Public bug reported:
SRU justification:
[Impact]
OS can use IOMMU to defend against DMA attacks from a PCI device like
thunderbolt one.
Intel adds DMA_CTRL_PLATFORM_OPT_IN_FLAG flag in DMAR ACPI table.
Use this flag to enable IOMMU and use _DSD to identify untrusted PCI devices.
[Fix]
Enable IOMMU when BIOS supports DMA opt in flag and ExternalFacingPort in _DSD.
Disable ATS on the untrusted PCI device.
[Test]
Tested on 2 Intel platforms that supports DMA opt in flag with a thunderbolt
dock station.
iommu enabled as expected with this fix.
[Regression Potential]
Upstream fix, Verified on supported platforms, no affection on not supported
platforms.
Backported changes are fairly minimal.
These patches are included in 5.0 kernel, disco is good.
** Affects: hwe-next
Importance: Undecided
Assignee: AaronMa (mapengyu)
Status: New
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Incomplete
** Tags: originate-from-1807802 sutton
** Tags added: originate-from-1807802 sutton
** Changed in: hwe-next
Assignee: (unassigned) => AaronMa (mapengyu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1820153
Title:
[SRU][B/C/OEM]IOMMU: add kernel dma protection
To manage notifications about this bug go to:
https://bugs.launchpad.net/hwe-next/+bug/1820153/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
