diff options
| author | Lu Baolu <baolu.lu@linux.intel.com> | 2019-09-06 14:14:52 +0800 |
|---|---|---|
| committer | Joerg Roedel <jroedel@suse.de> | 2019-09-11 12:34:31 +0200 |
| commit | cfb94a372f2d4ee226247447c863f8709863d170 (patch) | |
| tree | b209631fec06e8a494fd5380ff7b9caf6c236557 /security/smack | |
| parent | 3b53034c268d550d9e8522e613a14ab53b8840d8 (diff) | |
| download | linux-cfb94a372f2d4ee226247447c863f8709863d170.tar.gz linux-cfb94a372f2d4ee226247447c863f8709863d170.tar.bz2 linux-cfb94a372f2d4ee226247447c863f8709863d170.zip | |
iommu/vt-d: Use bounce buffer for untrusted devices
The Intel VT-d hardware uses paging for DMA remapping.
The minimum mapped window is a page size. The device
drivers may map buffers not filling the whole IOMMU
window. This allows the device to access to possibly
unrelated memory and a malicious device could exploit
this to perform DMA attacks. To address this, the
Intel IOMMU driver will use bounce pages for those
buffers which don't fill whole IOMMU pages.
Cc: Ashok Raj <ashok.raj@intel.com>
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Tested-by: Xu Pengfei <pengfei.xu@intel.com>
Tested-by: Mika Westerberg <mika.westerberg@intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Diffstat (limited to 'security/smack')
0 files changed, 0 insertions, 0 deletions