[PATCH 0/6] [B]iommu: add kernel dma protection

Aaron Ma aaron.ma at canonical.com
Thu Mar 28 17:03:31 UTC 2019

On 3/28/19 11:12 PM, Stefan Bader wrote:
> On 28.03.19 07:21, Aaron Ma wrote:
>> Hi Khaled:
>> Bionic need this serie of SRU.
>> B-OEM kernel already have one commit.
>> [PATCH 2/6] ACPI / property: Allow multiple property compatible _DSD entries
>> Bionic kernel need this one too.
> Repeating the comment I made on the Cosmic submission with some additional info
> I saw when reading the b/oem thread. The part about testing seemed to be done
> more thoroughly (including non-affected systems, too), however that detail did
> not get added to the SRU justification in the bug report.
> The question about "need" I would still have, in the sense of why would one want
> to take the risk of regressions to have it.

Recent systems shipping with "kernel DMA protection" = "enabled" by
default in BIOS. This setting option changed "Thunderbolt Security
Level" = "No Security (SL0)".
With this setting systems will be vulnerable to a DMA attack by a
thunderbolt device.

So utilizing IOMMU to prevent DMA attack is a must have feature to users
on these new systems.

Also it is strongly recommended by Intel and a requirement from customer.

Sorry for missing details on SRU justification. Will add it in bug report.


> -Stefan
>> Thanks,
>> Aaron

More information about the kernel-team mailing list