Google Volleys Latest "Restricted DMA" Patches For Protecting IOMMU-Less Hardware

phoronix

Administrator

Join Date: Jan 2007

Posts: 64769
- Share
- Tweet
#1

Google Volleys Latest "Restricted DMA" Patches For Protecting IOMMU-Less Hardware

22 April 2021, 06:00 AM

Phoronix: Google Volleys Latest "Restricted DMA" Patches For Protecting IOMMU-Less Hardware

The past few months there has been work by Google's Chrome OS engineers on Restricted DMA functionality for the Linux kernel to protect systems lacking an IOMMU...

Google Volleys Latest "Restricted DMA" Patches For Protecting IOMMU-Less Hardware - Phoronix

https://www.phoronix.com/scan.php?page=news_item&px=Linux-Restricted-DMA-v5

Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
Tags: None
Unklejoe

Junior Member

Join Date: Dec 2016

Posts: 30
- Share
- Tweet
#2

22 April 2021, 09:54 AM

Without an IOMMU, what's to stop a device on the bus from just reading any memory location it wants? If we're assuming the device is compromised, then all bets are off, right?

I know with some PCIe controllers, you can define inbound DMA windows, which I guess is like an IOMMU but with only one or two mappings, but generally these seem to just be an identity mapping to DRAM.
Comment

Announcement