linux

iv/linux

History

Mika Westerberg fb58fdcd29 iommu/vt-d: Do not enable ATS for untrusted devices Currently Linux automatically enables ATS (Address Translation Service) for any device that supports it (and IOMMU is turned on). ATS is used to accelerate DMA access as the device can cache translations locally so there is no need to do full translation on IOMMU side. However, as pointed out in [1] ATS can be used to bypass IOMMU based security completely by simply sending PCIe read/write transaction with AT (Address Translation) field set to "translated". To mitigate this modify the Intel IOMMU code so that it does not enable ATS for any device that is marked as being untrusted. In case this turns out to cause performance issues we may selectively allow ATS based on user decision but currently use big hammer and disable it completely to be on the safe side. [1] https://www.repository.cam.ac.uk/handle/1810/274352 Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com> Reviewed-by: Ashok Raj <ashok.raj@intel.com> Reviewed-by: Joerg Roedel <jroedel@suse.de> Acked-by: Joerg Roedel <jroedel@suse.de>		2018-12-05 12:01:56 +03:00
..
amd_iommu_debugfs.c	iommu/amd: Add basic debugfs infrastructure for AMD IOMMU	2018-07-06 14:06:30 +02:00
amd_iommu_init.c	amd/iommu: Fix Guest Virtual APIC Log Tail Address Register	2018-11-12 15:04:24 +01:00
amd_iommu_proto.h	iommu/amd: Add basic debugfs infrastructure for AMD IOMMU	2018-07-06 14:06:30 +02:00
amd_iommu_types.h	Merge branches 'arm/shmobile', 'arm/renesas', 'arm/msm', 'arm/smmu', 'arm/omap', 'x86/amd', 'x86/vt-d' and 'core' into next	2018-08-08 12:02:27 +02:00
amd_iommu_v2.c	Revert "mm, mmu_notifier: annotate mmu notifiers with blockable invalidate callbacks"	2018-10-26 16:25:19 -07:00
amd_iommu.c	Merge branches 'arm/renesas', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-10-10 18:09:37 +02:00
arm-smmu-regs.h	iommu/arm-smmu: Split out register defines	2017-08-15 17:34:48 +02:00
arm-smmu-v3.c	iommu/arm-smmu-v3: Remove unnecessary wrapper function	2018-10-10 18:09:25 +02:00
arm-smmu.c	Merge branches 'arm/renesas', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-10-10 18:09:37 +02:00
dma-iommu.c	Merge branches 'arm/renesas', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-10-10 18:09:37 +02:00
dmar.c	iommu/vt-d: Force IOMMU on for platform opt in hint	2018-12-05 12:01:55 +03:00
exynos-iommu.c	IOMMU Update for Linux v4.19	2018-08-24 13:10:38 -07:00
fsl_pamu_domain.c	Merge branches 'arm/renesas', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-10-10 18:09:37 +02:00
fsl_pamu_domain.h	iommu/pamu: Fix PAMU boot crash	2017-08-23 16:28:09 +02:00
fsl_pamu.c	iommu: fsl_pamu: use for_each_of_cpu_node iterator	2018-09-28 14:25:58 -05:00
fsl_pamu.h	iommu/pamu: Fix PAMU boot crash	2017-08-23 16:28:09 +02:00
intel_irq_remapping.c	iommu/vt-d: Relocate struct/function declarations to its header files	2018-09-25 14:33:43 +02:00
intel-iommu-debugfs.c	iommu/vt-d: Add debugfs support to show context internals	2018-09-25 14:33:44 +02:00
intel-iommu.c	iommu/vt-d: Do not enable ATS for untrusted devices	2018-12-05 12:01:56 +03:00
intel-pasid.c	iommu/vt-d: Per PCI device pasid table interfaces	2018-07-20 14:44:24 +02:00
intel-pasid.h	iommu/vt-d: Handle memory shortage on pasid table allocation	2018-09-25 14:33:02 +02:00
intel-svm.c	iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()	2018-11-06 16:46:24 +01:00
io-pgtable-arm-v7s.c	iommu/io-pgtable-arm-v7s: Add support for non-strict mode	2018-10-01 13:01:34 +01:00
io-pgtable-arm.c	iommu/io-pgtable-arm: Add support for non-strict mode	2018-10-01 13:01:33 +01:00
io-pgtable.c
io-pgtable.h	iommu/io-pgtable-arm: Add support for non-strict mode	2018-10-01 13:01:33 +01:00
iommu-debugfs.c	iommu: Enable debugfs exposure of IOMMU driver internals	2018-07-06 14:06:30 +02:00
iommu-sysfs.c	iommu: Fix wrong freeing of iommu_device->dev	2017-08-15 13:58:48 +02:00
iommu-traces.c	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
iommu.c	Merge branches 'arm/renesas', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-10-10 18:09:37 +02:00
iova.c	iommu/iova: Optimise attempts to allocate iova from 32bit address range	2018-09-25 10:18:27 +02:00
ipmmu-vmsa.c	iommu/ipmmu-vmsa: Fix crash on early domain free	2018-11-08 10:26:35 +01:00
irq_remapping.c	irq_remapping: Use apic_ack_irq()	2018-06-06 15:18:20 +02:00
irq_remapping.h	irq_remapping: Use apic_ack_irq()	2018-06-06 15:18:20 +02:00
Kconfig	IOMMU Updates for Linux v4.20	2018-10-26 10:50:10 -07:00
Makefile	iommu/vt-d: Enable base Intel IOMMU debugfs support	2018-09-25 14:33:43 +02:00
msm_iommu_hw-8xxx.h
msm_iommu.c	IOMMU Update for Linux v4.19	2018-08-24 13:10:38 -07:00
msm_iommu.h	iommu/msm: Make use of iommu_device_register interface	2017-02-10 13:44:57 +01:00
mtk_iommu_v1.c	mm: remove include/linux/bootmem.h	2018-10-31 08:54:16 -07:00
mtk_iommu.c	mm: remove include/linux/bootmem.h	2018-10-31 08:54:16 -07:00
mtk_iommu.h	iommu/mediatek: Fix protect memory setting	2018-03-21 06:13:57 -05:00
of_iommu.c	iommu/of: support iommu configuration for fsl-mc devices	2018-09-25 09:47:52 +02:00
omap-iommu-debug.c	iommu/omap: Fix debugfs_create_*() usage	2018-01-17 14:23:33 +01:00
omap-iommu.c	Merge branches 'arm/shmobile', 'arm/renesas', 'arm/msm', 'arm/smmu', 'arm/omap', 'x86/amd', 'x86/vt-d' and 'core' into next	2018-08-08 12:02:27 +02:00
omap-iommu.h	iommu/omap: Add support to program multiple iommus	2017-09-19 11:32:05 +02:00
omap-iopgtable.h
qcom_iommu.c	IOMMU Update for Linux v4.19	2018-08-24 13:10:38 -07:00
rockchip-iommu.c	iommu/rockchip: Free irqs in shutdown handler	2018-09-25 11:13:34 +02:00
s390-iommu.c	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
tegra-gart.c	iommu: Remove the ->map_sg indirection	2018-08-08 11:06:20 +02:00
tegra-smmu.c	iommu: Remove the ->map_sg indirection	2018-08-08 11:06:20 +02:00