Commit fb58fdcd authored by Mika Westerberg's avatar Mika Westerberg

iommu/vt-d: Do not enable ATS for untrusted devices

Currently Linux automatically enables ATS (Address Translation Service)
for any device that supports it (and IOMMU is turned on). ATS is used to
accelerate DMA access as the device can cache translations locally so
there is no need to do full translation on IOMMU side. However, as
pointed out in [1] ATS can be used to bypass IOMMU based security
completely by simply sending PCIe read/write transaction with AT
(Address Translation) field set to "translated".

To mitigate this modify the Intel IOMMU code so that it does not enable
ATS for any device that is marked as being untrusted. In case this turns
out to cause performance issues we may selectively allow ATS based on
user decision but currently use big hammer and disable it completely to
be on the safe side.

[1] https://www.repository.cam.ac.uk/handle/1810/274352Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: default avatarAshok Raj <ashok.raj@intel.com>
Reviewed-by: default avatarJoerg Roedel <jroedel@suse.de>
Acked-by: default avatarJoerg Roedel <jroedel@suse.de>
parent 89a6079d
...@@ -1473,7 +1473,8 @@ static void iommu_enable_dev_iotlb(struct device_domain_info *info) ...@@ -1473,7 +1473,8 @@ static void iommu_enable_dev_iotlb(struct device_domain_info *info)
if (info->pri_supported && !pci_reset_pri(pdev) && !pci_enable_pri(pdev, 32)) if (info->pri_supported && !pci_reset_pri(pdev) && !pci_enable_pri(pdev, 32))
info->pri_enabled = 1; info->pri_enabled = 1;
#endif #endif
if (info->ats_supported && !pci_enable_ats(pdev, VTD_PAGE_SHIFT)) { if (!pdev->untrusted && info->ats_supported &&
!pci_enable_ats(pdev, VTD_PAGE_SHIFT)) {
info->ats_enabled = 1; info->ats_enabled = 1;
domain_update_iotlb(info->domain); domain_update_iotlb(info->domain);
info->ats_qdep = pci_ats_queue_depth(pdev); info->ats_qdep = pci_ats_queue_depth(pdev);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment