ACK: [PATCH 0/5] [B-OEM]iommu: add kernel dma protection

Hui Wang hui.wang at canonical.com
Tue Mar 26 07:54:54 UTC 2019 

On 2019/3/26 下午3:50, Aaron Ma wrote:
> On 3/15/19 1:04 PM, Aaron Ma wrote:
>> BugLink: https://bugs.launchpad.net/bugs/1820153
>>
>> [Impact]
>> OS can use IOMMU to defend against DMA attacks from a PCI device like thunderbolt one.
>> Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table.
>> Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices.
>>
>> [Fix]
>> Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD.
>> Disable ATS on the untrusted PCI device.
>>
>> [Test]
>> Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt dock station.
>> iommu enabled as expected with this fix.
> Verified by QA's full test with a temporary build of bionic-oem kernel.
> All test passed on one supported "DMA protection" system and one
> non-supported "DMA protection" system.
>
> Regards,
> Aaron

Acked-by: Hui Wang <hui.wang at canonical.com>

>
>> [Regression Potential]
>> Upstream fix, Verified on supported platforms, no affection on not supported platforms.
>> Backported changes are fairly minimal.
>>
>> These patches are included in 5.0 kernel, disco is good.
>>
>> Erik Schmauss (1):
>>   ACPICA: AML parser: attempt to continue loading table after error
>>
>> Lu Baolu (1):
>>   iommu/vt-d: Force IOMMU on for platform opt in hint
>>
>> Mika Westerberg (3):
>>   PCI / ACPI: Identify untrusted PCI devices
>>   iommu/vt-d: Do not enable ATS for untrusted devices
>>   thunderbolt: Export IOMMU based DMA protection support to userspace
>>
>>  .../ABI/testing/sysfs-bus-thunderbolt         |  9 +++
>>  Documentation/admin-guide/thunderbolt.rst     | 20 +++++++
>>  drivers/acpi/acpica/psloop.c                  | 51 ++++++++++++++++-
>>  drivers/acpi/acpica/psobject.c                | 30 ++++++++++
>>  drivers/acpi/property.c                       | 11 ++++
>>  drivers/iommu/dmar.c                          | 25 +++++++++
>>  drivers/iommu/intel-iommu.c                   | 56 ++++++++++++++++++-
>>  drivers/pci/pci-acpi.c                        | 19 +++++++
>>  drivers/pci/probe.c                           | 15 +++++
>>  drivers/thunderbolt/domain.c                  | 17 ++++++
>>  include/linux/dmar.h                          |  8 +++
>>  include/linux/pci.h                           |  8 +++
>>  12 files changed, 265 insertions(+), 4 deletions(-)
>>
>> -- 2.17.1
>> -- kernel-team mailing list kernel-team at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>>

More information about the kernel-team mailing list