| Message ID | 1553844159-21785-1-git-send-email-aaron.ma@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] iommu/vt-d: Disable ATS support on untrusted devices | expand |
On 2019-03-29 15:22:39, Aaron Ma wrote: > From: Lu Baolu <baolu.lu@linux.intel.com> > > BugLink: https://bugs.launchpad.net/bugs/1820153 > > Commit fb58fdcd295b9 ("iommu/vt-d: Do not enable ATS for untrusted > devices") disables ATS support on the devices which have been marked > as untrusted. Unfortunately this is not enough to fix the DMA attack > vulnerabiltiies because IOMMU driver allows translated requests as > long as a device advertises the ATS capability. Hence a malicious > peripheral device could use this to bypass IOMMU. > > This disables the ATS support on untrusted devices by clearing the > internal per-device ATS mark. As the result, IOMMU driver will block > any translated requests from any device marked as untrusted. > > Cc: Jacob Pan <jacob.jun.pan@linux.intel.com> > Cc: Mika Westerberg <mika.westerberg@linux.intel.com> > Suggested-by: Kevin Tian <kevin.tian@intel.com> > Suggested-by: Ashok Raj <ashok.raj@intel.com> > Fixes: fb58fdcd295b9 ("iommu/vt-d: Do not enable ATS for untrusted devices") > Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com> > Signed-off-by: Joerg Roedel <jroedel@suse.de> > (cherry picked from commit d8b8591054575f33237556c32762d54e30774d28) > Signed-off-by: Aaron Ma <aaron.ma@canonical.com> Acked-by: Tyler Hicks <tyhicks@canonical.com> Thanks for sending this one along, too. Tyler > --- > drivers/iommu/intel-iommu.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c > index 1c72434af56d..5ade9ac6d3e8 100644 > --- a/drivers/iommu/intel-iommu.c > +++ b/drivers/iommu/intel-iommu.c > @@ -2518,7 +2518,8 @@ static struct dmar_domain *dmar_insert_one_dev_info(struct intel_iommu *iommu, > if (dev && dev_is_pci(dev)) { > struct pci_dev *pdev = to_pci_dev(info->dev); > > - if (!pci_ats_disabled() && > + if (!pdev->untrusted && > + !pci_ats_disabled() && > ecap_dev_iotlb_support(iommu->ecap) && > pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS) && > dmar_find_matched_atsr_unit(pdev)) > -- > 2.17.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied 1 more patch to Cosmic (without rebasing) On 2019-03-29 09:55:18 , Tyler Hicks wrote: > On 2019-03-29 15:22:39, Aaron Ma wrote: > > From: Lu Baolu <baolu.lu@linux.intel.com> > > > > BugLink: https://bugs.launchpad.net/bugs/1820153 > > > > Commit fb58fdcd295b9 ("iommu/vt-d: Do not enable ATS for untrusted > > devices") disables ATS support on the devices which have been marked > > as untrusted. Unfortunately this is not enough to fix the DMA attack > > vulnerabiltiies because IOMMU driver allows translated requests as > > long as a device advertises the ATS capability. Hence a malicious > > peripheral device could use this to bypass IOMMU. > > > > This disables the ATS support on untrusted devices by clearing the > > internal per-device ATS mark. As the result, IOMMU driver will block > > any translated requests from any device marked as untrusted. > > > > Cc: Jacob Pan <jacob.jun.pan@linux.intel.com> > > Cc: Mika Westerberg <mika.westerberg@linux.intel.com> > > Suggested-by: Kevin Tian <kevin.tian@intel.com> > > Suggested-by: Ashok Raj <ashok.raj@intel.com> > > Fixes: fb58fdcd295b9 ("iommu/vt-d: Do not enable ATS for untrusted devices") > > Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com> > > Signed-off-by: Joerg Roedel <jroedel@suse.de> > > (cherry picked from commit d8b8591054575f33237556c32762d54e30774d28) > > Signed-off-by: Aaron Ma <aaron.ma@canonical.com> > > Acked-by: Tyler Hicks <tyhicks@canonical.com> > > Thanks for sending this one along, too. > > Tyler > > > --- > > drivers/iommu/intel-iommu.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c > > index 1c72434af56d..5ade9ac6d3e8 100644 > > --- a/drivers/iommu/intel-iommu.c > > +++ b/drivers/iommu/intel-iommu.c > > @@ -2518,7 +2518,8 @@ static struct dmar_domain *dmar_insert_one_dev_info(struct intel_iommu *iommu, > > if (dev && dev_is_pci(dev)) { > > struct pci_dev *pdev = to_pci_dev(info->dev); > > > > - if (!pci_ats_disabled() && > > + if (!pdev->untrusted && > > + !pci_ats_disabled() && > > ecap_dev_iotlb_support(iommu->ecap) && > > pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS) && > > dmar_find_matched_atsr_unit(pdev)) > > -- > > 2.17.1 > > > > > > -- > > kernel-team mailing list > > kernel-team@lists.ubuntu.com > > https://lists.ubuntu.com/mailman/listinfo/kernel-team > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c index 1c72434af56d..5ade9ac6d3e8 100644 --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c @@ -2518,7 +2518,8 @@ static struct dmar_domain *dmar_insert_one_dev_info(struct intel_iommu *iommu, if (dev && dev_is_pci(dev)) { struct pci_dev *pdev = to_pci_dev(info->dev); - if (!pci_ats_disabled() && + if (!pdev->untrusted && + !pci_ats_disabled() && ecap_dev_iotlb_support(iommu->ecap) && pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS) && dmar_find_matched_atsr_unit(pdev))