Lu Baolu d8b8591054 iommu/vt-d: Disable ATS support on untrusted devices ... Commit fb58fdcd29 ("iommu/vt-d: Do not enable ATS for untrusted devices") disables ATS support on the devices which have been marked as untrusted. Unfortunately this is not enough to fix the DMA attack vulnerabiltiies because IOMMU driver allows translated requests as long as a device advertises the ATS capability. Hence a malicious peripheral device could use this to bypass IOMMU. This disables the ATS support on untrusted devices by clearing the internal per-device ATS mark. As the result, IOMMU driver will block any translated requests from any device marked as untrusted. Cc: Jacob Pan <jacob.jun.pan@linux.intel.com> Cc: Mika Westerberg <mika.westerberg@linux.intel.com> Suggested-by: Kevin Tian <kevin.tian@intel.com> Suggested-by: Ashok Raj <ashok.raj@intel.com> Fixes: fb58fdcd29 ("iommu/vt-d: Do not enable ATS for untrusted devices") Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com> Signed-off-by: Joerg Roedel <jroedel@suse.de>		2019-03-01 10:23:35 +01:00
..
amd_iommu.c	IOMMU Updates for Linux v4.21	2019-01-01 15:55:29 -08:00
amd_iommu_debugfs.c	iommu/amd: Add basic debugfs infrastructure for AMD IOMMU	2018-07-06 14:06:30 +02:00
amd_iommu_init.c	Merge branches 'iommu/fixes', 'arm/renesas', 'arm/mediatek', 'arm/tegra', 'arm/omap', 'arm/smmu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-12-20 10:05:20 +01:00
amd_iommu_proto.h	iommu/amd: Add basic debugfs infrastructure for AMD IOMMU	2018-07-06 14:06:30 +02:00
amd_iommu_types.h	iommu/amd: Ignore page-mode 7 in free_sub_pt()	2018-11-15 16:40:53 +01:00
amd_iommu_v2.c	iommu/amd: Use pr_fmt()	2018-11-28 09:47:41 +01:00
arm-smmu-regs.h
arm-smmu-v3.c	Merge branches 'iommu/fixes', 'arm/renesas', 'arm/mediatek', 'arm/tegra', 'arm/omap', 'arm/smmu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-12-20 10:05:20 +01:00
arm-smmu.c	Merge branches 'iommu/fixes', 'arm/renesas', 'arm/mediatek', 'arm/tegra', 'arm/omap', 'arm/smmu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-12-20 10:05:20 +01:00
dma-iommu.c	IOMMU Updates for Linux v4.21	2019-01-01 15:55:29 -08:00
dmar.c	IOMMU Updates for Linux v4.21	2019-01-01 15:55:29 -08:00
exynos-iommu.c	IOMMU Update for Linux v4.19	2018-08-24 13:10:38 -07:00
fsl_pamu.c	iommu: fsl_pamu: use for_each_of_cpu_node iterator	2018-09-28 14:25:58 -05:00
fsl_pamu.h	iommu/pamu: Fix PAMU boot crash	2017-08-23 16:28:09 +02:00
fsl_pamu_domain.c	Merge branches 'arm/renesas', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-10-10 18:09:37 +02:00
fsl_pamu_domain.h	iommu/pamu: Fix PAMU boot crash	2017-08-23 16:28:09 +02:00
intel-iommu-debugfs.c	iommu/vt-d: Add debugfs support to show context internals	2018-09-25 14:33:44 +02:00
intel-iommu.c	iommu/vt-d: Disable ATS support on untrusted devices	2019-03-01 10:23:35 +01:00
intel-pasid.c	iommu/vt-d: Shared virtual address in scalable mode	2018-12-11 10:46:00 +01:00
intel-pasid.h	iommu/vt-d: Shared virtual address in scalable mode	2018-12-11 10:46:00 +01:00
intel-svm.c	iommu/vt-d: Remove change_pte notifier	2019-01-30 17:31:36 +01:00
intel_irq_remapping.c	iommu/vt-d: Allow interrupts from the entire bus for aliased devices	2019-02-26 10:34:03 +01:00
io-pgtable-arm-v7s.c	Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems"	2018-12-17 10:19:10 +01:00
io-pgtable-arm.c	iommu/io-pgtable-arm: Add support for non-strict mode	2018-10-01 13:01:33 +01:00
io-pgtable.c
io-pgtable.h	iommu/io-pgtable-arm: Add support for non-strict mode	2018-10-01 13:01:33 +01:00
iommu-debugfs.c	iommu: Enable debugfs exposure of IOMMU driver internals	2018-07-06 14:06:30 +02:00
iommu-sysfs.c	iommu/sysfs: Rename iommu_release_device()	2018-12-17 12:47:49 +01:00
iommu-traces.c	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
iommu.c	iommu: Check for iommu_ops == NULL in iommu_probe_device()	2018-12-20 10:02:20 +01:00
iova.c	iommu/iova: Optimise attempts to allocate iova from 32bit address range	2018-09-25 10:18:27 +02:00
ipmmu-vmsa.c	Merge branches 'iommu/fixes', 'arm/renesas', 'arm/mediatek', 'arm/tegra', 'arm/omap', 'arm/smmu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-12-20 10:05:20 +01:00
irq_remapping.c	irq_remapping: Remove unused header files	2018-12-03 14:26:12 +01:00
irq_remapping.h	irq_remapping: Use apic_ack_irq()	2018-06-06 15:18:20 +02:00
Kconfig	IOMMU Updates for Linux v4.20	2018-10-26 10:50:10 -07:00
Makefile	iommu/vt-d: Enable base Intel IOMMU debugfs support	2018-09-25 14:33:43 +02:00
msm_iommu.c	iommu/msm: Make it explicitly non-modular	2018-12-03 14:32:03 +01:00
msm_iommu.h
msm_iommu_hw-8xxx.h
mtk_iommu.c	Merge branches 'iommu/fixes', 'arm/renesas', 'arm/mediatek', 'arm/tegra', 'arm/omap', 'arm/smmu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-12-20 10:05:20 +01:00
mtk_iommu.h	iommu/mediatek: Fix protect memory setting	2018-03-21 06:13:57 -05:00
mtk_iommu_v1.c	Merge branches 'iommu/fixes', 'arm/renesas', 'arm/mediatek', 'arm/tegra', 'arm/omap', 'arm/smmu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-12-20 10:05:20 +01:00
of_iommu.c	iommu/of: Don't call iommu_ops->add_device directly	2018-12-17 12:47:50 +01:00
omap-iommu-debug.c	iommu/omap: Remove DEBUG_SEQ_FOPS_RO()	2018-11-22 17:10:43 +01:00
omap-iommu.c	Merge branches 'arm/shmobile', 'arm/renesas', 'arm/msm', 'arm/smmu', 'arm/omap', 'x86/amd', 'x86/vt-d' and 'core' into next	2018-08-08 12:02:27 +02:00
omap-iommu.h	iommu/omap: Add support to program multiple iommus	2017-09-19 11:32:05 +02:00
omap-iopgtable.h
qcom_iommu.c	iommu/qcom: Use helper functions to access dev->iommu_fwspec	2018-12-17 10:38:32 +01:00
rockchip-iommu.c	iommu/rockchip: Make it explicitly non-modular	2018-12-03 14:32:03 +01:00
s390-iommu.c	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
tegra-gart.c	iommu/tegra: Make it explicitly non-modular	2018-12-03 14:32:03 +01:00
tegra-smmu.c	Merge branches 'iommu/fixes', 'arm/renesas', 'arm/mediatek', 'arm/tegra', 'arm/omap', 'arm/smmu', 'x86/vt-d', 'x86/amd' and 'core' into next	2018-12-20 10:05:20 +01:00