iommu/vt-d: Do not enable ATS for untrusted devices

iommu/vt-d: Do not enable ATS for untrusted devices

BugLink: https://bugs.launchpad.net/bugs/1820153
Currently Linux automatically enables ATS (Address Translation Service)
for any device that supports it (and IOMMU is turned on). ATS is used to
accelerate DMA access as the device can cache translations locally so
there is no need to do full translation on IOMMU side. However, as
pointed out in [1] ATS can be used to bypass IOMMU based security
completely by simply sending PCIe read/write transaction with AT
(Address Translation) field set to "translated".

To mitigate this modify the Intel IOMMU code so that it does not enable
ATS for any device that is marked as being untrusted. In case this turns
out to cause performance issues we may selectively allow ATS based on
user decision but currently use big hammer and disable it completely to
be on the safe side.

[1] https://www.repository.cam.ac.uk/handle/1810/274352

Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Ashok Raj <ashok.raj@intel.com>
Reviewed-by: Joerg Roedel <jroedel@suse.de>
Acked-by: Joerg Roedel <jroedel@suse.de>
(cherry picked from commit fb58fdcd295b914ece1d829b24df00a17a9624bc)
Signed-off-by: Aaron Ma <aaron.ma@canonical.com>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>