microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/include
История
Lu Baolu 89a6079df7 iommu/vt-d: Force IOMMU on for platform opt in hint 
Intel VT-d spec added a new DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR
ACPI table [1] for BIOS to report compliance about platform initiated
DMA restricted to RMRR ranges when transferring control to the OS. This
means that during OS boot, before it enables IOMMU none of the connected
devices can bypass DMA protection for instance by overwriting the data
structures used by the IOMMU. The OS also treats this as a hint that the
IOMMU should be enabled to prevent DMA attacks from possible malicious
devices.

A use of this flag is Kernel DMA protection for Thunderbolt [2] which in
practice means that IOMMU should be enabled for PCIe devices connected
to the Thunderbolt ports. With IOMMU enabled for these devices, all DMA
operations are limited in the range reserved for it, thus the DMA
attacks are prevented. All these devices are enumerated in the PCI/PCIe
module and marked with an untrusted flag.

This forces IOMMU to be enabled if DMA_CTRL_PLATFORM_OPT_IN_FLAG is set
in DMAR ACPI table and there are PCIe devices marked as untrusted in the
system. This can be turned off by adding "intel_iommu=off" in the kernel
command line, if any problems are found.

[1] https://software.intel.com/sites/default/files/managed/c5/15/vt-directed-io-spec.pdf
[2] https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt

Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: Sohil Mehta <sohil.mehta@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Ashok Raj <ashok.raj@intel.com>
Reviewed-by: Joerg Roedel <jroedel@suse.de>
Acked-by: Joerg Roedel <jroedel@suse.de>
 		2018-12-05 12:01:55 +03:00
..
acpi
asm-generic s390 updates for 4.20-rc2 2018-11-09 06:30:44 -06:00
clocksource
crypto
drm drm, i915, amdgpu, bridge + core quirk 2018-11-02 10:58:20 -07:00
dt-bindings This time it looks like a quieter release cycle in the clk tree. I guess that's 2018-10-31 11:08:30 -07:00
keys
kvm
linux iommu/vt-d: Force IOMMU on for platform opt in hint 2018-12-05 12:01:55 +03:00
math-emu
media media: Rename vb2_m2m_request_queue -> v4l2_m2m_request_queue 2018-11-06 05:24:22 -05:00
memory
misc
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2018-11-28 11:02:45 -08:00
pcmcia
ras
rdma
scsi
soc ARM: SoC driver updates for 4.17 2018-10-29 15:16:01 -07:00
sound ASoC: Fixes for v4.20 2018-11-27 16:06:42 +01:00
target
trace While rewriting the function graph tracer, I discovered a design flaw that 2018-11-30 09:32:34 -08:00
uapi x86/speculation: Add prctl() control for indirect branch speculation 2018-11-28 11:57:13 +01:00
video
xen Revert "xen/balloon: Mark unallocated host memory as UNUSABLE" 2018-11-29 17:53:31 +01:00