mirror of https://gitee.com/openkylin/linux.git
iommu/amd: Use pci_ats_supported()
The pci_ats_supported() function checks if a device supports ATS and is allowed to use it. In addition to checking that the device has an ATS capability and that the global pci=noats is not set (pci_ats_disabled()), it also checks if a device is untrusted. A device is untrusted if it is plugged into an external-facing port such as Thunderbolt and could be spoofing an existing device to exploit weaknesses in the IOMMU configuration. By calling pci_ats_supported() we keep DTE[I]=0 for untrusted devices and abort transactions with Pretranslated Addresses. Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Reviewed-by: Joerg Roedel <jroedel@suse.de> Link: https://lore.kernel.org/r/20200520152201.3309416-3-jean-philippe@linaro.org Signed-off-by: Joerg Roedel <jroedel@suse.de>
This commit is contained in:
parent
521376741b
commit
7a441b2110
|
@ -291,16 +291,15 @@ static struct iommu_group *acpihid_device_group(struct device *dev)
|
|||
static bool pci_iommuv2_capable(struct pci_dev *pdev)
|
||||
{
|
||||
static const int caps[] = {
|
||||
PCI_EXT_CAP_ID_ATS,
|
||||
PCI_EXT_CAP_ID_PRI,
|
||||
PCI_EXT_CAP_ID_PASID,
|
||||
};
|
||||
int i, pos;
|
||||
|
||||
if (pci_ats_disabled())
|
||||
if (!pci_ats_supported(pdev))
|
||||
return false;
|
||||
|
||||
for (i = 0; i < 3; ++i) {
|
||||
for (i = 0; i < 2; ++i) {
|
||||
pos = pci_find_ext_capability(pdev, caps[i]);
|
||||
if (pos == 0)
|
||||
return false;
|
||||
|
@ -3028,11 +3027,8 @@ int amd_iommu_device_info(struct pci_dev *pdev,
|
|||
|
||||
memset(info, 0, sizeof(*info));
|
||||
|
||||
if (!pci_ats_disabled()) {
|
||||
pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ATS);
|
||||
if (pos)
|
||||
info->flags |= AMD_IOMMU_DEVICE_FLAG_ATS_SUP;
|
||||
}
|
||||
if (pci_ats_supported(pdev))
|
||||
info->flags |= AMD_IOMMU_DEVICE_FLAG_ATS_SUP;
|
||||
|
||||
pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_PRI);
|
||||
if (pos)
|
||||
|
|
Loading…
Reference in New Issue