It seems unwieldy that this is a compile time option and not a
option. Can't we have a kernel command line option to opt-in to this
behavior rather than require a wholly separate kernel image?
I think because of the security implications associated with p2pdma and ACS we wanted to
make it very clear people were choosing one (p2pdma) or the other (IOMMU groupings and
isolation). However personally I would prefer including the option of a run-time kernel
parameter too. In fact a few months ago I proposed a small patch that did just that .
It never really went anywhere but if people were open to the idea we could look at adding
it to the series.
Why is this text added in a follow on patch and not the patch that
introduced the config option?
Because the ACS section was added later in the series and this information is associated
with that additional functionality.
I'm also wondering if that command line option can take a
function' address of a switch to limit the scope of where ACS is
By this you mean the address for either a RP, DSP, USP or MF EP below which we disable
ACS? We could do that but I don't think it avoids the issue of changes in IOMMU
groupings as devices are added/removed. It simply changes the problem from affecting and
entire PCI domain to a sub-set of the domain. We can already handle this by doing p2pdma
on one RP and normal IOMMU isolation on the other RPs in the system.