Hi Dan
> It seems unwieldy that this is a compile time option and not a runtime
> option. Can't we have a kernel command line option to opt-in to this
> behavior rather than require a wholly separate kernel image?
I think because of the security implications associated with p2pdma and ACS we
wanted to make it very clear people were choosing one (p2pdma) or the other
(IOMMU groupings and isolation). However personally I would prefer including
the option of a run-time kernel parameter too. In fact a few months ago I
proposed a small patch that did just that [1]. It never really went anywhere
but if people were open to the idea we could look at adding it to the series.
> Why is this text added in a follow on patch and not the patch that
> introduced the config option?
Because the ACS section was added later in the series and this information is
associated with that additional functionality.
> I'm also wondering if that command line option can take a 'bus device
> function' address of a switch to limit the scope of where ACS is
> disabled.
By this you mean the address for either a RP, DSP, USP or MF EP below which we
disable ACS? We could do that but I don't think it avoids the issue of changes
in IOMMU groupings as devices are added/removed. It simply changes the problem
from affecting and entire PCI domain to a sub-set of the domain. We can already
handle this by doing p2pdma on one RP and normal IOMMU isolation on the other
RPs in the system.
Stephen
[1] https://marc.info/?l=linux-doc&m=150907188310838&w=2
