Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1475158imm;
        Thu, 12 Jul 2018 02:31:12 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpdrEc9QjN/zM7gAqzfOxXQD//ETcjeqgkgWqpPjX9yWo80OHX2eM8jj3O8aC7S2GK7FToth
X-Received: by 2002:a17:902:758c:: with SMTP id j12-v6mr1417920pll.195.1531387872895;
        Thu, 12 Jul 2018 02:31:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1531387872; cv=none;
        d=google.com; s=arc-20160816;
        b=AKrk00dZh2dE/8LgKDLpuhuvWt2bH1zzHs/UQfjANa1/E80xzArqWfYi1MvNTXKSQc
         PWplmcxBbqI4wyEqAVYhNLHZRaGN+9OoIrpwKG77Hkxu9v8DnpGSBlHqPCFjOIRXzPce
         vCpooQb9AnTWH33ksELJ5WAB1/RNkOY3TwzSdgmU2B1hovml3PXQ3jeVCfA2OWDhSnHu
         UeAjbRqo3yItxahSNo82iJhgFdQKuBqYI4LJoP+gwJI9a7dM6Aa7bj4/oFqUbAquEsy1
         gIZjrKGBB+RkkY5RLfk38zN9vZGRdDOGQHePag6uTnkjSR03/4OWMAfIY34lc99o4/gO
         kaBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:date:subject:cc
         :to:from:arc-authentication-results;
        bh=IdITnn9hxEQnc9LNl7JJs6vICq8sU9H7MZ1UhZY2ik4=;
        b=qBmWMLkuKAQ4LsoUe8jDVDxJZA+jt6Qo0GjaGSrEmwHBhB3eednli3p5FVPQEMn1sH
         nVJ1u73EkLx8eHniyXfGKfwwmfrcz2twiJgcerEAPFPzntjtJ+NLxEeC3GH342pLXekc
         dw52hKJpq/o7RsFaCk4T70rm2dvjbRec3k9VYPxqm8T6/9Uk7yqdBIlZ8WVABjBhf7xT
         TfqBV3cAcZ1rm5UfPMjjMF/sqjY/tclliKpsMX3dihzaN0angFvLOQhYhUz7FNXnOBhK
         eGxZ+X5pNaRwq8u6Cnnse4TDIXFNO6Ue4Cpb9AblnyL8Mqg34Cge2hN3QhpMxwc67w6H
         sH2A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o33-v6si20749802plb.432.2018.07.12.02.30.57;
        Thu, 12 Jul 2018 02:31:12 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726530AbeGLJiz (ORCPT <rfc822;kerneldev.sdk@gmail.com>
        + 99 others); Thu, 12 Jul 2018 05:38:55 -0400
Received: from szxga06-in.huawei.com ([45.249.212.32]:57878 "EHLO huawei.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1725833AbeGLJiz (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Jul 2018 05:38:55 -0400
Received: from DGGEMS403-HUB.china.huawei.com (unknown [172.30.72.60])
        by Forcepoint Email with ESMTP id 3A72BC74B22E8;
        Thu, 12 Jul 2018 17:30:07 +0800 (CST)
Received: from localhost (10.177.23.164) by DGGEMS403-HUB.china.huawei.com
 (10.3.19.203) with Microsoft SMTP Server id 14.3.382.0; Thu, 12 Jul 2018
 17:29:59 +0800
From:   Zhen Lei <thunder.leizhen@huawei.com>
To:     Jean-Philippe Brucker <jean-philippe.brucker@arm.com>,
        Robin Murphy <robin.murphy@arm.com>,
        Will Deacon <will.deacon@arm.com>,
        Joerg Roedel <joro@8bytes.org>,
        linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
        iommu <iommu@lists.linux-foundation.org>,
        linux-kernel <linux-kernel@vger.kernel.org>
CC:     Zhen Lei <thunder.leizhen@huawei.com>
Subject: [PATCH 1/1] iommu/arm-smmu-v3: prevent any devices access to memory without registration
Date:   Thu, 12 Jul 2018 17:28:43 +0800
Message-ID: <1531387723-3592-1-git-send-email-thunder.leizhen@huawei.com>
X-Mailer: git-send-email 1.9.5.msysgit.0
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [10.177.23.164]
X-CFilter-Loop: Reflected
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Stream bypass is not security. A malicious device can be hot plugged
without match any drivers, but it can access to any memory. So change to
disable bypass by default.

Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
---
 drivers/iommu/arm-smmu-v3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
index 1d64710..b0ec28d 100644
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -366,7 +366,7 @@
 #define MSI_IOVA_BASE			0x8000000
 #define MSI_IOVA_LENGTH			0x100000

-static bool disable_bypass;
+static bool disable_bypass = 1;
 module_param_named(disable_bypass, disable_bypass, bool, S_IRUGO);
 MODULE_PARM_DESC(disable_bypass,
 	"Disable bypass streams such that incoming transactions from devices that are not attached to an iommu domain will report an abort back to the device and will not be allowed to pass through the SMMU.");
--
1.8.3