Received: by 10.192.165.148 with SMTP id m20csp2987251imm; Sun, 29 Apr 2018 11:18:41 -0700 (PDT) X-Google-Smtp-Source: AB8JxZquoP+1hPOfvfB5CebCRGMj2bwdknakEJBbnrVCN4hMcL1Uo8yBv0BWje1dB7WFQL7ev33l X-Received: by 10.98.194.5 with SMTP id l5mr9465809pfg.6.1525025920960; Sun, 29 Apr 2018 11:18:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525025920; cv=none; d=google.com; s=arc-20160816; b=smqBv2G0yXhbPnHmLjq/SrGPluG2eB6iTdmHTru7xUF3XmZPtupR4IXqw3N8nm3c/g u3ZLa7HSxmttnSGeiI8T4isksctjVQszDsdA2eyDJwaD9BMaaz3AC1BOapxfXqk89d2t vVs98h7Hii2p9BwNNkr/huwWjL3KCgx63lgNv7payXne+YyS1Q4mEig/jc1u9OkCerjG V5I7zC1i00iXnY3rz9UYXeXjxU93G8sUjw11P9oUwSFEcnr/jAAWPqYVZGe4X0JwmNh1 yiA3UuDML43lRiF8IWCGFuKNfGx+TXqjEd9vhLWXmAHcExZ1dkWs1BNBT4O736pZU5uV Xfzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=+WBU4tFC7qpPi8OMcYvBVN102lkOhT8kxKgl2DnoLhQ=; b=uHMsQ/dyhU0acM8UWowjQF4RxnBP+RWYULLavUJvzoaMiqvYxbeg0f66kjVtoDnWYi RYs3lr4tG+m7EPXRL4YZuo9vITItc54jB9jgKEjP6VFT/eF3Zh/z/xtk38ufWuy+F7oF BWaOE71etqh1LoTC6zA/NE52hbdP2ynvtNuDjPVvS9wsMs3IAeanHtbk6Sulx0EXtwAd lPx4PaUG5GW0jwHuiM3kHMXcRPXdraLwemZS00r4h8irKGFjjKkI9RGhgljIT05voQ7Y LJ1AdJuVjKlzSX04h5/Q6eZok6QnDCp5+r6VuxehQ4q0irXdRtM4TUN/R/l1GO/NVP52 I5mQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=uAP8mHCy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t23-v6si4821751ply.237.2018.04.29.11.17.57; Sun, 29 Apr 2018 11:18:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=uAP8mHCy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753857AbeD2SRo (ORCPT + 99 others); Sun, 29 Apr 2018 14:17:44 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:33554 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753546AbeD2SRm (ORCPT ); Sun, 29 Apr 2018 14:17:42 -0400 Received: by mail-wm0-f68.google.com with SMTP id x12so8965041wmc.0; Sun, 29 Apr 2018 11:17:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=+WBU4tFC7qpPi8OMcYvBVN102lkOhT8kxKgl2DnoLhQ=; b=uAP8mHCy99SwMBENB743V3s3PvOxdQ79Q+BeziQuDvJJL3wT1/zHvY1YUAkAjoxshh RK8vQleq4D5dXx5WJMDf/VI9cWqnD5dH1URHRslS9+TTiGUXmQ7OKDRqgEaV67o5Fq4Z DbUpMhN4k6LNr5bo39bNhRcqEsLXNfl7TDijar0o9WNPlLRpmXJ6UXLzMTyB8ZKRoLcE Ce08dKlaV+TqupZjFmjEwduaP/q/vZV/xeujR92VJI3GiFd6FToFoGzgPVTXhr+3Nwd+ 0uY+qTqqteLLmLoU8StouYPfdNFSSRnko15yTCXs7nVDRNa89AO5O3BE61nuBWGF2cHZ mx7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=+WBU4tFC7qpPi8OMcYvBVN102lkOhT8kxKgl2DnoLhQ=; b=TvdX5/nu5c7dSlczj1xk7QYtXAm64gt/jV75uXUoPcRgdKxHeJHFgmWhQsPZcl5oi9 Uo/3bW5r9MPldQBMSRH9E6igHSQZSyEMFJy8hV6FQlu7kWHDsCgE6hQSg96hyshCngCP JoWIAQul4lOmWA0PpZlOBLaFIZVco6nNXJ2lIyXE6kRJ5mYmz2JKSoLEUJk1ld3Woo5K 7TzpD1BimqfpNPhCjiZ5b0MT+Bq7IW6oSxCRODhWYNkgJ1AuPWopBGdOrP6EPGlI1xNR PFch+H5Ndtg4YHWiSHCJp0dhmXeYutu9XzCgKPiFpVKmwxBnupSMsxd5JbJOeMnOz4AR uyKw== X-Gm-Message-State: ALQs6tBaQ8ygjt+kU+3jw5xe3cmDPG12Oy694fjd0dyj82soM+E1rCI3 uYIUub+6Erf23c94TlUpsqvz8tubPls= X-Received: by 2002:aa7:c702:: with SMTP id i2-v6mr13426754edq.144.1525025861246; Sun, 29 Apr 2018 11:17:41 -0700 (PDT) Received: from localhost.localdomain ([132.68.206.23]) by smtp.gmail.com with ESMTPSA id x17-v6sm3394534edx.53.2018.04.29.11.17.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 29 Apr 2018 11:17:40 -0700 (PDT) From: Gil Kupfer X-Google-Original-From: Gil Kupfer To: joro@8bytes.org, dwmw2@infradead.org, bhelgaas@google.com Cc: iommu@lists.linux-foundation.org, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, nadav.amit@gmail.com, Gil Kupfer Subject: [RFC/RFT] Add noats flag to boot parameters Date: Sun, 29 Apr 2018 21:16:48 +0300 Message-Id: <1525025808-2365-1-git-send-email-gilkup@cs.technion.ac.il> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch adds noats option to the pci boot parameter. When noats is selected, all ATS related functions fail immediately and the IOMMU is configured to not use device-iotlb. Any function that checks for ATS capabilities directly against the devices should also check this flag. (Currently, such functions exist only in IOMMU drivers, and they are covered by this patch.) The motivation behind this patch is the existence of malicious devices. Lots of research has been done about how to utilitize the IOMMU as a protection from such devices. When ATS is supported, any I/O device can access any physical access by faking device-IOTLB entries. Adding the ability to ignore these entries lets sysadmins enhance system security. Signed-off-by: Gil Kupfer --- This patch is intended to add the ability to disable ATS at boot time. My IOMMU has the ATS ecap but I don't have any PCI device that supports ATS so I can't fully test it. However, I did ran it (with and without the new boot flag) on QEMU with virtualized IOMMU with the device-iotlb flag and it seems that at least the machine does not crush. QEMU version: master branch from Jul 11 2017 commit aa916e409c04 ("Merge 29741be b876804") --- Documentation/admin-guide/kernel-parameters.txt | 2 ++ drivers/iommu/amd_iommu.c | 11 ++++++++--- drivers/iommu/intel-iommu.c | 3 ++- drivers/pci/ats.c | 3 +++ drivers/pci/pci.c | 7 +++++++ include/linux/pci.h | 2 ++ 6 files changed, 24 insertions(+), 4 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 7737ab5..f443362 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -3000,6 +3000,8 @@ pcie_scan_all Scan all possible PCIe devices. Otherwise we only look for one device below a PCIe downstream port. + noats [PCIE, Intel-IOMMU, AMD-IOMMU] + do not use PCIe ATS (and IOMMU device-iotlb). pcie_aspm= [PCIE] Forcibly enable or disable PCIe Active State Power Management. diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c index 0f1219f..2aa757e 100644 --- a/drivers/iommu/amd_iommu.c +++ b/drivers/iommu/amd_iommu.c @@ -388,6 +388,9 @@ static bool pci_iommuv2_capable(struct pci_dev *pdev) }; int i, pos; + if (is_pcie_ats_disabled()) + return false; + for (i = 0; i < 3; ++i) { pos = pci_find_ext_capability(pdev, caps[i]); if (pos == 0) @@ -3602,9 +3605,11 @@ int amd_iommu_device_info(struct pci_dev *pdev, memset(info, 0, sizeof(*info)); - pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS); - if (pos) - info->flags |= AMD_IOMMU_DEVICE_FLAG_ATS_SUP; + if (!is_pcie_ats_disabled()) { + pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS); + if (pos) + info->flags |= AMD_IOMMU_DEVICE_FLAG_ATS_SUP; + } pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_PRI); if (pos) diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c index fc2765c..7ac4adc 100644 --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c @@ -2434,7 +2434,8 @@ static struct dmar_domain *dmar_insert_one_dev_info(struct intel_iommu *iommu, if (dev && dev_is_pci(dev)) { struct pci_dev *pdev = to_pci_dev(info->dev); - if (ecap_dev_iotlb_support(iommu->ecap) && + if (!is_pcie_ats_disabled() && + ecap_dev_iotlb_support(iommu->ecap) && pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS) && dmar_find_matched_atsr_unit(pdev)) info->ats_supported = 1; diff --git a/drivers/pci/ats.c b/drivers/pci/ats.c index eeb9fb2..619024d 100644 --- a/drivers/pci/ats.c +++ b/drivers/pci/ats.c @@ -21,6 +21,9 @@ void pci_ats_init(struct pci_dev *dev) { int pos; + if (is_pcie_ats_disabled()) + return; + pos = pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ATS); if (!pos) return; diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 563901c..eb77590 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -109,6 +109,10 @@ unsigned int pcibios_max_latency = 255; /* If set, the PCIe ARI capability will not be used. */ static bool pcie_ari_disabled; +/* If set, the PCIe ATS capability will not be used. */ +static bool pcie_ats_disabled; +bool is_pcie_ats_disabled(void) { return pcie_ats_disabled; } + /* Disable bridge_d3 for all PCIe ports */ static bool pci_bridge_d3_disable; /* Force bridge_d3 for all PCIe ports */ @@ -5430,6 +5434,9 @@ static int __init pci_setup(char *str) if (*str && (str = pcibios_setup(str)) && *str) { if (!strcmp(str, "nomsi")) { pci_no_msi(); + } else if (!strncmp(str, "noats", 5)) { + pr_info("PCIe: ATS is disabled\n"); + pcie_ats_disabled = true; } else if (!strcmp(str, "noaer")) { pci_no_aer(); } else if (!strncmp(str, "realloc=", 8)) { diff --git a/include/linux/pci.h b/include/linux/pci.h index 8039f9f..58fe5fb 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -1420,6 +1420,8 @@ int ht_create_irq(struct pci_dev *dev, int idx); void ht_destroy_irq(unsigned int irq); #endif /* CONFIG_HT_IRQ */ +bool is_pcie_ats_disabled(void); + #ifdef CONFIG_PCI_ATS /* Address Translation Service */ void pci_ats_init(struct pci_dev *dev); -- 2.7.4