• Rajat Jain's avatar
    PCI/ACS: Enable Translation Blocking for external devices · 76fc8e85
    Rajat Jain authored
    Translation Blocking is a required feature for Downstream Ports (Root
    Ports or Switch Downstream Ports) that implement ACS.  When enabled, the
    Port checks the Address Type (AT) of each upstream Memory Request it
    receives.
    
    The default AT (00b) means "untranslated" and the IOMMU can decide whether
    to treat the address as I/O virtual or physical.
    
    If AT is not the default, i.e., if the Memory Request contains an
    already-translated (physical) address, the Port blocks the request and
    reports an ACS error.
    
    When enabling ACS, enable Translation Blocking for external-facing ports
    and untrusted (external) devices.  This is to help prevent attacks from
    external devices that initiate DMA with physical addresses that bypass the
    IOMMU.
    
    [bhelgaas: commit log, simplify setting bit and drop warning; TB is
    required for Downstream Ports with ACS, so we should never see the warning]
    Link: https://lore.kernel.org/r/20200707224604.3737893-4-rajatja@google.comSigned-off-by: default avatarRajat Jain <rajatja@google.com>
    Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
    76fc8e85
pci.c 172 KB