On Mon, Mar 25, 2019 at 12:59:48PM +0000, Jean-Philippe Brucker wrote: > On 20/03/2019 22:03, Bjorn Helgaas wrote: > > On Mon, Mar 18, 2019 at 06:21:23PM +0000, Jean-Philippe Brucker wrote: > >> +- external-facing: > >> + When present, the port is external facing. All bridges and endpoints > >> + downstream of this port are external to the machine. > > > > Maybe include a note about why this is important, ie, we care because > > malicious devices may be attached to an external port? I know you > > have that in the commit log but it would be more visible here. > > > > Elsewhere you use "external-facing", here too for consistency? > > Makes sense, I'll add a note. I currently have: > > - external-facing: > When present, the port is external-facing. All bridges and endpoints > downstream of this port are external to the machine. The OS can, for > example, use this information to identify devices that cannot be > trusted with relaxed DMA protection, as users could easily attach > malicious devices to this port. Looks good to me!
