From nobody Mon Jun 8 22:53:31 2026 Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA193395AC3 for ; Mon, 25 May 2026 22:40:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779748833; cv=none; b=PdtmB9j5r521vIq5TB+SOroD/olvu+hQcqdoPIxRYrt8UlazTolWRi7imnWAvbNb371X2fTPVsTap9B5QRLD2bRKGte3YTkS9E9sZlXc1I6EhTNCX+IgytzyjfJX9b15hmCQrggeFvJ6LktzrSQ1uz6riqVFimoETxCOP9q6hbY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779748833; c=relaxed/simple; bh=EHVF3OoQ0xcoo1UWUU/e+4tWEOg9jKAhzWorS7fFAzI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qfoGFWsdVB63Ra3+flwQ7K4j4p6U+poYaUqBAkcwZL0wIlk4cgedplZgCMekrrFdo7agr1dlUOKlOOiq+hbWd17kqfsQ8mnuBoZNV6uIxbQFxXgtve7HAgFxzwA7sm7iQjhxkF23zvb8iAEA4Sf9xnhgVb7hj/R1iCGPMmBRtow= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=jPRoFp2X; arc=none smtp.client-ip=209.85.221.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="jPRoFp2X" Received: by mail-wr1-f51.google.com with SMTP id ffacd0b85a97d-43d73422431so7033703f8f.2 for ; Mon, 25 May 2026 15:40:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1779748829; x=1780353629; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cDF5x9QlmGVwcjggxZgQQzyaoVhgZDvbIBslvHYHL5Y=; b=jPRoFp2XdmVamiKavOSys6KkfDqHLDbwA6mlI6KpbardxPRAFwTiIG5J74CQQxgjFs gcK34cP8/hHyicSDw73a5J867uV6AznuO3pFw4MCIZ1bKXR6By63dKZbj8b2CKx1Lgsq 8n4t+rVu9w9k8snQZRs+VMid3MK0vbcjMs1CA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779748829; x=1780353629; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=cDF5x9QlmGVwcjggxZgQQzyaoVhgZDvbIBslvHYHL5Y=; b=WYXGbhip6JOYZnMZPAHGmrxiAJnctUe0AfAd/dnXyXBgxcYAFeaCfPJeZQkO7UsF0L fHyIzcX5qhKUSn5NhgbKill1jl6/eo5PzpYIJuRAD6/PW7QJmvWwNjJM8afY/I0bqOVZ wHGVQo8PJviBca0QB8qOLC2H9kFny7s9Oombbb+iI5yTrYm1VAA4a41Jtd92T/PWexjD Ctw1Y00Go9SebCz8n4XWZX4x/VJX1ekyt7GvxeGYCGihyKN2dq2k6e380/QuCM0C4Hof v7qThoiVBbPUWPTE9OG3F7UoHzHfyYTZwIMx+7aRzoXq70J2YH6wpUozEVdF2q/PDGLQ yYvA== X-Forwarded-Encrypted: i=1; AFNElJ/ixFfa6QGBVzMfzOwvzsbYebCvcC+yGaghBVjKmtMzDva1QLa3bDd4och9w/tBawphb6rieIAtmwCyCAU=@vger.kernel.org X-Gm-Message-State: AOJu0YzvqFLvwSyzujr8B/PkN1Re5HeUjDEInmbV288fwYS10bDFMoEq /5TlCh52HIw/6wZnW+ztAUn4ROAVDMP9U5mc50h2HhI6Jctkmjl5vozR8GF0JjdqMg== X-Gm-Gg: Acq92OHxGpXfhzetXPvK1j+KazUdZ/Qct32glgyj82Ka8cEMVPFBNZFY2Vz/H5TEhKu JRAfg9sOJRSkgzL2kuo1g8ANTFtBJiPRSoFi/btu84xlHWAgLClY8BBpu1YWRgbRhpybWPZEg/W /NDhcandB8Hd6fglLB6YCjPhM48TzbhPuhSj5O5ihfIJ9/9rfuHYxru57Oc5akc4GsfHaQ+vBIZ ErJsqlO6PPEJG3vff0vMDTzVcyBEbbXyAHkh3zOf9kdPOncsQxX8K7c9CW60u8W8aOeFhXNVk9y QZjBA3B5CbtnakuXJ/CDLBFNcEub7VgZwXWFHu0cyREhZkarJt39SqJFnWlqWzU56BjaeorAz6L CCbeK7NtTEiALxV7lLVhVlnADovuFrQauc0aVj3YAQICr3mklvwWNSoAk2tUdPEpZR/S01Y/mX2 HcndCA6wB637pKBsOc9cKja1JSzD9s8595r0GDTNU2laiVoh9iWfgv0gmcdsaP88HcfjCvPgISJ tlFowVLiUmf X-Received: by 2002:a05:6000:2412:b0:43d:77c6:be78 with SMTP id ffacd0b85a97d-45eb38c5644mr28199474f8f.39.1779748828975; Mon, 25 May 2026 15:40:28 -0700 (PDT) Received: from dmaluka.c.googlers.com.com (202.88.205.35.bc.googleusercontent.com. [35.205.88.202]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45eb6d5cb76sm26467837f8f.25.2026.05.25.15.40.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 May 2026 15:40:28 -0700 (PDT) From: Dmytro Maluka To: Greg Kroah-Hartman Cc: Lu Baolu , Bjorn Helgaas , Dmitry Torokhov , David Woodhouse , Bjorn Helgaas , iommu@lists.linux.dev, Jean-Philippe Brucker , Joerg Roedel , Joshua Peraza , Jesse Barnes , Len Brown , linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, Mika Westerberg , "Oliver O'Halloran" , Pavel Machek , "Rafael J. Wysocki" , Rajat Jain , Rajat Jain , Will Deacon , Suravee Suthikulpanit , Robin Murphy , Vineeth Pillai , Aashish Sharma , Grzegorz Jaszczyk , Tomasz Nowicki , "Rafael J. Wysocki" , Dmytro Maluka Subject: [PATCH v10 1/2] PCI/ACPI: Support Microsoft's "DmaProperty" Date: Mon, 25 May 2026 22:40:19 +0000 Message-ID: <20260525224023.2753569-2-dmaluka@chromium.org> X-Mailer: git-send-email 2.54.0.794.g4f17f83d09-goog In-Reply-To: <20260525224023.2753569-1-dmaluka@chromium.org> References: <20260525224023.2753569-1-dmaluka@chromium.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Rajat Jain The "DmaProperty" is supported and currently documented and used by Microsoft [link 1 below], to flag internal PCIe root ports that need DMA protection [link 2 below]. We have discussed with them and reached a common understanding that they shall change their MSDN documentation to say that the same property can be used to protect any PCI device, and not just internal PCIe root ports (since there is no point introducing yet another property for arbitrary PCI devices). This helps with security from internal devices that offer an attack surface for DMA attacks (e.g. internal network devices). Support DmaProperty to mark DMA from a PCI device as untrusted. Link: [1] https://docs.microsoft.com/en-us/windows-hardware/drivers/pci/dsd= -for-pcie-root-ports#identifying-internal-pcie-ports-accessible-to-users-an= d-requiring-dma-protection Link: [2] https://docs.microsoft.com/en-us/windows/security/information-pro= tection/kernel-dma-protection-for-thunderbolt Signed-off-by: Rajat Jain Reviewed-by: Mika Westerberg Acked-by: Rafael J. Wysocki Signed-off-by: Joshua Peraza Acked-by: Greg Kroah-Hartman Signed-off-by: Dmytro Maluka --- drivers/acpi/property.c | 3 +++ drivers/pci/pci-acpi.c | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/drivers/acpi/property.c b/drivers/acpi/property.c index 8ee5a1f0eb48..77f97e5fa20b 100644 --- a/drivers/acpi/property.c +++ b/drivers/acpi/property.c @@ -56,6 +56,9 @@ static const guid_t prp_guids[] =3D { /* Storage device needs D3 GUID: 5025030f-842f-4ab4-a561-99a5189762d0 */ GUID_INIT(0x5025030f, 0x842f, 0x4ab4, 0xa5, 0x61, 0x99, 0xa5, 0x18, 0x97, 0x62, 0xd0), + /* DmaProperty for PCI devices GUID: 70d24161-6dd5-4c9e-8070-705531292865= */ + GUID_INIT(0x70d24161, 0x6dd5, 0x4c9e, + 0x80, 0x70, 0x70, 0x55, 0x31, 0x29, 0x28, 0x65), }; =20 /* ACPI _DSD data subnodes GUID [1]: dbb8e3e6-5886-4ba6-8795-1319f52a966b = */ diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c index 4d0f2cb6c695..9af1bab27841 100644 --- a/drivers/pci/pci-acpi.c +++ b/drivers/pci/pci-acpi.c @@ -1430,12 +1430,34 @@ static void pci_acpi_set_external_facing(struct pci= _dev *dev) dev->external_facing =3D 1; } =20 +static int pci_dev_has_dma_property(struct pci_dev *dev) +{ + struct acpi_device *adev; + const union acpi_object *obj; + + adev =3D ACPI_COMPANION(&dev->dev); + if (!adev) + return 0; + + /* + * Property used by Microsoft Windows to enforce IOMMU DMA + * protection from any device, that the system may not fully trust; + * we'll honour it the same way. + */ + if (!acpi_dev_get_property(adev, "DmaProperty", ACPI_TYPE_INTEGER, + &obj) && obj->integer.value =3D=3D 1) + return 1; + + return 0; +} + void pci_acpi_setup(struct device *dev, struct acpi_device *adev) { struct pci_dev *pci_dev =3D to_pci_dev(dev); =20 pci_acpi_optimize_delay(pci_dev, adev->handle); pci_acpi_set_external_facing(pci_dev); + pci_dev->untrusted |=3D pci_dev_has_dma_property(pci_dev); pci_acpi_add_edr_notifier(pci_dev); =20 pci_acpi_add_pm_notifier(adev, pci_dev); --=20 2.54.0.794.g4f17f83d09-goog From nobody Mon Jun 8 22:53:31 2026 Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3BA923A1691 for ; Mon, 25 May 2026 22:40:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779748836; cv=none; b=We+dkpYSBkIzvENBeaUbTMft7+Gsgkth+OInJTwFZahYjaXcAE0o06RuKukMiqJfacPAj69WigNHJwzGdbmsWHlG9INIm83XtCGnWenuccuDgOJc39UoCHbH7/Iyhr5jR0H2sVBocs1GQ00sgw4I6+WhWVCNrcf1XzRVMT2GWic= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779748836; c=relaxed/simple; bh=aSD74kj3PYGdo1SdrMBvJv2yGoUP4gPA/6+KokFBSxQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FdXjj/HGfoR6sHovMz633NircGXlbId+Xq7rzdbm/wJqtdSzv9Iyi9ZMUgmfa4KPdIp0nHt1kLzox/HlQeEN9dQqdWgQGHZH3SZb/83Gg96e22kPRVsQuKCAIYqOqp/ZGR1RN6x5VoxymKY/yerfeQ07CfNxNqrv1Eg73fQUmas= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=GDsyuLdK; arc=none smtp.client-ip=209.85.128.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="GDsyuLdK" Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-48984d29fe3so104256445e9.0 for ; Mon, 25 May 2026 15:40:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1779748832; x=1780353632; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=WG2Cv2VAw3UgVMREBUMr2dx1Jt62rgb3ophHpy677q0=; b=GDsyuLdK0uE972iVPqNUqZZGfIPnz9K0AKZp1JR49BvZemGPpBPqNIDuhOWRhJ5JWp LM05u46PLqVmvZnZh5Vkw9FobFo55tmzK2QNMG76+XeobTCuNhITzyrtvFejq0MMknKA 3PuKPmSmYTFiUD0dcMqFQHD0ZdkYEw2jI0UaE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779748832; x=1780353632; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=WG2Cv2VAw3UgVMREBUMr2dx1Jt62rgb3ophHpy677q0=; b=jQI/+3ZyXi6CALH5xyuktotKVI4xYuUb5w7ZfRxZa90mRVF6XupcOAQyz1RApjqbBH W/UQh2UfNcwQ4SAQb/gmx/mRXq8kjTdLEc5gSKIAHrBHMXnKE7cJlDdb8WD+7rniuXGT BWv3GyGSBq5uDm/mM4qCGTvqR+vKWBN8E9NdUv5ML99T9gTXmpVhaO0W2pt0qDFM2YTx D2pRLLrt/T4IuYOphaT9MDGorwCs0ljDPd5jcvVPoe+TtNK/7vS6l09jXrFgbkdWFgTr 7xiGj80q0d8EBLJjvcIFButtSn2AyaWwqnGPmF0p4sN8cqvfUD2m1O9PNqPuiOE54pT1 fMvw== X-Forwarded-Encrypted: i=1; AFNElJ/zpexi93wLnelLGWqb3vle+PGNlgfXmIitKkDqrW5c8wRyetziwnQ88MnohJozy6prnjbflVmhtMmosB8=@vger.kernel.org X-Gm-Message-State: AOJu0Yz/v8Gb86ASdmPZG1w84j+PN5VFc1JU6zge4LbRJY/CJNx4Mfbc YVFYdqstCvZ4iyd0GL9LRzt/An+hfMPBYIGFBgwBLYLMC00Ov+Wfhv1p+BAjvSNaeA== X-Gm-Gg: Acq92OFW9wyej81qph5cWawYSNV/0fy/KO2/W4LotQHLt6ENZOmtYPOMBsNa9zaMDIb JlhGjb7XXI5guyK7c70Ql6AGexTDr4A+r49mzLWRHzdkVS8tIdOKWY1+SyDABUU/Wn3+kUlN73V aO/UESE5pWmJc9FnylE27TOotnMgTKAyeeyyF9dnMHHmnbaUnZUMjivvdpiqZ5jqoM+hQZbCNVH dlJq4CnrS6MelSRs9hhzBaqdgC4GP2gMTNnSvwq2wcOdNDDU+IUFqhYQTknsnojiZXgq7ZWri4J oRrnuXj9qlSBaoQOKYM3eNptAphckgds4+wnebo5SXE5cEL1yQpvybzViyROTJKPocniRJEA6WF FpAQbGUqIfbHJg5DIYSMsvguBLrEqY0WNRUYDMN5lmepPhF0zysWbvD3D6cQK0Wh0Dcj6Pd7RCU Ma+JudXlu1GMrqxAjZkDhghUPrG4DLPUlc3XObxe7XiiZsOv8ja6XUtgDvOfQc/bLkXeowiQ8kA KBSMpuqJnCktCg7X/y3NOY= X-Received: by 2002:a05:600c:83c6:b0:490:5872:e641 with SMTP id 5b1f17b1804b1-4905872e758mr171695635e9.18.1779748831589; Mon, 25 May 2026 15:40:31 -0700 (PDT) Received: from dmaluka.c.googlers.com.com (202.88.205.35.bc.googleusercontent.com. [35.205.88.202]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45eb6d5cb76sm26467837f8f.25.2026.05.25.15.40.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 May 2026 15:40:29 -0700 (PDT) From: Dmytro Maluka To: Greg Kroah-Hartman Cc: Lu Baolu , Bjorn Helgaas , Dmitry Torokhov , David Woodhouse , Bjorn Helgaas , iommu@lists.linux.dev, Jean-Philippe Brucker , Joerg Roedel , Joshua Peraza , Jesse Barnes , Len Brown , linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, Mika Westerberg , "Oliver O'Halloran" , Pavel Machek , "Rafael J. Wysocki" , Rajat Jain , Rajat Jain , Will Deacon , Suravee Suthikulpanit , Robin Murphy , Vineeth Pillai , Aashish Sharma , Grzegorz Jaszczyk , Tomasz Nowicki , "Rafael J. Wysocki" , Dmytro Maluka Subject: [PATCH v10 2/2] PCI: Rename pci_dev->untrusted to pci_dev->requires_dma_protection Date: Mon, 25 May 2026 22:40:20 +0000 Message-ID: <20260525224023.2753569-3-dmaluka@chromium.org> X-Mailer: git-send-email 2.54.0.794.g4f17f83d09-goog In-Reply-To: <20260525224023.2753569-1-dmaluka@chromium.org> References: <20260525224023.2753569-1-dmaluka@chromium.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Rajat Jain Rename the field to make it more clear, that the device can execute DMA attacks on the system, and thus the system needs protection from such attacks from this device. No functional change intended. Signed-off-by: Rajat Jain Reviewed-by: Mika Westerberg Reviewed-by: Lu Baolu Acked-by: Rafael J. Wysocki Signed-off-by: Joshua Peraza Reviewed-by: Greg Kroah-Hartman Signed-off-by: Dmytro Maluka --- drivers/iommu/amd/iommu.c | 3 +-- drivers/iommu/dma-iommu.c | 16 ++++++++-------- drivers/iommu/intel/iommu.c | 10 +++++----- drivers/iommu/iommu.c | 5 ++--- drivers/pci/ats.c | 2 +- drivers/pci/pci-acpi.c | 2 +- drivers/pci/pci.c | 2 +- drivers/pci/probe.c | 10 +++++----- drivers/pci/quirks.c | 4 ++-- include/linux/pci.h | 7 ++++--- 10 files changed, 30 insertions(+), 31 deletions(-) diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c index 57dc8fabc7d9..70005fe16e64 100644 --- a/drivers/iommu/amd/iommu.c +++ b/drivers/iommu/amd/iommu.c @@ -3133,8 +3133,7 @@ static int amd_iommu_def_domain_type(struct device *d= ev) if (!dev_data) return 0; =20 - /* Always use DMA domain for untrusted device */ - if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted) + if (dev_is_pci(dev) && to_pci_dev(dev)->requires_dma_protection) return IOMMU_DOMAIN_DMA; =20 /* diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c index 54d96e847f16..63a0b24b24e2 100644 --- a/drivers/iommu/dma-iommu.c +++ b/drivers/iommu/dma-iommu.c @@ -588,16 +588,16 @@ static int iova_reserve_iommu_regions(struct device *= dev, return ret; } =20 -static bool dev_is_untrusted(struct device *dev) +static bool dev_requires_dma_protection(struct device *dev) { - return dev_is_pci(dev) && to_pci_dev(dev)->untrusted; + return dev_is_pci(dev) && to_pci_dev(dev)->requires_dma_protection; } =20 static bool dev_use_swiotlb(struct device *dev, size_t size, enum dma_data_direction dir) { return IS_ENABLED(CONFIG_SWIOTLB) && - (dev_is_untrusted(dev) || + (dev_requires_dma_protection(dev) || dma_kmalloc_needs_bounce(dev, size, dir)); } =20 @@ -610,7 +610,7 @@ static bool dev_use_sg_swiotlb(struct device *dev, stru= ct scatterlist *sg, if (!IS_ENABLED(CONFIG_SWIOTLB)) return false; =20 - if (dev_is_untrusted(dev)) + if (dev_requires_dma_protection(dev)) return true; =20 /* @@ -1183,12 +1183,12 @@ static phys_addr_t iommu_dma_map_swiotlb(struct dev= ice *dev, phys_addr_t phys, attrs); =20 /* - * Untrusted devices should not see padding areas with random leftover - * kernel data, so zero the pre- and post-padding. + * Zero the pre- and post-padding to prevent exposing kernel data to devi= ces + * requiring DMA protection. * swiotlb_tbl_map_single() has initialized the bounce buffer proper to * the contents of the original memory buffer. */ - if (phys !=3D (phys_addr_t)DMA_MAPPING_ERROR && dev_is_untrusted(dev)) { + if (phys !=3D (phys_addr_t)DMA_MAPPING_ERROR && dev_requires_dma_protecti= on(dev)) { size_t start, virt =3D (size_t)phys_to_virt(phys); =20 /* Pre-padding */ @@ -1761,7 +1761,7 @@ size_t iommu_dma_opt_mapping_size(void) =20 size_t iommu_dma_max_mapping_size(struct device *dev) { - if (dev_is_untrusted(dev)) + if (dev_requires_dma_protection(dev)) return swiotlb_max_mapping_size(dev); =20 return SIZE_MAX; diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c index 4d0e65bc131d..0c10d48fae6e 100644 --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c @@ -2487,7 +2487,7 @@ static int __init platform_optin_force_iommu(void) =20 /* * If Intel-IOMMU is disabled by default, we will apply identity - * map for all devices except those marked as being untrusted. + * map for all devices except those marked as requiring DMA protection. */ if (dmar_disabled) iommu_set_default_passthrough(false); @@ -3491,13 +3491,13 @@ static bool intel_iommu_is_attach_deferred(struct d= evice *dev) } =20 /* - * Check that the device does not live on an external facing PCI port that= is - * marked as untrusted. Such devices should not be able to apply quirks and - * thus not be able to bypass the IOMMU restrictions. + * Check that the device does not require DMA protection. Such devices sho= uld + * not be able to apply quirks and thus not be able to bypass the IOMMU + * restrictions. */ static bool risky_device(struct pci_dev *pdev) { - if (pdev->untrusted) { + if (pdev->requires_dma_protection) { pci_info(pdev, "Skipping IOMMU quirk for dev [%04X:%04X] on untrusted PCI link\n", pdev->vendor, pdev->device); diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index d1a9e713d3a0..4614342dc15b 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -1902,10 +1902,9 @@ static int iommu_get_default_domain_type(struct iomm= u_group *group, driver_type =3D iommu_get_def_domain_type(group, gdev->dev, driver_type); =20 - if (dev_is_pci(gdev->dev) && to_pci_dev(gdev->dev)->untrusted) { + if (dev_is_pci(gdev->dev) && to_pci_dev(gdev->dev)->requires_dma_protect= ion) { /* - * No ARM32 using systems will set untrusted, it cannot - * work. + * ARM32 systems don't support DMA protection. */ if (WARN_ON(IS_ENABLED(CONFIG_ARM_DMA_USE_IOMMU))) return -1; diff --git a/drivers/pci/ats.c b/drivers/pci/ats.c index ec6c8dbdc5e9..8f5ad7122078 100644 --- a/drivers/pci/ats.c +++ b/drivers/pci/ats.c @@ -43,7 +43,7 @@ bool pci_ats_supported(struct pci_dev *dev) if (!dev->ats_cap) return false; =20 - return (dev->untrusted =3D=3D 0); + return (dev->requires_dma_protection =3D=3D 0); } EXPORT_SYMBOL_GPL(pci_ats_supported); =20 diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c index 9af1bab27841..08a07e02bdf7 100644 --- a/drivers/pci/pci-acpi.c +++ b/drivers/pci/pci-acpi.c @@ -1457,7 +1457,7 @@ void pci_acpi_setup(struct device *dev, struct acpi_d= evice *adev) =20 pci_acpi_optimize_delay(pci_dev, adev->handle); pci_acpi_set_external_facing(pci_dev); - pci_dev->untrusted |=3D pci_dev_has_dma_property(pci_dev); + pci_dev->requires_dma_protection |=3D pci_dev_has_dma_property(pci_dev); pci_acpi_add_edr_notifier(pci_dev); =20 pci_acpi_add_pm_notifier(adev, pci_dev); diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index d34266651ad0..4273c4ab6d9d 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -1003,7 +1003,7 @@ static void pci_std_enable_acs(struct pci_dev *dev, s= truct pci_acs *caps) caps->ctrl |=3D (dev->acs_capabilities & PCI_ACS_UF); =20 /* Enable Translation Blocking for external devices and noats */ - if (pci_ats_disabled() || dev->external_facing || dev->untrusted) + if (pci_ats_disabled() || dev->external_facing || dev->requires_dma_prote= ction) caps->ctrl |=3D (dev->acs_capabilities & PCI_ACS_TB); } =20 diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index b63cd0c310bc..060210aaca2e 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -1738,7 +1738,7 @@ static void set_pcie_cxl(struct pci_dev *dev) =20 } =20 -static void set_pcie_untrusted(struct pci_dev *dev) +static void pci_set_requires_dma_protection(struct pci_dev *dev) { struct pci_dev *parent =3D pci_upstream_bridge(dev); =20 @@ -1748,14 +1748,14 @@ static void set_pcie_untrusted(struct pci_dev *dev) * If the upstream bridge is untrusted we treat this device as * untrusted as well. */ - if (parent->untrusted) { - dev->untrusted =3D true; + if (parent->requires_dma_protection) { + dev->requires_dma_protection =3D true; return; } =20 if (arch_pci_dev_is_removable(dev)) { pci_dbg(dev, "marking as untrusted\n"); - dev->untrusted =3D true; + dev->requires_dma_protection =3D true; } } =20 @@ -2077,7 +2077,7 @@ int pci_setup_device(struct pci_dev *dev) =20 set_pcie_cxl(dev); =20 - set_pcie_untrusted(dev); + pci_set_requires_dma_protection(dev); =20 if (pci_is_pcie(dev)) dev->supported_speeds =3D pcie_get_supported_speeds(dev); diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index caaed1a01dc0..ca7c964b593f 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -5380,7 +5380,7 @@ static void pci_quirk_enable_intel_rp_mpc_acs(struct = pci_dev *dev) * PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF * * TODO: This quirk also needs to do equivalent of PCI_ACS_TB, - * if dev->external_facing || dev->untrusted + * if dev->external_facing || dev->requires_dma_protection */ static int pci_quirk_enable_intel_pch_acs(struct pci_dev *dev) { @@ -5421,7 +5421,7 @@ static int pci_quirk_enable_intel_spt_pch_acs(struct = pci_dev *dev) ctrl |=3D (cap & PCI_ACS_CR); ctrl |=3D (cap & PCI_ACS_UF); =20 - if (pci_ats_disabled() || dev->external_facing || dev->untrusted) + if (pci_ats_disabled() || dev->external_facing || dev->requires_dma_prote= ction) ctrl |=3D (cap & PCI_ACS_TB); =20 pci_write_config_dword(dev, pos + INTEL_SPT_ACS_CTRL, ctrl); diff --git a/include/linux/pci.h b/include/linux/pci.h index 2c4454583c11..672577378650 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -485,13 +485,14 @@ struct pci_dev { unsigned int is_thunderbolt:1; /* Thunderbolt controller */ unsigned int is_cxl:1; /* Compute Express Link (CXL) */ /* - * Devices marked being untrusted are the ones that can potentially - * execute DMA attacks and similar. They are typically connected + * Devices marked with requires_dma_protection are the ones that can + * potentially execute DMA attacks and similar. They are typically connec= ted * through external ports such as Thunderbolt but not limited to * that. When an IOMMU is enabled they should be getting full * mappings to make sure they cannot access arbitrary memory. */ - unsigned int untrusted:1; + unsigned int requires_dma_protection:1; + /* * Info from the platform, e.g., ACPI or device tree, may mark a * device as "external-facing". An external-facing device is --=20 2.54.0.794.g4f17f83d09-goog