iommu/vt-d: Check whether device requires bounce buffer

This adds a helper to check whether a device needs to
use bounce buffer. It also provides a boot time option
to disable the bounce buffer. Users can use this to
prevent the iommu driver from using the bounce buffer
for performance gain.

Cc: Ashok Raj <ashok.raj@intel.com>
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Tested-by: Xu Pengfei <pengfei.xu@intel.com>
Tested-by: Mika Westerberg <mika.westerberg@intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
This commit is contained in:
Lu Baolu 2019-09-06 14:14:49 +08:00 committed by Joerg Roedel
parent 3fc1ca0065
commit e5e04d0519
2 changed files with 12 additions and 0 deletions

View File

@ -1732,6 +1732,11 @@
Note that using this option lowers the security Note that using this option lowers the security
provided by tboot because it makes the system provided by tboot because it makes the system
vulnerable to DMA attacks. vulnerable to DMA attacks.
nobounce [Default off]
Disable bounce buffer for unstrusted devices such as
the Thunderbolt devices. This will treat the untrusted
devices as the trusted ones, hence might expose security
risks of DMA attacks.
intel_idle.max_cstate= [KNL,HW,ACPI,X86] intel_idle.max_cstate= [KNL,HW,ACPI,X86]
0 disables intel_idle and fall back on acpi_idle. 0 disables intel_idle and fall back on acpi_idle.

View File

@ -360,6 +360,7 @@ static int dmar_forcedac;
static int intel_iommu_strict; static int intel_iommu_strict;
static int intel_iommu_superpage = 1; static int intel_iommu_superpage = 1;
static int iommu_identity_mapping; static int iommu_identity_mapping;
static int intel_no_bounce;
#define IDENTMAP_ALL 1 #define IDENTMAP_ALL 1
#define IDENTMAP_GFX 2 #define IDENTMAP_GFX 2
@ -373,6 +374,9 @@ EXPORT_SYMBOL_GPL(intel_iommu_gfx_mapped);
static DEFINE_SPINLOCK(device_domain_lock); static DEFINE_SPINLOCK(device_domain_lock);
static LIST_HEAD(device_domain_list); static LIST_HEAD(device_domain_list);
#define device_needs_bounce(d) (!intel_no_bounce && dev_is_pci(d) && \
to_pci_dev(d)->untrusted)
/* /*
* Iterate over elements in device_domain_list and call the specified * Iterate over elements in device_domain_list and call the specified
* callback @fn against each element. * callback @fn against each element.
@ -455,6 +459,9 @@ static int __init intel_iommu_setup(char *str)
printk(KERN_INFO printk(KERN_INFO
"Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n"); "Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
intel_iommu_tboot_noforce = 1; intel_iommu_tboot_noforce = 1;
} else if (!strncmp(str, "nobounce", 8)) {
pr_info("Intel-IOMMU: No bounce buffer. This could expose security risks of DMA attacks\n");
intel_no_bounce = 1;
} }
str += strcspn(str, ","); str += strcspn(str, ",");