Received: by 10.192.165.148 with SMTP id m20csp4785663imm; Tue, 8 May 2018 14:29:17 -0700 (PDT) X-Google-Smtp-Source: AB8JxZo1rmhIVw/lzflNkZ2DePKfDJ9DUDO6o4x0ceIUKF9uZ9n4VAoRIji7HPcTn0+w1B2L5Zle X-Received: by 2002:a17:902:8a8c:: with SMTP id p12-v6mr182534plo.94.1525814957284; Tue, 08 May 2018 14:29:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525814957; cv=none; d=google.com; s=arc-20160816; b=dBwsJqVQ0MFZERekKdLnOs6bGXyK35S8H1V/QEl0OYv7BEs0htVdOAinbCb1ktbPLD kDpaUpzc9BxR7gYY+FsNi7BvWAXoFf22RNRddkxsKP6cbdFUcslSOTIqeOPSEr6pdOtw WNdyWAOr2iS4euPswfH+tp1dcW310Jux2S1FK6Sl3+7g+6NFubmxTiL5O9egCsj3nyYR YCkysskMqI4827Tu25orT/4bu5n0neSQBbbAdDlWaBGKL6VSPGwsKFYxC46VVA5Bsykw P8F5NnFKg+K4URfsB6dBKXP07IwcKEmfOXTPyKgRYh6AFmysjqbeq90XygXdLf8hUUN1 7ukA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :arc-authentication-results; bh=owuKksRCp1aL6f4/7GGp0rvDiRvh+GFc8MQCP5Vy/B0=; b=m8tU42n8OQJZ+fkHMYYUpbjkMug1uWkjV04PWWT2XEC6VB8b9zZJrnU3/PJsrLG7qJ hI3LM4UAUpCgRXVbhwVRwR8mXSgCnOxacu1vDtnVGHFG/Fkx2Z8VX5eSo2aR8I4TgBDC +2jcCBBpao5faawHahgr8uDZi4S6+tuC8LZD56hPMd7KXl1mAibCkbLxZynRvtuI5Gvg OEdKrNJcimP/td25tgIwZOcucSJVIRcR236amPryWGdezRmfKV26Cy92ub3NKJpm9tye 8DcKnc6PiqVEUQhaceGmzfl7ajXiiPmbuPPmfpXi49SjlQtmL374Qg/EqHy159Fd8eNs CTmw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h12-v6si6521700pls.278.2018.05.08.14.29.02; Tue, 08 May 2018 14:29:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755988AbeEHV0g (ORCPT + 99 others); Tue, 8 May 2018 17:26:36 -0400 Received: from mx1.redhat.com ([209.132.183.28]:55854 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755579AbeEHV0e (ORCPT ); Tue, 8 May 2018 17:26:34 -0400 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 310F23150089; Tue, 8 May 2018 21:26:34 +0000 (UTC) Received: from w520.home (ovpn-116-103.phx2.redhat.com [10.3.116.103]) by smtp.corp.redhat.com (Postfix) with ESMTP id D07F32010CA0; Tue, 8 May 2018 21:26:32 +0000 (UTC) Date: Tue, 8 May 2018 15:26:31 -0600 From: Alex Williamson To: Logan Gunthorpe Cc: Christian =?UTF-8?B?S8O2bmln?= , Bjorn Helgaas , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-nvme@lists.infradead.org, linux-rdma@vger.kernel.org, linux-nvdimm@lists.01.org, linux-block@vger.kernel.org, Stephen Bates , Christoph Hellwig , Jens Axboe , Keith Busch , Sagi Grimberg , Bjorn Helgaas , Jason Gunthorpe , Max Gurtovoy , Dan Williams , =?UTF-8?B?SsOpcsO0bWU=?= Glisse , Benjamin Herrenschmidt Subject: Re: [PATCH v4 04/14] PCI/P2PDMA: Clear ACS P2P flags for all devices behind switches Message-ID: <20180508152631.50fd583c@w520.home> In-Reply-To: References: <20180423233046.21476-1-logang@deltatee.com> <20180423233046.21476-5-logang@deltatee.com> <20180507231306.GG161390@bhelgaas-glaptop.roam.corp.google.com> <0b4183ef-e720-204b-9e85-b9eaf7a4136a@deltatee.com> <3584a6ac-95c7-5d23-1859-aee30605776e@deltatee.com> <20180508133407.57a46902@w520.home> <5fc9b1c1-9208-06cc-0ec5-1f54c2520494@deltatee.com> <20180508141331.7cd737cb@w520.home> <20180508144341.0441b676@w520.home> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Tue, 08 May 2018 21:26:34 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 8 May 2018 14:49:23 -0600 Logan Gunthorpe wrote: > On 08/05/18 02:43 PM, Alex Williamson wrote: > > Yes, GPUs seem to be leading the pack in implementing ATS. So now the > > dumb question, why not simply turn off the IOMMU and thus ACS? The > > argument of using the IOMMU for security is rather diminished if we're > > specifically enabling devices to poke one another directly and clearly > > this isn't favorable for device assignment either. Are there target > > systems where this is not a simple kernel commandline option? Thanks, > > Well, turning off the IOMMU doesn't necessarily turn off ACS. We've run > into some bios's that set the bits on boot (which is annoying). But it would be a much easier proposal to disable ACS when the IOMMU is not enabled, ACS has no real purpose in that case. > I also don't expect people will respond well to making the IOMMU and P2P > exclusive. The IOMMU is often used for more than just security and on > many platforms it's enabled by default. I'd much rather allow IOMMU use > but have fewer isolation groups in much the same way as if you had PCI > bridges that didn't support ACS. The IOMMU and P2P are already not exclusive, we can bounce off the IOMMU or make use of ATS as we've previously discussed. We were previously talking about a build time config option that you didn't expect distros to use, so I don't think intervention for the user to disable the IOMMU if it's enabled by default is a serious concern either. What you're trying to do is enabled direct peer-to-peer for endpoints which do not support ATS when the IOMMU is enabled, which is not something that necessarily makes sense to me. As I mentioned in a previous reply, the IOMMU provides us with an I/O virtual address space for devices, ACS is meant to fill the topology based gaps in that virtual address space, making transactions follow IOMMU compliant routing rules to avoid aliases between the IOVA and physical address spaces. But this series specifically wants to leave those gaps open for direct P2P access. So we compromise the P2P aspect of security, still protecting RAM, but potentially only to the extent that a device cannot hop through or interfere with other devices to do its bidding. Device assignment is mostly tossed out the window because not only are bigger groups more difficult to deal with, the IOVA space is riddled with gaps, which is not really a solved problem. So that leaves avoiding bounce buffers as the remaining IOMMU feature, but we're dealing with native express devices and relatively high end devices that are probably installed in modern systems, so that seems like a non-issue. Are there other uses I'm forgetting? We can enable interrupt remapping separate from DMA translation, so we can exclude that one. I'm still not seeing why it's terribly undesirable to require devices to support ATS if they want to do direct P2P with an IOMMU enabled. Thanks, Alex