iommu/vt-d: Check whether device requires bounce buffer

This adds a helper to check whether a device needs to use bounce buffer. It also provides a boot time option to disable the bounce buffer. Users can use this to prevent the iommu driver from using the bounce buffer for performance gain. Cc: Ashok Raj <ashok.raj@intel.com> Cc: Jacob Pan <jacob.jun.pan@linux.intel.com> Cc: Kevin Tian <kevin.tian@intel.com> Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com> Tested-by: Xu Pengfei <pengfei.xu@intel.com> Tested-by: Mika Westerberg <mika.westerberg@intel.com> Signed-off-by: Joerg Roedel <jroedel@suse.de>
author: Lu Baolu <baolu.lu@linux.intel.com> 2019-09-06 02:14:49 -0400
committer: Joerg Roedel <jroedel@suse.de> 2019-09-11 06:34:29 -0400
commit: e5e04d051979dbd636a99099b7a595093c50a4bc (patch)
tree: 02c641871e285fea720da12bd1420bc865ccae83
parent: 3fc1ca00653db6371585e3c21c4b873b2f20e60a (diff)
2 files changed, 12 insertions, 0 deletions
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 47d981a86e2f..aaca73080097 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1732,6 +1732,11 @@
                        Note that using this option lowers the security
                        provided by tboot because it makes the system
                        vulnerable to DMA attacks.
+                nobounce [Default off]
+                        Disable bounce buffer for unstrusted devices such as
+                        the Thunderbolt devices. This will treat the untrusted
+                        devices as the trusted ones, hence might expose security
+                        risks of DMA attacks.
        intel_idle.max_cstate=  [KNL,HW,ACPI,X86]
                        0       disables intel_idle and fall back on acpi_idle.
diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index 12d094d08c0a..ce6baabc9dcc 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -360,6 +360,7 @@ static int dmar_forcedac;
 static int intel_iommu_strict;
 static int intel_iommu_superpage = 1;
 static int iommu_identity_mapping;
+static int intel_no_bounce;
 #define IDENTMAP_ALL            1
 #define IDENTMAP_GFX            2
@@ -373,6 +374,9 @@ EXPORT_SYMBOL_GPL(intel_iommu_gfx_mapped);
 static DEFINE_SPINLOCK(device_domain_lock);
 static LIST_HEAD(device_domain_list);
+#define device_needs_bounce(d) (!intel_no_bounce && dev_is_pci(d) &&    \
+                                to_pci_dev(d)->untrusted)
 /*
 * Iterate over elements in device_domain_list and call the specified
 * callback @fn against each element.
@@ -455,6 +459,9 @@ static int __init intel_iommu_setup(char *str)
                        printk(KERN_INFO
                                "Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
                        intel_iommu_tboot_noforce = 1;
+                } else if (!strncmp(str, "nobounce", 8)) {
+                        pr_info("Intel-IOMMU: No bounce buffer. This could expose security risks of DMA attacks\n");
+                        intel_no_bounce = 1;
                }
                str += strcspn(str, ",");
author	Lu Baolu <baolu.lu@linux.intel.com>	2019-09-06 02:14:49 -0400
committer	Joerg Roedel <jroedel@suse.de>	2019-09-11 06:34:29 -0400
commit	e5e04d051979dbd636a99099b7a595093c50a4bc (patch)
tree	02c641871e285fea720da12bd1420bc865ccae83
parent	3fc1ca00653db6371585e3c21c4b873b2f20e60a (diff)