On Thu, 2015-10-29 at 09:32 +0900, Benjamin Herrenschmidt wrote: > On Power, I generally have 2 IOMMU windows for a device, one at the > bottom is remapped, and is generally used for 32-bit devices and the > one at the top us setup as a bypass
So in the normal case of decent 64-bit devices (and not in a VM), they'll *already* be using the bypass region and have full access to all of memory, all of the time? And you have no protection against driver and firmware bugs causing stray DMA? > I don't see how that attribute would work for us. Because you're already doing it anyway without being asked :) If SPARC and POWER are both doing that, perhaps we should change the default for Intel too? Aside from the lack of security, the other disadvantage of that is that you have to pin *all* pages of a guest in case DMA happens; you don't get to pin *only* those pages which are referenced by that guest's IOMMU page tables... Maybe we should at least coordinate IOMMU 'paranoid/fast' modes across architectures, and then the DMA_ATTR_IOMMU_BYPASS flag would have a sane meaning in the paranoid mode (and perhaps we'd want an ultra -paranoid mode where it's not honoured). -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
