Re: [PATCH] iommu/vt-d: remove redundant variable no_platform_optin
Hi Baolu, On Thu, Nov 5, 2020 at 9:47 AM Lu Baolu wrote: > > Hi Zhenzhong, > > On 11/4/20 4:19 PM, Zhenzhong Duan wrote: > > no_platform_optin is redundant with dmar_disabled and it's only used in > > platform_optin_force_iommu(), remove it and use dmar_disabled instead. > > It's actually not. > > If CONFIG_INTEL_IOMMU_DEFAULT_ON is not set, we will get "dmar_disable = > 1" and "no_platform_optin = 0". In this case, we must force the iommu on > and set dmar_disable = 0. > > The real use case: if a kernel built with [CONFIG_INTEL_IOMMU_DEFAULT_ON > = n] running on a platform with thunderbolt ports, we must force IOMMU > on so that the system could be protected from possible malicious > peripherals. Thanks for your explanation, clear now and sorry for the noise. Regards Zhenzhong ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH] iommu/vt-d: remove redundant variable no_platform_optin
Hi Zhenzhong,
On 11/4/20 4:19 PM, Zhenzhong Duan wrote:
no_platform_optin is redundant with dmar_disabled and it's only used in
platform_optin_force_iommu(), remove it and use dmar_disabled instead.
It's actually not.
If CONFIG_INTEL_IOMMU_DEFAULT_ON is not set, we will get "dmar_disable =
1" and "no_platform_optin = 0". In this case, we must force the iommu on
and set dmar_disable = 0.
The real use case: if a kernel built with [CONFIG_INTEL_IOMMU_DEFAULT_ON
= n] running on a platform with thunderbolt ports, we must force IOMMU
on so that the system could be protected from possible malicious
peripherals.
Best regards,
baolu
Meanwhile remove all the dead code in platform_optin_force_iommu().
Signed-off-by: Zhenzhong Duan
---
drivers/iommu/intel/iommu.c | 14 ++
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 8651f6d4dfa0..a011d1ed63ef 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -180,7 +180,6 @@ static int rwbf_quirk;
*/
static int force_on = 0;
int intel_iommu_tboot_noforce;
-static int no_platform_optin;
#define ROOT_ENTRY_NR (VTD_PAGE_SIZE/sizeof(struct root_entry))
@@ -440,7 +439,6 @@ static int __init intel_iommu_setup(char *str)
pr_info("IOMMU enabled\n");
} else if (!strncmp(str, "off", 3)) {
dmar_disabled = 1;
- no_platform_optin = 1;
pr_info("IOMMU disabled\n");
} else if (!strncmp(str, "igfx_off", 8)) {
dmar_map_gfx = 0;
@@ -4810,20 +4808,12 @@ static inline bool has_external_pci(void)
static int __init platform_optin_force_iommu(void)
{
- if (!dmar_platform_optin() || no_platform_optin || !has_external_pci())
+ if (!dmar_platform_optin() || dmar_disabled || !has_external_pci())
return 0;
- if (no_iommu || dmar_disabled)
+ if (no_iommu)
pr_info("Intel-IOMMU force enabled due to platform opt in\n");
- /*
-* If Intel-IOMMU is disabled by default, we will apply identity
-* map for all devices except those marked as being untrusted.
-*/
- if (dmar_disabled)
- iommu_set_default_passthrough(false);
-
- dmar_disabled = 0;
no_iommu = 0;
return 1;
___
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
[PATCH] iommu/vt-d: remove redundant variable no_platform_optin
no_platform_optin is redundant with dmar_disabled and it's only used in
platform_optin_force_iommu(), remove it and use dmar_disabled instead.
Meanwhile remove all the dead code in platform_optin_force_iommu().
Signed-off-by: Zhenzhong Duan
---
drivers/iommu/intel/iommu.c | 14 ++
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 8651f6d4dfa0..a011d1ed63ef 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -180,7 +180,6 @@ static int rwbf_quirk;
*/
static int force_on = 0;
int intel_iommu_tboot_noforce;
-static int no_platform_optin;
#define ROOT_ENTRY_NR (VTD_PAGE_SIZE/sizeof(struct root_entry))
@@ -440,7 +439,6 @@ static int __init intel_iommu_setup(char *str)
pr_info("IOMMU enabled\n");
} else if (!strncmp(str, "off", 3)) {
dmar_disabled = 1;
- no_platform_optin = 1;
pr_info("IOMMU disabled\n");
} else if (!strncmp(str, "igfx_off", 8)) {
dmar_map_gfx = 0;
@@ -4810,20 +4808,12 @@ static inline bool has_external_pci(void)
static int __init platform_optin_force_iommu(void)
{
- if (!dmar_platform_optin() || no_platform_optin || !has_external_pci())
+ if (!dmar_platform_optin() || dmar_disabled || !has_external_pci())
return 0;
- if (no_iommu || dmar_disabled)
+ if (no_iommu)
pr_info("Intel-IOMMU force enabled due to platform opt in\n");
- /*
-* If Intel-IOMMU is disabled by default, we will apply identity
-* map for all devices except those marked as being untrusted.
-*/
- if (dmar_disabled)
- iommu_set_default_passthrough(false);
-
- dmar_disabled = 0;
no_iommu = 0;
return 1;
--
2.25.1
___
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
