[$] Restricted DMA

A key component of system hardening is restricting access to memory; this
extends to preventing the kernel itself from accessing or modifying much of
the memory in the system most of the time. Memory that cannot be accessed
cannot be read or changed by an attacker. On many systems, though, these
restrictions do not apply to peripheral devices, which can happily use
direct memory access (DMA) on most or all of the available memory. The
recently posted restricted
DMA patch set aims to reduce exposure to buggy or malicious device
activity by tightening up control over the memory that DMA operations are
allowed to access.