[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200602054517.191244-1-rajatja@google.com>
Date: Mon, 1 Jun 2020 22:45:17 -0700
From: Rajat Jain <rajatja@...gle.com>
To: David Woodhouse <dwmw2@...radead.org>,
Lu Baolu <baolu.lu@...ux.intel.com>,
Joerg Roedel <joro@...tes.org>,
iommu@...ts.linux-foundation.org, linux-kernel@...r.kernel.org,
Mika Westerberg <mika.westerberg@...el.com>,
Ashok Raj <ashok.raj@...el.com>,
lalithambika.krishnakumar@...el.com
Cc: Rajat Jain <rajatja@...gle.com>, rajatxjain@...il.com,
pmalani@...gle.com, bleung@...gle.com, levinale@...gle.com,
zsm@...gle.com, mnissler@...gle.com, tbroch@...gle.com
Subject: [PATCH] iommu/vt-d: Don't apply gfx quirks to untrusted devices
Currently, an external malicious PCI device can masquerade the VID:PID
of faulty gfx devices, and thus apply iommu quirks to effectively
disable the IOMMU restrictions for itself.
Thus we need to ensure that the device we are applying quirks to, is
indeed an internal trusted device.
Signed-off-by: Rajat Jain <rajatja@...gle.com>
---
drivers/iommu/intel-iommu.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index ef0a5246700e5..f2a480168a02f 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -6214,6 +6214,11 @@ const struct iommu_ops intel_iommu_ops = {
static void quirk_iommu_igfx(struct pci_dev *dev)
{
+ if (dev->untrusted) {
+ pci_warn(dev, "skipping iommu quirk for untrusted gfx dev\n");
+ return;
+ }
+
pci_info(dev, "Disabling IOMMU for graphics on this chipset\n");
dmar_map_gfx = 0;
}
@@ -6255,6 +6260,11 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x163D, quirk_iommu_igfx);
static void quirk_iommu_rwbf(struct pci_dev *dev)
{
+ if (dev->untrusted) {
+ pci_warn(dev, "skipping iommu quirk for untrusted dev\n");
+ return;
+ }
+
/*
* Mobile 4 Series Chipset neglects to set RWBF capability,
* but needs it. Same seems to hold for the desktop versions.
@@ -6285,6 +6295,11 @@ static void quirk_calpella_no_shadow_gtt(struct pci_dev *dev)
{
unsigned short ggc;
+ if (dev->untrusted) {
+ pci_warn(dev, "skipping iommu quirk for untrusted gfx dev\n");
+ return;
+ }
+
if (pci_read_config_word(dev, GGC, &ggc))
return;
@@ -6318,6 +6333,13 @@ static void __init check_tylersburg_isoch(void)
pdev = pci_get_device(PCI_VENDOR_ID_INTEL, 0x3a3e, NULL);
if (!pdev)
return;
+
+ if (pdev->untrusted) {
+ pci_warn(pdev, "skipping iommu quirk due to untrusted dev\n");
+ pci_dev_put(pdev);
+ return;
+ }
+
pci_dev_put(pdev);
/* System Management Registers. Might be hidden, in which case
@@ -6327,6 +6349,12 @@ static void __init check_tylersburg_isoch(void)
if (!pdev)
return;
+ if (pdev->untrusted) {
+ pci_warn(pdev, "skipping iommu quirk due to untrusted dev\n");
+ pci_dev_put(pdev);
+ return;
+ }
+
if (pci_read_config_dword(pdev, 0x188, &vtisochctrl)) {
pci_dev_put(pdev);
return;
--
2.27.0.rc2.251.g90737beb825-goog
Powered by blists - more mailing lists