On Fri, Mar 01, 2019 at 11:23:10AM +0800, Lu Baolu wrote:
> Commit fb58fdcd295b9 ("iommu/vt-d: Do not enable ATS for untrusted
> devices") disables ATS support on the devices which have been marked
> as untrusted. Unfortunately this is not enough to fix the DMA attack
> vulnerabiltiies because IOMMU driver allows translated requests as
> long as a device advertises the ATS capability. Hence a malicious
> peripheral device could use this to bypass IOMMU.
>
> This disables the ATS support on untrusted devices by clearing the
> internal per-device ATS mark. As the result, IOMMU driver will block
> any translated requests from any device marked as untrusted.
>
> Cc: Jacob Pan <jacob.jun....@linux.intel.com>
> Cc: Mika Westerberg <mika.westerb...@linux.intel.com>
Reviewed-by: Mika Westerberg <mika.westerb...@linux.intel.com>
