Google Volleys Latest "Restricted DMA" Patches For Protecting IOMMU-Less Hardware
Written by Michael Larabel in Linux Security on 22 April 2021 at 05:55 AM EDT. 1 Comment
LINUX SECURITY --
The past few months there has been work by Google's Chrome OS engineers on Restricted DMA functionality for the Linux kernel to protect systems lacking an IOMMU.

For systems lacking an Input-Output Memory Management Unit (IOMMU), Restricted DMA aims to increase system security by ensuring that no unexpected direct memory access occurs that could lead to data leakage or corruption. From Google's perspective one use-case is PCIe-based WiFi where the PCI Express bus isn't behind an IOMMU. Restricted DMA would help fend off the possibility that problematic WiFi firmware could escalate into a full system exploit.

Restricted DMA uses the SWIOTLB (Software Input Output Translation Lookaside Buffer) for bouncing streaming DMA in/out of a specially allocated memory region and does the memory allocation from that same region. For better protection though the system still needs a way to lock down the memory access such as via a MPU.

Sent out this morning were the v5 patches of Restricted DMA and it appears the work is now settled down. This latest spin is simply re-basing the code against the current Linux-Next state with no functionality changes compared to the prior revision. So it's looking like at this stage the Restricted DMA work might be settled down and could soon end up in mainline with a forthcoming merge window should no other issues arise.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week