The "DmaProperty" is supported and documented by Microsoft here: https://docs.microsoft.com/en-us/windows-hardware/drivers/pci/dsd-for-pcie-root-ports They use this property for DMA protection: https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt Support the "DmaProperty" with the same semantics. Windows documents the property to apply to PCIe root ports only. Extend it to apply to any PCI device. This is useful for internal PCI devices that do not hang off a PCIe rootport, but offer an attack surface for DMA attacks (e.g. internal network devices). Signed-off-by: Rajat Jain <rajatja@xxxxxxxxxx> --- v3: * Use Microsoft's documented property "DmaProperty" * Resctrict to ACPI only drivers/pci/pci-acpi.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c index a42dbf448860..660baa60c040 100644 --- a/drivers/pci/pci-acpi.c +++ b/drivers/pci/pci-acpi.c @@ -1350,12 +1350,30 @@ static void pci_acpi_set_external_facing(struct pci_dev *dev) dev->external_facing = 1; } +static void pci_acpi_check_for_dma_protection(struct pci_dev *dev) +{ + u8 val; + + /* + * Microsoft Windows uses this property, and is documented here: + * https://docs.microsoft.com/en-us/windows-hardware/drivers/pci/dsd-for-pcie-root-ports + * While Microsoft documents this property as only applicable to PCIe + * root ports, we expand it to be applicable to any PCI device. + */ + if (device_property_read_u8(&dev->dev, "DmaProperty", &val)) + return; + + if (val) + dev->untrusted = 1; +} + void pci_acpi_setup(struct device *dev, struct acpi_device *adev) { struct pci_dev *pci_dev = to_pci_dev(dev); pci_acpi_optimize_delay(pci_dev, adev->handle); pci_acpi_set_external_facing(pci_dev); + pci_acpi_check_for_dma_protection(pci_dev); pci_acpi_add_edr_notifier(pci_dev); pci_acpi_add_pm_notifier(adev, pci_dev); -- 2.35.1.265.g69c8d7142f-goog
