[$] Bounce buffers for untrusted devices

The recently discovered vulnerability in
Thunderbolt has restarted discussions about protecting the kernel
against untrusted, hotpluggable hardware. That vulnerability, known as Thunderclap, allows a hostile external
device to exploit Input-Output
Memory Management Unit (IOMMU) mapping limitations and access system
memory it was not intended to. Thunderclap can be exploited by
USB-C-connected devices; while we have seen USB attacks in the past, this
vulnerability is different in that PCI devices, often considered as
trusted, can be a source of attacks too. One way of stopping those attacks
would be to make sure that the IOMMU is used correctly and restricts the device
to accessing the memory that was allocated for it. Lu Baolu has posted
an implementation of that approach in the form of bounce buffers for
untrusted devices.