Re: iommu non-strict mode for arm64

[Robin Murphy]

On 2022-02-04 05:46, Josh Poimboeuf wrote:
> Hi all,
>
> We've gotten significant slowdowns on arm64 with 4k pages compared to
> 64k.  The slowdowns can be alleviated by setting iommu.strict=0 or
> iommu.passthrough=1.
>
> Is there a reason x86 defaults to lazy iommu, while arm64 does not?  Are
> there security implications which are specific to arm64?

The x86 behaviour is basically 2 decades of legacy where nobody now 
feels brave enough to flip the default. At the time the arm64 IOMMU DMA 
ops were first added, strict mode was the only thing feasible to 
implement, but there was also a conscious consideration that having a 
default assumption of "IOMMU == more protection" wasn't a bad thing 
anyway. Given what played out a couple of years later, and everyone now 
being that much more security-aware, I think that decision has only been 
reinforced.

Passthrough and non-strict mode in iommu-dma only came along later, and 
most IOMMU drivers for arm64 still don't support them, which is another 
reason I'm still against changing the default today. However, if you're 
confident that your arm64 users care more about high-bandwidth I/O 
throughput than memory protection then feel free to set 
IOMMU_DEFAULT_DMA_LAZY or IOMMU_DEFAULT_PASSTHROUGH in your config.

Cheers,
Robin.