[$] Bounce buffers for untrusted devices

The recently discovered vulnerability inThunderbolt has restarted discussions about protecting the kernelagainst untrusted, hotpluggable hardware. That vulnerability, known as Thunderclap, allows a hostile externaldevice to exploit Input-OutputMemory Management Unit (IOMMU) mapping limitations and access systemmemory it was not intended to. Thunderclap can be exploited byUSB-C-connected devices; while we have seen USB attacks in the past, thisvulnerability is different in that PCI devices, often considered astrusted, can be a source of attacks too. One way of stopping those attackswould be to make sure that the IOMMU is used correctly and restricts the deviceto accessing the memory that was allocated for it. Lu Baolu has postedan implementation of that approach in the form of bounce buffers foruntrusted devices.