ACK: [PATCH 0/6] [B]iommu: add kernel dma protection

Hui Wang hui.wang at canonical.com
Tue Mar 26 07:57:05 UTC 2019 

Acked-by: Hui Wang <hui.wang at canonical.com>

On 2019/3/15 下午1:00, Aaron Ma wrote:
> BugLink: https://bugs.launchpad.net/bugs/1820153
>
> [Impact]
> OS can use IOMMU to defend against DMA attacks from a PCI device like thunderbolt one.
> Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table.
> Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices.
>
> [Fix]
> Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD.
> Disable ATS on the untrusted PCI device.
>
> [Test]
> Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt dock station.
> iommu enabled as expected with this fix.
>
> [Regression Potential]
> Upstream fix, Verified on supported platforms, no affection on not supported platforms.
> Backported changes are fairly minimal.
>
> These patches are included in 5.0 kernel, disco is good.
>
> Erik Schmauss (1):
>   ACPICA: AML parser: attempt to continue loading table after error
>
> Lu Baolu (1):
>   iommu/vt-d: Force IOMMU on for platform opt in hint
>
> Mika Westerberg (4):
>   ACPI / property: Allow multiple property compatible _DSD entries
>   PCI / ACPI: Identify untrusted PCI devices
>   iommu/vt-d: Do not enable ATS for untrusted devices
>   thunderbolt: Export IOMMU based DMA protection support to userspace
>
>  .../ABI/testing/sysfs-bus-thunderbolt         |   9 ++
>  Documentation/admin-guide/thunderbolt.rst     |  20 ++++
>  drivers/acpi/acpica/psloop.c                  |  51 ++++++++-
>  drivers/acpi/acpica/psobject.c                |  30 +++++
>  drivers/acpi/property.c                       | 105 +++++++++++++-----
>  drivers/acpi/x86/apple.c                      |   2 +-
>  drivers/gpio/gpiolib-acpi.c                   |   2 +-
>  drivers/iommu/dmar.c                          |  25 +++++
>  drivers/iommu/intel-iommu.c                   |  56 +++++++++-
>  drivers/pci/pci-acpi.c                        |  19 ++++
>  drivers/pci/probe.c                           |  15 +++
>  drivers/thunderbolt/domain.c                  |  17 +++
>  include/acpi/acpi_bus.h                       |   8 +-
>  include/linux/acpi.h                          |   9 ++
>  include/linux/dmar.h                          |   8 ++
>  include/linux/pci.h                           |   8 ++
>  16 files changed, 351 insertions(+), 33 deletions(-)
>

More information about the kernel-team mailing list