On Sun, Apr 29, 2018 at 09:16:48PM +0300, Gil Kupfer wrote: > This patch adds noats option to the pci boot parameter. > When noats is selected, all ATS related functions fail immediately and > the IOMMU is configured to not use device-iotlb. > > Any function that checks for ATS capabilities directly against the > devices should also check this flag. (Currently, such functions exist > only in IOMMU drivers, and they are covered by this patch.) > > The motivation behind this patch is the existence of malicious devices. > Lots of research has been done about how to utilitize the IOMMU as a > protection from such devices. When ATS is supported, any I/O device can > access any physical access by faking device-IOTLB entries. > Adding the ability to ignore these entries lets sysadmins enhance system > security. > > Signed-off-by: Gil Kupfer <gilkup@xxxxxxxxxxxxxxxxx> This has also been on my list, thanks for doing that. Acked-by: Joerg Roedel <jroedel@xxxxxxx>
