From: Greg KH <gregkh@linuxfoundation.org>
To: Joshua Peraza <jperaza@google.com>
Cc: baolu.lu@linux.intel.com, bhelgaas@google.com, dtor@google.com,
dwmw2@infradead.org, helgaas@kernel.org,
iommu@lists.linux-foundation.org, jean-philippe@linaro.org,
joro@8bytes.org, jsbarnes@google.com, lenb@kernel.org,
linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-pci@vger.kernel.org, mika.westerberg@linux.intel.com,
oohall@gmail.com, pavel@denx.de, rafael.j.wysocki@intel.com,
rafael@kernel.org, rajatja@google.com, rajatxjain@gmail.com,
will@kernel.org
Subject: Re: [v9 PATCH 1/2] PCI/ACPI: Support Microsoft's "DmaProperty"
Date: Fri, 21 Feb 2025 07:21:44 +0100 [thread overview]
Message-ID: <2025022136-demanding-affluent-c72a@gregkh> (raw)
In-Reply-To: <20250221000943.973221-2-jperaza@google.com>
On Fri, Feb 21, 2025 at 12:09:40AM +0000, Joshua Peraza wrote:
> From: Rajat Jain <rajatja@google.com>
>
> The "DmaProperty" is supported and currently documented and used by
> Microsoft [link 1 below], to flag internal PCIe root ports that need
> DMA protection [link 2 below]. We have discussed with them and reached
> a common understanding that they shall change their MSDN documentation
> to say that the same property can be used to protect any PCI device,
> and not just internal PCIe root ports (since there is no point
> introducing yet another property for arbitrary PCI devices). This helps
> with security from internal devices that offer an attack surface for
> DMA attacks (e.g. internal network devices).
>
> Support DmaProperty to mark DMA from a PCI device as untrusted.
>
> Link: [1] https://docs.microsoft.com/en-us/windows-hardware/drivers/pci/dsd-for-pcie-root-ports#identifying-internal-pcie-ports-accessible-to-users-and-requiring-dma-protection
> Link: [2] https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt
> Signed-off-by: Rajat Jain <rajatja@google.com>
> Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
> Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
> Signed-off-by: Joshua Peraza <jperaza@google.com>
> ---
> drivers/acpi/property.c | 3 +++
> drivers/pci/pci-acpi.c | 22 ++++++++++++++++++++++
> 2 files changed, 25 insertions(+)
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
next prev parent reply other threads:[~2025-02-21 6:22 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-21 0:09 [v9 PATCH 0/2] PCI/ACPI: Support Microsoft's "DmaProperty" Joshua Peraza
2025-02-21 0:09 ` [v9 PATCH 1/2] " Joshua Peraza
2025-02-21 6:21 ` Greg KH [this message]
2025-02-21 0:09 ` [v9 PATCH 2/2] PCI: Rename pci_dev->untrusted to pci_dev->requires_dma_protection Joshua Peraza
2025-02-21 6:21 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025022136-demanding-affluent-c72a@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=baolu.lu@linux.intel.com \
--cc=bhelgaas@google.com \
--cc=dtor@google.com \
--cc=dwmw2@infradead.org \
--cc=helgaas@kernel.org \
--cc=iommu@lists.linux-foundation.org \
--cc=jean-philippe@linaro.org \
--cc=joro@8bytes.org \
--cc=jperaza@google.com \
--cc=jsbarnes@google.com \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mika.westerberg@linux.intel.com \
--cc=oohall@gmail.com \
--cc=pavel@denx.de \
--cc=rafael.j.wysocki@intel.com \
--cc=rafael@kernel.org \
--cc=rajatja@google.com \
--cc=rajatxjain@gmail.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.