Google Volleys Latest "Restricted DMA" Patches For Protecting IOMMU-Less Hardware

Written by Michael Larabel in Linux Security on 22 April 2021 at 05:55 AM EDT. 1 Comment
LINUX SECURITY
The past few months there has been work by Google's Chrome OS engineers on Restricted DMA functionality for the Linux kernel to protect systems lacking an IOMMU.

For systems lacking an Input-Output Memory Management Unit (IOMMU), Restricted DMA aims to increase system security by ensuring that no unexpected direct memory access occurs that could lead to data leakage or corruption. From Google's perspective one use-case is PCIe-based WiFi where the PCI Express bus isn't behind an IOMMU. Restricted DMA would help fend off the possibility that problematic WiFi firmware could escalate into a full system exploit.

Restricted DMA uses the SWIOTLB (Software Input Output Translation Lookaside Buffer) for bouncing streaming DMA in/out of a specially allocated memory region and does the memory allocation from that same region. For better protection though the system still needs a way to lock down the memory access such as via a MPU.

Sent out this morning were the v5 patches of Restricted DMA and it appears the work is now settled down. This latest spin is simply re-basing the code against the current Linux-Next state with no functionality changes compared to the prior revision. So it's looking like at this stage the Restricted DMA work might be settled down and could soon end up in mainline with a forthcoming merge window should no other issues arise.
1 Comment
Related News
New Linux Patch Lets You Force CPU Bugs/Mitigations Even When Not Vulnerable
Linux To Allow Disabling TPM PCR Integrity Protection Due To Performance Bottleneck
OpenPaX Announced As "Open-Source Alternative To GrSecurity" With Free Kernel Patch
Unauthenticated RCE Flaw With CVSS 9.9 Rating For Linux Systems Affects CUPS
Landlock Sandboxing Now Supports More Controls Around Unix Sockets
Linux 6.12 Adds Build Options For Greater Control Over CPU Security Mitigations
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries