APPLIED(B-OEM): [PATCH 0/5] [B-OEM]iommu: add kernel dma protection

Khaled Elmously khalid.elmously at canonical.com
Thu Mar 28 06:15:30 UTC 2019 

On 2019-03-15 13:04:13 , Aaron Ma wrote:
> BugLink: https://bugs.launchpad.net/bugs/1820153
> 
> [Impact]
> OS can use IOMMU to defend against DMA attacks from a PCI device like thunderbolt one.
> Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table.
> Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices.
> 
> [Fix]
> Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD.
> Disable ATS on the untrusted PCI device.
> 
> [Test]
> Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt dock station.
> iommu enabled as expected with this fix.
> 
> [Regression Potential]
> Upstream fix, Verified on supported platforms, no affection on not supported platforms.
> Backported changes are fairly minimal.
> 
> These patches are included in 5.0 kernel, disco is good.
> 
> Erik Schmauss (1):
>   ACPICA: AML parser: attempt to continue loading table after error
> 
> Lu Baolu (1):
>   iommu/vt-d: Force IOMMU on for platform opt in hint
> 
> Mika Westerberg (3):
>   PCI / ACPI: Identify untrusted PCI devices
>   iommu/vt-d: Do not enable ATS for untrusted devices
>   thunderbolt: Export IOMMU based DMA protection support to userspace
> 
>  .../ABI/testing/sysfs-bus-thunderbolt         |  9 +++
>  Documentation/admin-guide/thunderbolt.rst     | 20 +++++++
>  drivers/acpi/acpica/psloop.c                  | 51 ++++++++++++++++-
>  drivers/acpi/acpica/psobject.c                | 30 ++++++++++
>  drivers/acpi/property.c                       | 11 ++++
>  drivers/iommu/dmar.c                          | 25 +++++++++
>  drivers/iommu/intel-iommu.c                   | 56 ++++++++++++++++++-
>  drivers/pci/pci-acpi.c                        | 19 +++++++
>  drivers/pci/probe.c                           | 15 +++++
>  drivers/thunderbolt/domain.c                  | 17 ++++++
>  include/linux/dmar.h                          |  8 +++
>  include/linux/pci.h                           |  8 +++
>  12 files changed, 265 insertions(+), 4 deletions(-)
> 
> -- 
> 2.17.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list