Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4253284imu;
        Mon, 12 Nov 2018 08:08:10 -0800 (PST)
X-Google-Smtp-Source: AJdET5cSnrtL05paGB5h1CVXruc2XX9J0PxQ1opHOYIadcl1h0IuhMyH2M/lr/KM1IpRtGXpwfm4
X-Received: by 2002:a17:902:be07:: with SMTP id r7-v6mr1470150pls.137.1542038890561;
        Mon, 12 Nov 2018 08:08:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542038890; cv=none;
        d=google.com; s=arc-20160816;
        b=M5GOAQyt04Pjt1JXNIlYOTj/TevZe2P0SfiveB54aTQANFt22cJWDNaM4qiHR/QHWU
         FhUdsj9u7w+B92cgVejDOYKBRfZzWGZBVZ1xU72tSad3F8Gb+SHei5/gwO3CExYoyh1c
         MXGAA7jIJCTwHOuHo9bCS90gv50sTPOTeR9RW0gtk7WE/c/Gii/HgzhONXkF+qvCU6zT
         IQOwabZvPZHCYfQJqAD1EVQw+XysGMtdfo1YTjpe31MeRJ4Bbpar/OV94uLP1hAr2DGY
         wxJS+zzb+JLMHmK5RTsOv032I3+jTyRUddA7hLuPTVRI7g9zin++gQzsNBAbX5YlNtgN
         n/gg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=eBNSNgKSG6F3glp+xLI66dvRMIkMxBAbdG7JtQUJ2yk=;
        b=LYcBWbbQurOfd9UFzqgZnjx3hjbssBL5tlqq4vRY46rqkVCukjs40qPzn6YUSOawDG
         8KHlzjcRje3Z6fVSoL2Z86w1AC1sjXkLbnvCRWfOQiZNIiHp/c9sSHIAgUtAA0O2vTf1
         tbJqT8TRN8Bw2iicJ0Ya6KPjHxHw16lNR9n0pYtxw23F4oA+Jj2jGQgMbTPsMtH+wfQl
         ZT3/J3BoaCw9pfyECGxBd8RCs2LleOsGFlEf856OBwujQRl3EvJf1ji9Puj7rt3fpMqz
         uOqaXPS3I2GDhTrXGLfoB7oB1P4aVC9SK6pmdweLzHRowlI9UGzYHimBL0j0GyySg+xJ
         ZnVQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v184-v6si19980506pfv.249.2018.11.12.08.07.26;
        Mon, 12 Nov 2018 08:08:10 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730032AbeKMCA2 (ORCPT <rfc822;chenc2371@gmail.com> + 99 others);
        Mon, 12 Nov 2018 21:00:28 -0500
Received: from mga06.intel.com ([134.134.136.31]:13073 "EHLO mga06.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729371AbeKMCA1 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 12 Nov 2018 21:00:27 -0500
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga003.jf.intel.com ([10.7.209.27])
  by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Nov 2018 08:06:34 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.54,495,1534834800"; 
   d="scan'208";a="99615344"
Received: from black.fi.intel.com ([10.237.72.28])
  by orsmga003.jf.intel.com with ESMTP; 12 Nov 2018 08:06:29 -0800
Received: by black.fi.intel.com (Postfix, from userid 1001)
        id 9034184E; Mon, 12 Nov 2018 18:06:28 +0200 (EET)
From:   Mika Westerberg <mika.westerberg@linux.intel.com>
To:     iommu@lists.linux-foundation.org
Cc:     Joerg Roedel <joro@8bytes.org>,
        David Woodhouse <dwmw2@infradead.org>,
        Lu Baolu <baolu.lu@linux.intel.com>,
        Ashok Raj <ashok.raj@intel.com>,
        Bjorn Helgaas <bhelgaas@google.com>,
        "Rafael J. Wysocki" <rjw@rjwysocki.net>,
        Jacob jun Pan <jacob.jun.pan@intel.com>,
        Andreas Noever <andreas.noever@gmail.com>,
        Michael Jamet <michael.jamet@intel.com>,
        Yehezkel Bernat <YehezkelShB@gmail.com>,
        Lukas Wunner <lukas@wunner.de>,
        Christian Kellner <ckellner@redhat.com>,
        Mario.Limonciello@dell.com,
        Anthony Wong <anthony.wong@canonical.com>,
        Mika Westerberg <mika.westerberg@linux.intel.com>,
        linux-acpi@vger.kernel.org, linux-pci@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: [PATCH 3/4] iommu/vt-d: Do not enable ATS for external devices
Date:   Mon, 12 Nov 2018 19:06:27 +0300
Message-Id: <20181112160628.86620-4-mika.westerberg@linux.intel.com>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20181112160628.86620-1-mika.westerberg@linux.intel.com>
References: <20181112160628.86620-1-mika.westerberg@linux.intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Currently Linux automatically enables ATS (Address Translation Service)
for any device that supports it (and IOMMU is turned on). ATS is used to
accelerate DMA access as the device can cache translations locally so
there is no need to do full translation on IOMMU side. However, as
pointed out in [1] ATS can be used to bypass IOMMU based security
completely by simply sending PCIe read/write transaction with AT
(Address Translation) field set to "translated".

To mitigate this modify the Intel IOMMU code so that it does not enable
ATS for any device that is marked as being external. In case this turns
out to cause performance issues we may selectively allow ATS based on
user decision but currently use big hammer and disable it completely to
be on the safe side.

[1] https://www.repository.cam.ac.uk/handle/1810/274352

Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
---
 drivers/iommu/intel-iommu.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index ada786b05a59..b79788da6971 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -1473,7 +1473,8 @@ static void iommu_enable_dev_iotlb(struct device_domain_info *info)
 	if (info->pri_supported && !pci_reset_pri(pdev) && !pci_enable_pri(pdev, 32))
 		info->pri_enabled = 1;
 #endif
-	if (info->ats_supported && !pci_enable_ats(pdev, VTD_PAGE_SHIFT)) {
+	if (!pdev->is_external && info->ats_supported &&
+	    !pci_enable_ats(pdev, VTD_PAGE_SHIFT)) {
 		info->ats_enabled = 1;
 		domain_update_iotlb(info->domain);
 		info->ats_qdep = pci_ats_queue_depth(pdev);
-- 
2.19.1