• Gil Kupfer's avatar
    PCI: Add "pci=noats" boot parameter · cef74409
    Gil Kupfer authored
    Adds a "pci=noats" boot parameter.  When supplied, all ATS related
    functions fail immediately and the IOMMU is configured to not use
    device-IOTLB.
    
    Any function that checks for ATS capabilities directly against the devices
    should also check this flag.  Currently, such functions exist only in IOMMU
    drivers, and they are covered by this patch.
    
    The motivation behind this patch is the existence of malicious devices.
    Lots of research has been done about how to use the IOMMU as protection
    from such devices.  When ATS is supported, any I/O device can access any
    physical address by faking device-IOTLB entries.  Adding the ability to
    ignore these entries lets sysadmins enhance system security.
    Signed-off-by: default avatarGil Kupfer <gilkup@cs.technion.ac.il>
    Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
    Acked-by: default avatarJoerg Roedel <jroedel@suse.de>
    cef74409
intel-iommu.c 136 KB