diff options
author | Gil Kupfer <gilkup@gmail.com> | 2018-05-10 17:56:02 -0500 |
---|---|---|
committer | Bjorn Helgaas <helgaas@kernel.org> | 2018-05-10 17:56:02 -0500 |
commit | cef74409ea79b0a37af6889e7abf7a2a9c47979b (patch) | |
tree | 243ec22ccce2f44cf17e288ad0415691ad43f4e6 /drivers/pci/ats.c | |
parent | f154a718e6cc0d834f5ac4dc4c3b174e65f3659e (diff) | |
download | linux-cef74409ea79b0a37af6889e7abf7a2a9c47979b.tar.gz linux-cef74409ea79b0a37af6889e7abf7a2a9c47979b.tar.bz2 linux-cef74409ea79b0a37af6889e7abf7a2a9c47979b.zip |
PCI: Add "pci=noats" boot parameter
Adds a "pci=noats" boot parameter. When supplied, all ATS related
functions fail immediately and the IOMMU is configured to not use
device-IOTLB.
Any function that checks for ATS capabilities directly against the devices
should also check this flag. Currently, such functions exist only in IOMMU
drivers, and they are covered by this patch.
The motivation behind this patch is the existence of malicious devices.
Lots of research has been done about how to use the IOMMU as protection
from such devices. When ATS is supported, any I/O device can access any
physical address by faking device-IOTLB entries. Adding the ability to
ignore these entries lets sysadmins enhance system security.
Signed-off-by: Gil Kupfer <gilkup@cs.technion.ac.il>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Joerg Roedel <jroedel@suse.de>
Diffstat (limited to 'drivers/pci/ats.c')
-rw-r--r-- | drivers/pci/ats.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/pci/ats.c b/drivers/pci/ats.c index 89305b569d3d..4923a2a8e14b 100644 --- a/drivers/pci/ats.c +++ b/drivers/pci/ats.c @@ -20,6 +20,9 @@ void pci_ats_init(struct pci_dev *dev) { int pos; + if (pci_ats_disabled()) + return; + pos = pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ATS); if (!pos) return; |