Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S973430AbdDXQv2 (ORCPT ); Mon, 24 Apr 2017 12:51:28 -0400 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:52809 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S974948AbdDXQvT (ORCPT ); Mon, 24 Apr 2017 12:51:19 -0400 Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=fb.com; Date: Mon, 24 Apr 2017 09:50:59 -0700 From: Shaohua Li To: "Sun, Ning" CC: Joerg Roedel , "linux-kernel@vger.kernel.org" , "Wei, Gang" , "hpa@linux.intel.com" , "mingo@kernel.org" , "kernel-team@fb.com" , "srihan@fb.com" , "Eydelberg, Alex" Subject: Re: [RFC] x86/tboot: add an option to disable iommu force on Message-ID: <20170424165059.GA65052@MacBook-Pro.local> References: <20170322104900.GE8329@suse.de> <20170322115055.GA35752@dhcp-172-20-162-56.dhcp.thefacebook.com> <20170403191927.GA35817@MacBook-Pro.local> <20170407100840.GB23944@suse.de> <83BE7A8C0111FD48951B68B36BEFDFD40CF39F36@ORSMSX107.amr.corp.intel.com> <20170410043106.GA90090@MacBook-Pro-63.local.dhcp.thefacebook.com> <83BE7A8C0111FD48951B68B36BEFDFD40CF3C8DE@ORSMSX107.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <83BE7A8C0111FD48951B68B36BEFDFD40CF3C8DE@ORSMSX107.amr.corp.intel.com> User-Agent: Mutt/1.8.0 (2017-02-23) X-Originating-IP: [2620:10d:c090:200::8:bee8] X-ClientProxiedBy: MWHPR20CA0011.namprd20.prod.outlook.com (10.171.151.149) To MWHPR15MB1647.namprd15.prod.outlook.com (10.175.138.151) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 94d1a899-9cea-4453-d488-08d48b321aca X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(201703131423075)(201703031133081);SRVR:MWHPR15MB1647; X-Microsoft-Exchange-Diagnostics: 1;MWHPR15MB1647;3:PtKTpp01dr/GsZjD1Rk5auwJXIzlK+/yaZd0p1agkW5v01TlUCwwlGWcRS5FrcPL6TCw+6kJBDJfptS1BWOjcjvCVYaZdOGl1QyZGnNWDk0yu1ECCLy+D8yUNPcIzxmdlaGO51D7QX9LS33JrOlA6+I8xDOc0NoT6uY7O75Gf0BhbZLFTf9LwFkx2VSHCvwKisEzKJVPscEdJPCMmXQkIofb/NtBDspzL4SjjyesZtIjxBnTFM2oMui0nnO4WSUkjjRa5XpRlVRfpZxlnfdV1nGRSMaPlsOXqx4k1DuC8merdgty3pg/GATs5VFV085UMXwkDMrCBbSjdQQ5Y65fzQ==;25:GCDwR1vHrrV18kcGkF+GZ/6Q8SR503GucLj7/PpT8YB8xlQ9Vq4n/qra79hwnDRctyi2uWcjlDjA2VVPpFyy7z1xCJfopMWQvScRiMCXUZCa05W0bQesZ7ya0OWH128CHR65w5355WpjILwJP9FAGYBiwLOnhH+MKADYqo+YfZ//DdAYiv0wqzzM6tHdM5tPsh6iPqWXHrxi4mBMA+5F+lTd2+rkf0QWjkXBemzwRy+zppCC6ZsM+ebWeO+ehVnhjmz22QpNV5Hzqi49sUtgPe/+hElrT9IhnVlqKue9tBLOggTD8H6sIo+H/O035I64HN62y9j0NWEM+K8OL/ST0Y8fB3wy1sc6MJTy/e+X06vJrdGKsBUdWSX9QOxlYTxJiwgRVyI5c+RQ3IRvP6aWvKgwDHL0V4CWYsp2bNyaVwpu7huPVGYnQNFASilffV7N X-Microsoft-Exchange-Diagnostics: 1;MWHPR15MB1647;31:toPXKzzSWeoWx59ZM/exn2exfIzaXspark6Cdt74xZWGLqXjvKoclr06arsmpvWWOoI9zU10feeIbHmL+wOxy1KoEOSHYSzQ7jKP4HxoH1nR37x/ogJiLd4GV0Fp7Ysx+FEV351Ay+3mlryOdkR+JKd+DjvWW2UlwWNIL8cGjP6cw67lyYFYqcMDjVOugSwOt6bOL9IYzTEz/ZCNeLk/ifciSlszd14nXVdUGEto0kXDSSeElT80rt2R8khzz7Qr;20:vCXKxeMRS2OFZMvbSYIfjYSesv+0hRNXBegka2V9ggLyQuzd7qCw1Q25y433PKu507UR6qiMieB/9UI+WA4y0MMI9llRnjPUjl2obshcPuWk4OeHjpnhQMf4K0oH2mxrNy1OFiDVstpFRdDKl0xv7H+v0LXxfv9Qi+j/1FvgI4VDFfco+aHYpxSUi16qXyeh5dbCXE221ujq0NPbxzuMX5HTxIy96VqgTkVYSFb9zicavMLuYuxs/UpdztBTFuZ2fkmmQ2UxqCp+LRRsn6YgyPx58GGa1c33RHsiQ6C0okS0UvPIvPJechl/N/6xVpFmZU65L6Hl3arty+Uh8mRbgXqOWcX/6Z3SaF19j1EEDMsN2OSL3Z4TGdofr6mCgTYPi1hTaHqG3Pz6/q4MlV5DImTM0Ho04zDSUaedKfVyP6ZbScJDOMlXl+Tr+5pWGLjQw3ib1k1cPoaCyWUfM+Nfgnl4zToj95MBWTvN08MSI7oqTKzgJvpBiVjlR3i7SeP2 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(9452136761055)(67672495146484)(228905959029699); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(6041248)(20161123560025)(20161123555025)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(6072148);SRVR:MWHPR15MB1647;BCL:0;PCL:0;RULEID:;SRVR:MWHPR15MB1647; X-Microsoft-Exchange-Diagnostics: 1;MWHPR15MB1647;4:Rh5I+suTTjrVz6EIEKx6NjoRbFi/j0TfuIV+QhFqNQJ/Z+nQ601iEuovc8bduy9fYLPpe/9pcPSJrracX0h76XtfnJou3vp7tmlYAiCZtMJlW4BSFkxmSL0ja9M0sHicyqH8vNo3LfMaZiSxe5HJNIxUO1ZJYV2IR3nCWCIxr4i3PlxIZmZ5qTeWUET71Vc9XCokXNWMT6FnFJNKDcJeYCw8RhcYAlSn1HE7DkqtscOSQbMveGAkypJ7djYLHVhNYD+tud5WXf6tSsHmlKB3XfQDvUBogH6uE/1wtTeNuHe0vHCEynvTa8SolmnZ2A5XSXKfAGUExa9TsWDioQUUX5+SVCaZfqCOboEdvnFs0LL9pKdDmCXFmYyrx7UQfzkMumlZuSAaB7jyGmv3an0dEq6q2x3BSeCU2JWig3hwP4Vtq1vO8RWHjchCF2UnOdeXakDtItEReLOHlA3JXbGH7BOp5Y64ZknmWx5kVjH5pPf8u+hkq29GFSs6Y4gxW6EHgXypwLAPHfDFuO4hvA1vgXc1ugbW/DGjyxgU9rWl7M3t8pBomvtMJGQkOssQ43bqUTxpFTVOx4MjBaN2DVfLx1X5F8t5Q3Qj4mRkXZMDC6oveo2hEZ8TRiMB4DQyMIgC8+Kvnv4O5Sxf6m6YfL5bowthJzAtw8XpUgZfpZ/Qk1kJYIz9Tx/Zkq9xx8/+A9egsC44oJkGhBgmOIWWW4WWHNlvRCU8JrwXwOhcNcLfnFFu9QykAc3zprcMbynWx8mp/jHmfFmSCw7UQuCBI5hVCmjKX9HaWhYM+Ea9T068Ur57Fx7tB6rwiQkVv6kdUCBh3AdquQX8R/vIbX46THKFmGxyFyfXPmddNiNsaCRbGyM= X-Forefront-PRVS: 0287BBA78D X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(39410400002)(39400400002)(39850400002)(39450400003)(39840400002)(24454002)(377454003)(13464003)(42186005)(53546009)(25786009)(50986999)(54356999)(76176999)(2906002)(6246003)(6506006)(9686003)(38730400002)(47776003)(55016002)(54906002)(110136004)(4326008)(53936002)(2950100002)(6666003)(6916009)(98436002)(4001350100001)(33656002)(93886004)(229853002)(50466002)(46406003)(189998001)(86362001)(81166006)(1076002)(97756001)(8676002)(305945005)(5660300001)(7736002)(6116002)(83506001)(23726003)(18370500001);DIR:OUT;SFP:1102;SCL:1;SRVR:MWHPR15MB1647;H:MacBook-Pro.local;FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;MWHPR15MB1647;23:VD8UXlqX585AFxe9Efdr2XHKGdnmqSkExYh5hCOCB?= =?us-ascii?Q?pvAldgCjPDj4G7QQyywYn8Jo11aRgOIFKjySo2E33a9IQwtT6G14416X2JkV?= =?us-ascii?Q?aVyKPjljgt1JhdM4cFLFbp/QYY7UvTZL3zG86WUlMqbZLVObZl5sXYlTe2Q0?= =?us-ascii?Q?dQuArib/WtsGFHEZnPgodkPb18QJ3eaHedBFkXYiv4cBpl3JlHNsoqIuwLWd?= =?us-ascii?Q?l8mIy5cA8dSeQlr2Hh109LFTI+dPSoFNzSmxjJGK+dpk6QbEn4owZO+dFndO?= =?us-ascii?Q?ZfXDbIfcPAGRWQoAgIR40elLFc4y2AxxYzGWL2jmAuldqC0zBp0OSPCNLkmk?= =?us-ascii?Q?vcnN3SH7xgn+RvrLVhfFNUMIYFXImdbCdQ9fpW6a3gq3ejXvNYC5gKm9tUJd?= =?us-ascii?Q?kLuL+eKbQxXesJy6baFPiCx638KkPXIYVhmN1X1SxN/ZcXgMsoQVGndp3d6D?= =?us-ascii?Q?dzP3scDPgpVP8+LMkZOKuk6ayATnLc7jxWOOZSjmYy1HNqyiXqZm9OVjb7Xc?= =?us-ascii?Q?cO6v1VXs61kj2plEwyu+EkO9QmLMX5t4QAbi4xZEqZIvIKX6vV0G6YKAFsQD?= =?us-ascii?Q?EK57DQLwYHoS+NJnSP8Z1pZsSduAbKugYhvaV5k+FrhWgbPYJgqi5eF2EARv?= =?us-ascii?Q?rdUDDxo6vK1Wik3NS6XWgGSINeSAh0yR6OPuzi/EZNLUgXWcB8DYiaFgSQm5?= =?us-ascii?Q?J5/T9uYDYdVenasz9frCnR1N/gRIM2OqGOwIXYTPdTu5s21Yz+SDLRpr9B3c?= =?us-ascii?Q?w9Va6sXKGn2Kr6V8O+OUmwjVSlNnPOqma4p1HsaLw2li1bVfKNjtyipwt9nR?= =?us-ascii?Q?Fc/w2GerEbAijZ8aSF1h/bH2jRCJnZTyuUkWJohjHuljpJH5jHThHVgHph3w?= =?us-ascii?Q?TXMNGOMhgSVh/LRSqwYs+yIooZNcIpDVlgmD37xBLyE9uzAePAuCeCW1rw0D?= =?us-ascii?Q?+mFVs6jQoo4X4axA6zwj9D7oaow7zl0AMZUN80e+qGzn1PYkLH/y04Q76pKa?= =?us-ascii?Q?ElqaJqhukaIvvWnZgxJpG6rGGtgtyhI+/UmUP2ULw2JpdfNAeBe32uQCa7Hy?= =?us-ascii?Q?//fKkvxHiYOvAuv4YinWlBCJ68DJjWMmZwAtnqwowy7zKH59TjqgV9C89D8/?= =?us-ascii?Q?4CSqEMzrj+LFLzEhFV5kNc+iKSFCG3gwxacGv7yF9VI4wKih+ytiGiPuaatx?= =?us-ascii?Q?F1m0cJuBHBwnRnwePcWORBSOVgQHwoh286jTJFS9HiRKx6FGAnOVV+bjrpcP?= =?us-ascii?Q?RKpjn7YM398ehxXggI=3D?= X-Microsoft-Exchange-Diagnostics: 1;MWHPR15MB1647;6:PH5jp6NIC2ba2ys+ZXXO0S6g9wvndnSc4wSRoDEeGP+pzVHMFuc9iWa4Z4y+ePr9GQ/ct2HBHoibnYA3Uey+s0DVdcTA956pjYhIXVEAfUZrZGBEVdIOiePLld0CyNNeF5FmPCtmw5LXY9LccwtGxTXujUY4F4J7P8oig9ytlrssqEM2RMSqelBqI88R1ty0WBXzjnR7onE7B3asU98qIbdUPY9mZ1c2mDtZDtdzdWpYDs2DYnlxEipoLV/oWTXnour6L0EHoDSEAOSI+RCzY50C6iVbwkMwhHzFNfEleZJcxwC28a6szbfhMP29uWZIS3Y6R6MymHhoPJb5ikdJRX2W7qYb+MTGR7GjZmKkY2RwGgaEYx2qwkeauHMCc07P20JDyf02aKDj8dKAfh5Z/gC9vtawAuLibMv29lK7he83DrRCIprUKDhYSAk9qni9+bwhxWyIsn4+RfQmWCA/5n8VNcD9MDL9lKVvxt1Ff7w/FDLIoWE++IFRX9x99/dpdGhMmTM5M7bdhVLi+05Kew==;5:bp95wujGjunEvCVOAjWTRXbhnRG8h/2PGvp3mMnkd8qgdu72EO2NDPjRHLCck4g3RAa908UJwpGJM9CJ8RfsI9I6pHmGx/hEEG9tpNIPVGHyTu6GmiAKXYX2s1Y3xuk2yvW5pcHs6r7xWTMsZh9cEw==;24:U08Mjk+F9Fy/gRpfC1ZSfYKlSUeK3+mdl8azJFa467/Q6LjBroNOf/ZOj7a53cHvreukJFXT8d9kby05vJ5zCohRDtA9ePx+iCqyiHGVp3o= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;MWHPR15MB1647;7:R4rT22yfrgOxgX47kebeiZ6iO1h8W43/OeM4r2PgBiVhxBI1y4mdLknSbTZM6dDIuOfN+EiuKAugKOzGwkdSnSPYPHvtZpN5/GCA8LCHZFmzPJL3M7hnwYHOYH8MVy93h/yn5r/JCk5JF4KzsE7nhO9gcGIxZl9NiawrFnU4yzpqqHDR8TITZVUYwNEu8/vaER5s8FgsC6BzGbrfb2TQpKeXLvTh/BjxeLMwJWbRhQ4IDmiPO/Bb0+j0eb5AEfbW3lMiFOSzZkjpQmZZtUAn7SUAy9KJj0ov0uVStkySV5PHD9/qC/NoCORLV5pe0dnf6Y/YM7yKTEyVo/T7Oeinwg==;20:/UTi/EX8kMTebJeeqShePAU0ZmKNvCls6NYqPlsgkJvIhynQQhPWf+fV+uzUISvVOZgG9M+OOg4Y4/7at984/OHFQQSILON7LEng9fBPAfG/RmY4Ncj8VWm5HJ3IHTzFQJ+iyjo699w/qilh3RaRcKh3D8yUfmU9H5tyrwuH960= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2017 16:51:07.5964 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR15MB1647 X-OriginatorOrg: fb.com X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-04-24_13:,, signatures=0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3283 Lines: 76 Hi Joerg, Is Ning's answer sufficient to justify merging the patch? Thanks, Shaohua On Mon, Apr 10, 2017 at 09:28:46PM +0000, Sun, Ning wrote: > From tboot perspective, it is ok to add the option "tboot_noforce" to Linux kernel Intel_iommu parameter for those performance hungry tboot users, so long as the users are aware of the security implication behind of this option. > > Thanks, > -ning > > -----Original Message----- > From: Shaohua Li [mailto:shli@fb.com] > Sent: Sunday, April 09, 2017 9:31 PM > To: Sun, Ning > Cc: Joerg Roedel ; linux-kernel@vger.kernel.org; Wei, Gang ; hpa@linux.intel.com; mingo@kernel.org; kernel-team@fb.com; srihan@fb.com; Eydelberg, Alex > Subject: Re: [RFC] x86/tboot: add an option to disable iommu force on > > On Fri, Apr 07, 2017 at 09:49:52PM +0000, Sun, Ning wrote: > > Hi Shaohua, > > > > One question, did you still see the network performance penalty when Linux kernel cmdline intel_iommu was set to off ( intel_iommu=off) ? > > the boot parameter has no effect, it runs very early and set dmar_disable=1. > The tboot code (tboot_force_iommu) runs later and force dmar_disabled = 0. > > Thanks, > Shaohua > > > Thanks, > > -ning > > > > -----Original Message----- > > From: Joerg Roedel [mailto:jroedel@suse.de] > > Sent: Friday, April 07, 2017 3:09 AM > > To: Shaohua Li > > Cc: linux-kernel@vger.kernel.org; Wei, Gang ; > > hpa@linux.intel.com; mingo@kernel.org; kernel-team@fb.com; Sun, Ning > > ; srihan@fb.com; Eydelberg, Alex > > > > Subject: Re: [RFC] x86/tboot: add an option to disable iommu force on > > > > On Mon, Apr 03, 2017 at 12:19:28PM -0700, Shaohua Li wrote: > > > On Wed, Mar 22, 2017 at 07:50:55AM -0400, Shaohua Li wrote: > > > > On Wed, Mar 22, 2017 at 11:49:00AM +0100, Joerg Roedel wrote: > > > > > Hi Shaohua, > > > > > > > > > > On Tue, Mar 21, 2017 at 11:37:51AM -0700, Shaohua Li wrote: > > > > > > IOMMU harms performance signficantly when we run very fast > > > > > > networking workloads. This is a limitation in hardware based > > > > > > on our observation, so we'd like to disable the IOMMU force > > > > > > on, but we do want to use TBOOT and we can sacrifice the DMA > > > > > > security bought by IOMMU. I must admit I know nothing about > > > > > > TBOOT, but TBOOT guys (cc-ed) think not eabling IOMMU is totally ok. > > > > > > > > > > Can you elaborate a bit more on the setup where the IOMMU still > > > > > harms network performance? With the recent scalability > > > > > improvements I measured only a minimal impact on 10GBit networking. > > > > Hi, > > > > > > > > It's 40GB networking doing XDP test. Software overhead is almost > > > > unaware, but it's the IOTLB miss (based on our analysis) which > > > > kills the performance. We observed the same performance issue even > > > > with software passthrough (identity mapping), only the hardware > > > > passthrough survives. The pps with iommu (with software passthrough) is only about ~30% of that without it. > > > > > > Any update on this? > > > > An explicit Ack from the tboot guys would be good to have. > > > > > > Joerg > >