From patchwork Fri Mar 15 05:04:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aaron Ma X-Patchwork-Id: 1056842 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44LD5X5JQ1z9s6w; Fri, 15 Mar 2019 16:04:32 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1h4f19-0007PV-M4; Fri, 15 Mar 2019 05:04:27 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1h4f18-0007PP-3s for kernel-team@lists.ubuntu.com; Fri, 15 Mar 2019 05:04:26 +0000 Received: from [125.35.49.90] (helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1h4f16-0000Q5-Vu for kernel-team@lists.ubuntu.com; Fri, 15 Mar 2019 05:04:25 +0000 From: Aaron Ma To: kernel-team@lists.ubuntu.com Subject: [PATCH 0/5] [B-OEM]iommu: add kernel dma protection Date: Fri, 15 Mar 2019 13:04:13 +0800 Message-Id: <20190315050418.7788-1-aaron.ma@canonical.com> X-Mailer: git-send-email 2.17.1 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1820153 [Impact] OS can use IOMMU to defend against DMA attacks from a PCI device like thunderbolt one. Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table. Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices. [Fix] Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD. Disable ATS on the untrusted PCI device. [Test] Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt dock station. iommu enabled as expected with this fix. [Regression Potential] Upstream fix, Verified on supported platforms, no affection on not supported platforms. Backported changes are fairly minimal. These patches are included in 5.0 kernel, disco is good. Erik Schmauss (1): ACPICA: AML parser: attempt to continue loading table after error Lu Baolu (1): iommu/vt-d: Force IOMMU on for platform opt in hint Mika Westerberg (3): PCI / ACPI: Identify untrusted PCI devices iommu/vt-d: Do not enable ATS for untrusted devices thunderbolt: Export IOMMU based DMA protection support to userspace .../ABI/testing/sysfs-bus-thunderbolt | 9 +++ Documentation/admin-guide/thunderbolt.rst | 20 +++++++ drivers/acpi/acpica/psloop.c | 51 ++++++++++++++++- drivers/acpi/acpica/psobject.c | 30 ++++++++++ drivers/acpi/property.c | 11 ++++ drivers/iommu/dmar.c | 25 +++++++++ drivers/iommu/intel-iommu.c | 56 ++++++++++++++++++- drivers/pci/pci-acpi.c | 19 +++++++ drivers/pci/probe.c | 15 +++++ drivers/thunderbolt/domain.c | 17 ++++++ include/linux/dmar.h | 8 +++ include/linux/pci.h | 8 +++ 12 files changed, 265 insertions(+), 4 deletions(-) Acked-by: Hui Wang Acked-By: AceLan Kao