git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit

PCI / ACPI: Identify untrusted PCI devices

A malicious PCI device may use DMA to attack the system. An external
Thunderbolt port is a convenient point to attach such a device. The OS
may use IOMMU to defend against DMA attacks.

Some BIOSes mark these externally facing root ports with this
ACPI _DSD [1]:

  Name (_DSD, Package () {
      ToUUID ("efcc06cc-73ac-4bc3-bff0-76143807c389"),
      Package () {
          Package () {"ExternalFacingPort", 1},
  Package () {"UID", 0 }
      }
  })

If we find such a root port, mark it and all its children as untrusted.
The rest of the OS may use this information to enable DMA protection
against malicious devices. For instance the device may be put behind an
IOMMU to keep it from accessing memory outside of what the driver has
allocated for it.

While at it, add a comment on top of prp_guids array explaining the
possible caveat resulting when these GUIDs are treated equivalent.

[1] https://docs.microsoft.com/en-us/windows-hardware/drivers/pci/dsd-for-pcie-root-ports#identifying-externally-exposed-pcie-root-ports

Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>

author	Mika Westerberg <mika.westerberg@linux.intel.com>
	Thu, 16 Aug 2018 09:28:48 +0000 (12:28 +0300)
committer	Mika Westerberg <mika.westerberg@linux.intel.com>
	Wed, 5 Dec 2018 09:01:55 +0000 (12:01 +0300)
commit	617654aae50eb59dd98aa53fb562e850937f4cde
tree	8daf2232117f9b2c759b6f9ae641eab55c0faacf	tree
parent	2595646791c319cadfdbf271563aac97d0843dc7	commit \| diff

drivers/acpi/property.c		diff \| blob \| blame \| history
drivers/pci/pci-acpi.c		diff \| blob \| blame \| history
drivers/pci/probe.c		diff \| blob \| blame \| history
include/linux/pci.h		diff \| blob \| blame \| history