iommu/vt-d: Flush IOTLB for untrusted device in time

By default, for performance consideration, Intel IOMMU
driver won't flush IOTLB immediately after a buffer is
unmapped. It schedules a thread and flushes IOTLB in a
batched mode. This isn't suitable for untrusted device
since it still can access the memory even if it isn't
supposed to do so.

Cc: Ashok Raj <ashok.raj@intel.com>
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Tested-by: Xu Pengfei <pengfei.xu@intel.com>
Tested-by: Mika Westerberg <mika.westerberg@intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>

1 files changed, 5 insertions, 1 deletions

diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index 599a25809440..d93c4bd7de75 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -3729,6 +3729,7 @@ static void intel_unmap(struct device *dev, dma_addr_t dev_addr, size_t size)
         unsigned long iova_pfn;
         struct intel_iommu *iommu;
         struct page *freelist;
+        struct pci_dev *pdev = NULL;
 
         domain = find_domain(dev);
         BUG_ON(!domain);
@@ -3741,11 +3742,14 @@ static void intel_unmap(struct device *dev, dma_addr_t dev_addr, size_t size)
         start_pfn = mm_to_dma_pfn(iova_pfn);
         last_pfn = start_pfn + nrpages - 1;
 
+        if (dev_is_pci(dev))
+                pdev = to_pci_dev(dev);
+
         dev_dbg(dev, "Device unmapping: pfn %lx-%lx\n", start_pfn, last_pfn);
 
         freelist = domain_unmap(domain, start_pfn, last_pfn);
 
-        if (intel_iommu_strict) {
+        if (intel_iommu_strict || (pdev && pdev->untrusted)) {
                 iommu_flush_iotlb_psi(iommu, domain, start_pfn,
                                       nrpages, !freelist, 0);
                 /* free iova */