lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170410043106.GA90090@MacBook-Pro-63.local.dhcp.thefacebook.com>
Date:   Sun, 9 Apr 2017 21:31:07 -0700
From:   Shaohua Li <shli@...com>
To:     "Sun, Ning" <ning.sun@...el.com>
CC:     Joerg Roedel <jroedel@...e.de>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "Wei, Gang" <gang.wei@...el.com>,
        "hpa@...ux.intel.com" <hpa@...ux.intel.com>,
        "mingo@...nel.org" <mingo@...nel.org>,
        "kernel-team@...com" <kernel-team@...com>,
        "srihan@...com" <srihan@...com>,
        "Eydelberg, Alex" <alex.eydelberg@...el.com>
Subject: Re: [RFC] x86/tboot: add an option to disable iommu force on

On Fri, Apr 07, 2017 at 09:49:52PM +0000, Sun, Ning wrote:
> Hi Shaohua,
> 
> One question, did you still see the network performance penalty when Linux kernel cmdline intel_iommu was set to off ( intel_iommu=off) ?

the boot parameter has no effect, it runs very early and set dmar_disable=1.
The tboot code (tboot_force_iommu) runs later and force dmar_disabled = 0.

Thanks,
Shaohua
 
> Thanks,
> -ning
> 
> -----Original Message-----
> From: Joerg Roedel [mailto:jroedel@...e.de] 
> Sent: Friday, April 07, 2017 3:09 AM
> To: Shaohua Li <shli@...com>
> Cc: linux-kernel@...r.kernel.org; Wei, Gang <gang.wei@...el.com>; hpa@...ux.intel.com; mingo@...nel.org; kernel-team@...com; Sun, Ning <ning.sun@...el.com>; srihan@...com; Eydelberg, Alex <alex.eydelberg@...el.com>
> Subject: Re: [RFC] x86/tboot: add an option to disable iommu force on
> 
> On Mon, Apr 03, 2017 at 12:19:28PM -0700, Shaohua Li wrote:
> > On Wed, Mar 22, 2017 at 07:50:55AM -0400, Shaohua Li wrote:
> > > On Wed, Mar 22, 2017 at 11:49:00AM +0100, Joerg Roedel wrote:
> > > > Hi Shaohua,
> > > > 
> > > > On Tue, Mar 21, 2017 at 11:37:51AM -0700, Shaohua Li wrote:
> > > > > IOMMU harms performance signficantly when we run very fast 
> > > > > networking workloads. This is a limitation in hardware based on 
> > > > > our observation, so we'd like to disable the IOMMU force on, but 
> > > > > we do want to use TBOOT and we can sacrifice the DMA security 
> > > > > bought by IOMMU. I must admit I know nothing about TBOOT, but 
> > > > > TBOOT guys (cc-ed) think not eabling IOMMU is totally ok.
> > > > 
> > > > Can you elaborate a bit more on the setup where the IOMMU still 
> > > > harms network performance? With the recent scalability 
> > > > improvements I measured only a minimal impact on 10GBit networking.
> > > Hi,
> > > 
> > > It's 40GB networking doing XDP test. Software overhead is almost 
> > > unaware, but it's the IOTLB miss (based on our analysis) which kills 
> > > the performance. We observed the same performance issue even with 
> > > software passthrough (identity mapping), only the hardware 
> > > passthrough survives. The pps with iommu (with software passthrough) is only about ~30% of that without it.
> > 
> > Any update on this?
> 
> An explicit Ack from the tboot guys would be good to have.
> 
> 
> 	Joerg
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ