linux/drivers/iommu
Lu Baolu 89a6079df7 iommu/vt-d: Force IOMMU on for platform opt in hint
Intel VT-d spec added a new DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR
ACPI table [1] for BIOS to report compliance about platform initiated
DMA restricted to RMRR ranges when transferring control to the OS. This
means that during OS boot, before it enables IOMMU none of the connected
devices can bypass DMA protection for instance by overwriting the data
structures used by the IOMMU. The OS also treats this as a hint that the
IOMMU should be enabled to prevent DMA attacks from possible malicious
devices.

A use of this flag is Kernel DMA protection for Thunderbolt [2] which in
practice means that IOMMU should be enabled for PCIe devices connected
to the Thunderbolt ports. With IOMMU enabled for these devices, all DMA
operations are limited in the range reserved for it, thus the DMA
attacks are prevented. All these devices are enumerated in the PCI/PCIe
module and marked with an untrusted flag.

This forces IOMMU to be enabled if DMA_CTRL_PLATFORM_OPT_IN_FLAG is set
in DMAR ACPI table and there are PCIe devices marked as untrusted in the
system. This can be turned off by adding "intel_iommu=off" in the kernel
command line, if any problems are found.

[1] https://software.intel.com/sites/default/files/managed/c5/15/vt-directed-io-spec.pdf
[2] https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt

Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: Sohil Mehta <sohil.mehta@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Ashok Raj <ashok.raj@intel.com>
Reviewed-by: Joerg Roedel <jroedel@suse.de>
Acked-by: Joerg Roedel <jroedel@suse.de>
2018-12-05 12:01:55 +03:00
..
amd_iommu_debugfs.c iommu/amd: Add basic debugfs infrastructure for AMD IOMMU 2018-07-06 14:06:30 +02:00
amd_iommu_init.c amd/iommu: Fix Guest Virtual APIC Log Tail Address Register 2018-11-12 15:04:24 +01:00
amd_iommu_proto.h iommu/amd: Add basic debugfs infrastructure for AMD IOMMU 2018-07-06 14:06:30 +02:00
amd_iommu_types.h Merge branches 'arm/shmobile', 'arm/renesas', 'arm/msm', 'arm/smmu', 'arm/omap', 'x86/amd', 'x86/vt-d' and 'core' into next 2018-08-08 12:02:27 +02:00
amd_iommu_v2.c Revert "mm, mmu_notifier: annotate mmu notifiers with blockable invalidate callbacks" 2018-10-26 16:25:19 -07:00
amd_iommu.c Merge branches 'arm/renesas', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next 2018-10-10 18:09:37 +02:00
arm-smmu-regs.h iommu/arm-smmu: Split out register defines 2017-08-15 17:34:48 +02:00
arm-smmu-v3.c iommu/arm-smmu-v3: Remove unnecessary wrapper function 2018-10-10 18:09:25 +02:00
arm-smmu.c Merge branches 'arm/renesas', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next 2018-10-10 18:09:37 +02:00
dma-iommu.c Merge branches 'arm/renesas', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next 2018-10-10 18:09:37 +02:00
dmar.c iommu/vt-d: Force IOMMU on for platform opt in hint 2018-12-05 12:01:55 +03:00
exynos-iommu.c IOMMU Update for Linux v4.19 2018-08-24 13:10:38 -07:00
fsl_pamu_domain.c Merge branches 'arm/renesas', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next 2018-10-10 18:09:37 +02:00
fsl_pamu_domain.h iommu/pamu: Fix PAMU boot crash 2017-08-23 16:28:09 +02:00
fsl_pamu.c iommu: fsl_pamu: use for_each_of_cpu_node iterator 2018-09-28 14:25:58 -05:00
fsl_pamu.h iommu/pamu: Fix PAMU boot crash 2017-08-23 16:28:09 +02:00
intel_irq_remapping.c iommu/vt-d: Relocate struct/function declarations to its header files 2018-09-25 14:33:43 +02:00
intel-iommu-debugfs.c iommu/vt-d: Add debugfs support to show context internals 2018-09-25 14:33:44 +02:00
intel-iommu.c iommu/vt-d: Force IOMMU on for platform opt in hint 2018-12-05 12:01:55 +03:00
intel-pasid.c iommu/vt-d: Per PCI device pasid table interfaces 2018-07-20 14:44:24 +02:00
intel-pasid.h iommu/vt-d: Handle memory shortage on pasid table allocation 2018-09-25 14:33:02 +02:00
intel-svm.c iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() 2018-11-06 16:46:24 +01:00
io-pgtable-arm-v7s.c iommu/io-pgtable-arm-v7s: Add support for non-strict mode 2018-10-01 13:01:34 +01:00
io-pgtable-arm.c iommu/io-pgtable-arm: Add support for non-strict mode 2018-10-01 13:01:33 +01:00
io-pgtable.c iommu/io-pgtable: Fix a brace coding style issue. 2016-04-05 15:34:29 +02:00
io-pgtable.h iommu/io-pgtable-arm: Add support for non-strict mode 2018-10-01 13:01:33 +01:00
iommu-debugfs.c iommu: Enable debugfs exposure of IOMMU driver internals 2018-07-06 14:06:30 +02:00
iommu-sysfs.c iommu: Fix wrong freeing of iommu_device->dev 2017-08-15 13:58:48 +02:00
iommu-traces.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iommu.c Merge branches 'arm/renesas', 'arm/smmu', 'ppc/pamu', 'x86/vt-d', 'x86/amd' and 'core' into next 2018-10-10 18:09:37 +02:00
iova.c iommu/iova: Optimise attempts to allocate iova from 32bit address range 2018-09-25 10:18:27 +02:00
ipmmu-vmsa.c iommu/ipmmu-vmsa: Fix crash on early domain free 2018-11-08 10:26:35 +01:00
irq_remapping.c irq_remapping: Use apic_ack_irq() 2018-06-06 15:18:20 +02:00
irq_remapping.h irq_remapping: Use apic_ack_irq() 2018-06-06 15:18:20 +02:00
Kconfig IOMMU Updates for Linux v4.20 2018-10-26 10:50:10 -07:00
Makefile iommu/vt-d: Enable base Intel IOMMU debugfs support 2018-09-25 14:33:43 +02:00
msm_iommu_hw-8xxx.h
msm_iommu.c IOMMU Update for Linux v4.19 2018-08-24 13:10:38 -07:00
msm_iommu.h iommu/msm: Make use of iommu_device_register interface 2017-02-10 13:44:57 +01:00
mtk_iommu_v1.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
mtk_iommu.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
mtk_iommu.h iommu/mediatek: Fix protect memory setting 2018-03-21 06:13:57 -05:00
of_iommu.c iommu/of: support iommu configuration for fsl-mc devices 2018-09-25 09:47:52 +02:00
omap-iommu-debug.c iommu/omap: Fix debugfs_create_*() usage 2018-01-17 14:23:33 +01:00
omap-iommu.c Merge branches 'arm/shmobile', 'arm/renesas', 'arm/msm', 'arm/smmu', 'arm/omap', 'x86/amd', 'x86/vt-d' and 'core' into next 2018-08-08 12:02:27 +02:00
omap-iommu.h iommu/omap: Add support to program multiple iommus 2017-09-19 11:32:05 +02:00
omap-iopgtable.h
qcom_iommu.c IOMMU Update for Linux v4.19 2018-08-24 13:10:38 -07:00
rockchip-iommu.c iommu/rockchip: Free irqs in shutdown handler 2018-09-25 11:13:34 +02:00
s390-iommu.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tegra-gart.c iommu: Remove the ->map_sg indirection 2018-08-08 11:06:20 +02:00
tegra-smmu.c iommu: Remove the ->map_sg indirection 2018-08-08 11:06:20 +02:00