From patchwork Thu Jul 12 09:28:43 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Leizhen (ThunderTown)" <thunder.leizhen@huawei.com>
X-Patchwork-Id: 10521357
Return-Path: 
 <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	4EFF26028E for <patchwork-linux-arm@patchwork.kernel.org>;
	Thu, 12 Jul 2018 09:30:28 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 256F1296F9
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Thu, 12 Jul 2018 09:30:28 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 17ED2296BE; Thu, 12 Jul 2018 09:30:28 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,MAILING_LIST_MULTI autolearn=ham version=3.3.1
Received: from bombadil.infradead.org (bombadil.infradead.org
	[198.137.202.133])
	(using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A3EF2296EC
	for <patchwork-linux-arm@patchwork.kernel.org>;
	Thu, 12 Jul 2018 09:30:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To
	:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=12F4sVpGWdDvEU+0Uo3rpMet3EA492nx8jV9YPkmLXA=;
	b=ZEAJdLEUi7bt+O
	1uLgpOy8Fk0ODiQ4XjWR/tSWhFRSDzkN3XBaDkOuW2MrPKM3KN8BdEfvuJnlzcq955rcl/evmLcZ2
	laoUucMVqb3ZESbRRb+wSPIWtr04TgTiSwiYFE9zqSgKhxAR0irdOw53gxoVURElWxgQwyja1iIFV
	UI3Rir1Qr3ob1WCdHdmNue/t/y4l8lqGHywDHvtJZYfw5eeqd08tVsrf0JYT8uzepaYJqjl0GJpE4
	HwiTO/yik1qZ/5OvJQTP6Gz5Q5hYkcXnLGXSmybbzIpqAqlsRYOusbIGkYpg7NP1LYXTxiXmzgCDT
	hWvwMuO5KedKS6URfyGw==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
	id 1fdXvd-00047H-Et; Thu, 12 Jul 2018 09:30:25 +0000
Received: from szxga06-in.huawei.com ([45.249.212.32] helo=huawei.com)
	by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat
	Linux)) id 1fdXva-00045f-Co
	for linux-arm-kernel@lists.infradead.org;
	Thu, 12 Jul 2018 09:30:23 +0000
Received: from DGGEMS403-HUB.china.huawei.com (unknown [172.30.72.60])
	by Forcepoint Email with ESMTP id 3A72BC74B22E8;
	Thu, 12 Jul 2018 17:30:07 +0800 (CST)
Received: from localhost (10.177.23.164) by DGGEMS403-HUB.china.huawei.com
	(10.3.19.203) with Microsoft SMTP Server id 14.3.382.0;
	Thu, 12 Jul 2018 17:29:59 +0800
From: Zhen Lei <thunder.leizhen@huawei.com>
To: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>, Robin Murphy
	<robin.murphy@arm.com>, Will Deacon <will.deacon@arm.com>, Joerg Roedel
	<joro@8bytes.org>,
	linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
	iommu <iommu@lists.linux-foundation.org>, linux-kernel
	<linux-kernel@vger.kernel.org>
Subject: [PATCH 1/1] iommu/arm-smmu-v3: prevent any devices access to memory
	without registration
Date: Thu, 12 Jul 2018 17:28:43 +0800
Message-ID: <1531387723-3592-1-git-send-email-thunder.leizhen@huawei.com>
X-Mailer: git-send-email 1.9.5.msysgit.0
MIME-Version: 1.0
X-Originating-IP: [10.177.23.164]
X-CFilter-Loop: Reflected
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20180712_023022_608249_D1145B3B 
X-CRM114-Status: GOOD (  10.84  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
	<mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Zhen Lei <thunder.leizhen@huawei.com>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
X-Virus-Scanned: ClamAV using ClamSMTP

Stream bypass is not security. A malicious device can be hot plugged
without match any drivers, but it can access to any memory. So change to
disable bypass by default.

Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
---
 drivers/iommu/arm-smmu-v3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--
1.8.3

diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
index 1d64710..b0ec28d 100644
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -366,7 +366,7 @@
 #define MSI_IOVA_BASE			0x8000000
 #define MSI_IOVA_LENGTH			0x100000

-static bool disable_bypass;
+static bool disable_bypass = 1;
 module_param_named(disable_bypass, disable_bypass, bool, S_IRUGO);
 MODULE_PARM_DESC(disable_bypass,
 	"Disable bypass streams such that incoming transactions from devices that are not attached to an iommu domain will report an abort back to the device and will not be allowed to pass through the SMMU.");