iommu: Merge strictness and domain type configs

			1 - Strict mode.

			  DMA unmap operations invalidate IOMMU hardware TLBs

			  synchronously.

			unset - Use value of CONFIG_IOMMU_DEFAULT_{LAZY,STRICT}.

			Note: on x86, the default behaviour depends on the

			equivalent driver-specific parameters, but a strict

			mode explicitly specified by either method takes

			precedence.

			unset - Use value of CONFIG_IOMMU_DEFAULT_DMA_{LAZY,STRICT}.

			Note: on x86, strict mode specified via one of the

			legacy driver-specific options takes precedence.

	iommu.passthrough=

			[ARM64, X86] Configure DMA to bypass the IOMMU by default.

	  debug/iommu directory, and then populate a subdirectory with

	  entries as required.

config IOMMU_DEFAULT_PASSTHROUGH

	bool "IOMMU passthrough by default"

choice

	prompt "IOMMU default domain type"

	depends on IOMMU_API

	default IOMMU_DEFAULT_DMA_LAZY if AMD_IOMMU || INTEL_IOMMU

	default IOMMU_DEFAULT_DMA_STRICT

	help

	  Enable passthrough by default, removing the need to pass in

	  iommu.passthrough=on or iommu=pt through command line. If this

	  is enabled, you can still disable with iommu.passthrough=off

	  or iommu=nopt depending on the architecture.

	  Choose the type of IOMMU domain used to manage DMA API usage by

	  device drivers. The options here typically represent different

	  levels of tradeoff between robustness/security and performance,

	  depending on the IOMMU driver. Not all IOMMUs support all options.

	  This choice can be overridden at boot via the command line, and for

	  some devices also at runtime via sysfs.

	  If unsure, say N here.

	  If unsure, keep the default.

choice

	prompt "IOMMU default DMA IOTLB invalidation mode"

	depends on IOMMU_DMA

config IOMMU_DEFAULT_DMA_STRICT

	bool "Translated - Strict"

	help

	  Trusted devices use translation to restrict their access to only

	  DMA-mapped pages, with strict TLB invalidation on unmap. Equivalent

	  to passing "iommu.passthrough=0 iommu.strict=1" on the command line.

	default IOMMU_DEFAULT_LAZY if (AMD_IOMMU || INTEL_IOMMU)

	default IOMMU_DEFAULT_STRICT

	  Untrusted devices always use this mode, with an additional layer of

	  bounce-buffering such that they cannot gain access to any unrelated

	  data within a mapped page.

config IOMMU_DEFAULT_DMA_LAZY

	bool "Translated - Lazy"

	help

	  This option allows an IOMMU DMA IOTLB invalidation mode to be

	  chosen at build time, to override the default mode of each ARCH,

	  removing the need to pass in kernel parameters through command line.

	  It is still possible to provide common boot params to override this

	  config.

	  Trusted devices use translation to restrict their access to only

	  DMA-mapped pages, but with "lazy" batched TLB invalidation. This

	  mode allows higher performance with some IOMMUs due to reduced TLB

	  flushing, but at the cost of reduced isolation since devices may be

	  able to access memory for some time after it has been unmapped.

	  Equivalent to passing "iommu.passthrough=0 iommu.strict=0" on the

	  command line.

	  If unsure, keep the default.

	  If this mode is not supported by the IOMMU driver, the effective

	  runtime default will fall back to IOMMU_DEFAULT_DMA_STRICT.

config IOMMU_DEFAULT_PASSTHROUGH

	bool "Passthrough"

	help

	  Trusted devices are identity-mapped, giving them unrestricted access

	  to memory with minimal performance overhead. Equivalent to passing

	  "iommu.passthrough=1" (historically "iommu=pt") on the command line.

config IOMMU_DEFAULT_STRICT

	bool "strict"

	help

	  For every IOMMU DMA unmap operation, the flush operation of IOTLB and

	  the free operation of IOVA are guaranteed to be done in the unmap

	  function.

config IOMMU_DEFAULT_LAZY

	bool "lazy"

	help

	  Support lazy mode, where for every IOMMU DMA unmap operation, the

	  flush operation of IOTLB and the free operation of IOVA are deferred.

	  They are only guaranteed to be done before the related IOVA will be

	  reused.

	  The isolation provided in this mode is not as secure as STRICT mode,

	  such that a vulnerable time window may be created between the DMA

	  unmap and the mappings cached in the IOMMU IOTLB or device TLB

	  finally being invalidated, where the device could still access the

	  memory which has already been unmapped by the device driver.

	  However this mode may provide better performance in high throughput

	  scenarios, and is still considerably more secure than passthrough

	  mode or no IOMMU.

	  If this mode is not supported by the IOMMU driver, the effective

	  runtime default will fall back to IOMMU_DEFAULT_DMA_STRICT.

endchoice

static DEFINE_IDA(iommu_group_ida);

static unsigned int iommu_def_domain_type __read_mostly;

static bool iommu_dma_strict __read_mostly = IS_ENABLED(CONFIG_IOMMU_DEFAULT_STRICT);

static bool iommu_dma_strict __read_mostly = IS_ENABLED(CONFIG_IOMMU_DEFAULT_DMA_STRICT);

static u32 iommu_cmd_line __read_mostly;

struct iommu_group {