From: Sinan Kaya <okaya@codeaurora.org>
To: Joerg Roedel <joro@8bytes.org>, Gil Kupfer <gilkup@gmail.com>
Cc: dwmw2@infradead.org, bhelgaas@google.com,
iommu@lists.linux-foundation.org, linux-pci@vger.kernel.org,
linux-kernel@vger.kernel.org, nadav.amit@gmail.com,
Gil Kupfer <gilkup@cs.technion.ac.il>,
Will Deacon <will.deacon@arm.com>
Subject: Re: [RFC/RFT] Add noats flag to boot parameters
Date: Thu, 3 May 2018 09:46:34 -0400 [thread overview]
Message-ID: <359d736a-a7ac-f0e4-f4db-dc7bb506481c@codeaurora.org> (raw)
In-Reply-To: <20180503133459.waawna3ebtu3udn6@8bytes.org>
On 5/3/2018 9:35 AM, Joerg Roedel wrote:
> On Sun, Apr 29, 2018 at 09:16:48PM +0300, Gil Kupfer wrote:
>> This patch adds noats option to the pci boot parameter.
>> When noats is selected, all ATS related functions fail immediately and
>> the IOMMU is configured to not use device-iotlb.
>>
>> Any function that checks for ATS capabilities directly against the
>> devices should also check this flag. (Currently, such functions exist
>> only in IOMMU drivers, and they are covered by this patch.)
>>
>> The motivation behind this patch is the existence of malicious devices.
>> Lots of research has been done about how to utilitize the IOMMU as a
>> protection from such devices. When ATS is supported, any I/O device can
>> access any physical access by faking device-IOTLB entries.
>> Adding the ability to ignore these entries lets sysadmins enhance system
>> security.
>>
>> Signed-off-by: Gil Kupfer <gilkup@cs.technion.ac.il>
>
> This has also been on my list, thanks for doing that.
>
> Acked-by: Joerg Roedel <jroedel@suse.de>
>
I also like the idea in general.
Minor nit..
Shouldn't this be an iommu parameter rather than a PCI kernel command line parameter?
We now have an iommu.passthrough argument that prevents page translation.
Doesn't this fit into the same category especially when it is the IOMMU drivers that
call ATS functions for enablement not the PCI drivers.
--
Sinan Kaya
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies, Inc.
Qualcomm Technologies, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.
next prev parent reply other threads:[~2018-05-03 13:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-29 18:16 [RFC/RFT] Add noats flag to boot parameters Gil Kupfer
2018-05-03 13:35 ` Joerg Roedel
2018-05-03 13:46 ` Sinan Kaya [this message]
2018-05-03 13:59 ` Joerg Roedel
2018-05-03 14:23 ` Sinan Kaya
2018-05-03 22:15 ` Nadav Amit
2018-05-03 22:52 ` Bjorn Helgaas
2018-05-10 23:09 ` Bjorn Helgaas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=359d736a-a7ac-f0e4-f4db-dc7bb506481c@codeaurora.org \
--to=okaya@codeaurora.org \
--cc=bhelgaas@google.com \
--cc=dwmw2@infradead.org \
--cc=gilkup@cs.technion.ac.il \
--cc=gilkup@gmail.com \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=nadav.amit@gmail.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).