Hi Robin, On Fri, Mar 18, 2022 at 03:15:19PM +0000, Robin Murphy wrote: > > IMHO we should just trust the firmare provided information here > > (otherwise we are screwed anyway as there is no way to tell if the > > devices connected prior the OS can still do DMA), and use the external > > facing port indicator to idenfity the ports that need DMA protection. > > Indeed that's exactly what I want to do, but it begs the question of how we > *find* the firmware-provided information in the first place! Oh, right :) Its the combination of ACPI _DSD "ExternalFacingPort" (which we already set, dev->external_facing, dev->untrusted for the devices behind these ports IIRC) and the DMAR opt-in bit. All these are already read by the kernel. > I seem to have already started writing the dumb version that will walk the > whole PCI segment and assume the presence of any external-facing port > implies that we're good. Let me know if I should stop ;) That sounds good to me, so don't stop just yet ;-)
