Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5562862imu; Tue, 13 Nov 2018 08:23:10 -0800 (PST) X-Google-Smtp-Source: AJdET5e+mdMij2zHTm2kn+8925K8sf840APfpd50Ntgk9Xu/moCrVErJZra0ENDwOMu8cZJFZDvH X-Received: by 2002:a17:902:64:: with SMTP id 91-v6mr5773738pla.161.1542126190813; Tue, 13 Nov 2018 08:23:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542126190; cv=none; d=google.com; s=arc-20160816; b=xwy79fuR5+JgiY61nit4MRFDYQb3ZR58s29mb6kHmD+irnpDkqbG05nSWE0mW1tRK2 uoNKiEYHcyvUTxDDPaDdec0WMXamO5j7oGXOrdxbWNkOBZEz66zddq2K3OS4nmjp/IAB zYB9KwOiuMSrg22WBAhZ783992DKO4pOX5dry4Rx98lwME/c1bjA8qdjLhC3japsCLW6 32bkFV5liHst4bnWaaX6aAXzKFImbtRkznam+7pQF4WJyRAARfIr83ex/L8aHvDKMhm+ bbVpS8Pqs77Zw4oKoy2VTRoQ3HxXMLwgqffCZ6P2NO6hqqGDLBWqcdfEff0OcNHFLOd7 zqHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=hA4Irv2NWzCRESgCB06mNHK3SC9WAl3bSskah7IhiAw=; b=biMo1ntUg+oUYBKTWDWx0fCQncrBJfxUbwU+Lg3tsrdCutaHLc0UKnrQxrcuqOHVO5 HAj2xAVZdtodr4oGUuDe5nphKuH/tlRk3hdV3vXWu5ToBNWpsXxNzRumVjeuLwcZz1JS deR4pXosJ5mHFwsZhTWvnaNluiLVxcxTg8X7E57bz1300I1y9VfGFamY7ImTfiiVjEw6 hF4EO4QE8vZr9tiVCEPr6WzU8t6XRTGgctNDpyirV4UKgH63f0mpbW8mH7DJ83vAzVwu L/2RFngvslMog52RwJNoS1o0C1b+0xl35kiuMF8TjTKdhPOm1rHqNOdDO7UdJgk3GW88 a0TA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r22-v6si27721114pfr.18.2018.11.13.08.22.38; Tue, 13 Nov 2018 08:23:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731058AbeKNCSx (ORCPT + 99 others); Tue, 13 Nov 2018 21:18:53 -0500 Received: from mga14.intel.com ([192.55.52.115]:4071 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726459AbeKNCSx (ORCPT ); Tue, 13 Nov 2018 21:18:53 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Nov 2018 08:13:04 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,228,1539673200"; d="scan'208";a="86174255" Received: from lahna.fi.intel.com (HELO lahna) ([10.237.72.157]) by fmsmga008.fm.intel.com with SMTP; 13 Nov 2018 08:12:59 -0800 Received: by lahna (sSMTP sendmail emulation); Tue, 13 Nov 2018 18:12:58 +0200 Date: Tue, 13 Nov 2018 18:12:58 +0200 From: Mika Westerberg To: Yehezkel Bernat Cc: iommu@lists.linux-foundation.org, joro@8bytes.org, David Woodhouse , baolu.lu@linux.intel.com, ashok.raj@intel.com, Bjorn Helgaas , rjw@rjwysocki.net, jacob.jun.pan@intel.com, Andreas Noever , michael.jamet@intel.com, lukas@wunner.de, Christian Kellner , Mario Limonciello , Anthony Wong , linux-acpi@vger.kernel.org, linux-pci@vger.kernel.org, LKML Subject: Re: [PATCH 4/4] thunderbolt: Export IOMMU based DMA protection support to userspace Message-ID: <20181113161258.GE2500@lahna.fi.intel.com> References: <20181112160628.86620-1-mika.westerberg@linux.intel.com> <20181112160628.86620-5-mika.westerberg@linux.intel.com> <20181113105558.GR2500@lahna.fi.intel.com> <20181113114020.GV2500@lahna.fi.intel.com> <20181113152038.GD2500@lahna.fi.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 13, 2018 at 05:38:53PM +0200, Yehezkel Bernat wrote: > Good point. But I thought about per-TBT-device decision. If the platform is > configured for IOMMU+"user" security level, while approving the device the user > may want to set also in which IOMMU group to put all the PCIe devices connected > to it. The same goes if kernel is supposed to auto-approve such devices based on > an internal table. The point is that we can think on a configuration where the > devices aren't tunneled yet and the decision about IOMMU can still be changed. Right, some of these systems have security level set to "user" so there we could have a way to put the device into passthrough mode before it appears on the PCIe bus. That would require some sort of API on the IOMMU side, though. > As you mentioned this isn't the common configuration anyway, so it probably > doesn't worth all this hassle. AFAIK mixing the two is not something they are going to be supporting in Windows so I would not expect it to be common. I think the ultimate goal is to move away from security levels towards IOMMU DMA protection so in future I would expect more and more systems with IOMMU enabled + security level set to "none". So I agree with you that it probably is not worth doing at least without having more data about real performance issues around this. ;-)