[$] Restricted DMA
A key component of system hardening is restricting access to memory; thisextends to preventing the kernel itself from accessing or modifying much ofthe memory in the system most of the time. Memory that cannot be accessedcannot be read or changed by an attacker. On many systems, though, theserestrictions do not apply to peripheral devices, which can happily usedirect memory access (DMA) on most or all of the available memory. Therecently posted restrictedDMA patch set aims to reduce exposure to buggy or malicious deviceactivity by tightening up control over the memory that DMA operations areallowed to access.