx = 0;
> @@ -4810,20 +4808,12 @@ static inline bool has_external_pci(void)
>
> static int __init platform_optin_force_iommu(void)
> {
> - if (!dmar_platform_optin() || no_platform_optin || !has_external_pci())
> + if (!dmar_platform_optin() || dmar_disabled || !has_external_pci())
> return 0;
>
> - if (no_iommu || dmar_disabled)
> + if (no_iommu)
> pr_info("Intel-IOMMU force enabled due to platform opt in\n");
>
> - /*
> - * If Intel-IOMMU is disabled by default, we will apply identity
> - * map for all devices except those marked as being untrusted.
> - */
> - if (dmar_disabled)
> - iommu_set_default_passthrough(false);
> -
> - dmar_disabled = 0;
> no_iommu = 0;
>
> return 1;
>
Hi Baolu,
On Thu, Nov 5, 2020 at 9:47 AM Lu Baolu <[email protected]> wrote:
>
> Hi Zhenzhong,
>
> On 11/4/20 4:19 PM, Zhenzhong Duan wrote:
> > no_platform_optin is redundant with dmar_disabled and it's only used in
> > platform_optin_force_iommu(), remove it and use dmar_disabled instead.
>
> It's actually not.
>
> If CONFIG_INTEL_IOMMU_DEFAULT_ON is not set, we will get "dmar_disable =
> 1" and "no_platform_optin = 0". In this case, we must force the iommu on
> and set dmar_disable = 0.
>
> The real use case: if a kernel built with [CONFIG_INTEL_IOMMU_DEFAULT_ON
> = n] running on a platform with thunderbolt ports, we must force IOMMU
> on so that the system could be protected from possible malicious
> peripherals.
Thanks for your explanation, clear now and sorry for the noise.
Regards
Zhenzhong