[PATCH v2] iommu/vt-d: Disable ATS support on untrusted devices

Aaron Ma aaron.ma at canonical.com
Fri Mar 29 07:30:51 UTC 2019

From: Lu Baolu <baolu.lu at linux.intel.com>

BugLink: https://bugs.launchpad.net/bugs/1820153

Commit fb58fdcd295b9 ("iommu/vt-d: Do not enable ATS for untrusted
devices") disables ATS support on the devices which have been marked
as untrusted. Unfortunately this is not enough to fix the DMA attack
vulnerabiltiies because IOMMU driver allows translated requests as
long as a device advertises the ATS capability. Hence a malicious
peripheral device could use this to bypass IOMMU.

This disables the ATS support on untrusted devices by clearing the
internal per-device ATS mark. As the result, IOMMU driver will block
any translated requests from any device marked as untrusted.

Cc: Jacob Pan <jacob.jun.pan at linux.intel.com>
Cc: Mika Westerberg <mika.westerberg at linux.intel.com>
Suggested-by: Kevin Tian <kevin.tian at intel.com>
Suggested-by: Ashok Raj <ashok.raj at intel.com>
Fixes: fb58fdcd295b9 ("iommu/vt-d: Do not enable ATS for untrusted devices")
Signed-off-by: Lu Baolu <baolu.lu at linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel at suse.de>
(backported from commit d8b8591054575f33237556c32762d54e30774d28)
Signed-off-by: Aaron Ma <aaron.ma at canonical.com>
 drivers/iommu/intel-iommu.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index 21ecab995cb2..9156605c15b5 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -2460,7 +2460,8 @@ static struct dmar_domain *dmar_insert_one_dev_info(struct intel_iommu *iommu,
 	if (dev && dev_is_pci(dev)) {
 		struct pci_dev *pdev = to_pci_dev(info->dev);
-		if (ecap_dev_iotlb_support(iommu->ecap) &&
+		if (!pdev->untrusted &&
+		    ecap_dev_iotlb_support(iommu->ecap) &&
 		    pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS) &&
 			info->ats_supported = 1;

More information about the kernel-team mailing list