linux/drivers/acpi
Mika Westerberg 617654aae5 PCI / ACPI: Identify untrusted PCI devices
A malicious PCI device may use DMA to attack the system. An external
Thunderbolt port is a convenient point to attach such a device. The OS
may use IOMMU to defend against DMA attacks.

Some BIOSes mark these externally facing root ports with this
ACPI _DSD [1]:

  Name (_DSD, Package () {
      ToUUID ("efcc06cc-73ac-4bc3-bff0-76143807c389"),
      Package () {
          Package () {"ExternalFacingPort", 1},
	  Package () {"UID", 0 }
      }
  })

If we find such a root port, mark it and all its children as untrusted.
The rest of the OS may use this information to enable DMA protection
against malicious devices. For instance the device may be put behind an
IOMMU to keep it from accessing memory outside of what the driver has
allocated for it.

While at it, add a comment on top of prp_guids array explaining the
possible caveat resulting when these GUIDs are treated equivalent.

[1] https://docs.microsoft.com/en-us/windows-hardware/drivers/pci/dsd-for-pcie-root-ports#identifying-externally-exposed-pcie-root-ports

Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
2018-12-05 12:01:55 +03:00
..
acpica ACPICA: Fix handling of buffer-size in acpi_ex_write_data_to_field() 2018-11-19 11:06:09 +01:00
apei treewide: kvmalloc() -> kvmalloc_array() 2018-06-12 16:19:22 -07:00
arm64 ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value 2018-11-30 17:28:39 +00:00
dptf License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nfit libnvdimm 4.20-rc3 2018-11-18 12:21:09 -08:00
pmic ACPI / PMIC: xpower: Block P-Unit I2C access during read-modify-write 2018-10-25 17:00:05 +02:00
x86 pci-v4.20-changes 2018-10-25 06:50:48 -07:00
ac.c ACPI updates for 4.18-rc1 2018-06-05 10:08:27 -07:00
acpi_adxl.c ACPI/ADXL: Add address translation interface using an ACPI DSM 2018-10-16 10:03:00 +02:00
acpi_amba.c
acpi_apd.c ACPI: APD: Add AMD misc clock handler support 2018-05-17 12:44:06 +02:00
acpi_cmos_rtc.c
acpi_configfs.c ACPI: configfs: make config_item_type const 2017-10-19 16:15:29 +02:00
acpi_dbg.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
acpi_extlog.c
acpi_ipmi.c acpi:ipmi: Convert ipmi_user_t to struct ipmi_user * 2018-09-18 16:15:33 -05:00
acpi_lpat.c
acpi_lpit.c ACPI / PM: LPIT: Register sysfs attributes based on FADT 2018-10-04 09:01:06 +02:00
acpi_lpss.c Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-10-23 13:32:18 +01:00
acpi_memhotplug.c mm/memory_hotplug: make add_memory() take the device_hotplug_lock 2018-10-31 08:54:17 -07:00
acpi_pad.c ACPI: Add Hygon Dhyana support 2018-09-27 18:29:00 +02:00
acpi_platform.c ACPI / platform: Add SMB0001 HID to forbidden_id_list 2018-11-21 13:30:13 +01:00
acpi_pnp.c
acpi_processor.c ACPI / processor: Fix the return value of acpi_processor_ids_walk() 2018-10-04 08:58:32 +02:00
acpi_tad.c ACPI: TAD: Add low-level support for real time capability 2018-10-18 09:11:53 +02:00
acpi_video.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
acpi_watchdog.c ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM 2018-05-24 10:52:49 +02:00
battery.c ACPI / battery: Do not export energy_full[_design] on devices without full_charge_capacity 2018-08-09 10:49:35 +02:00
bgrt.c
blacklist.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
bus.c ACPI: probe ECDT before loading AML tables regardless of module-level code flag 2018-10-18 09:19:17 +02:00
button.c ACPI / button: fix defined but not used warning 2018-07-09 11:32:44 +02:00
cm_sbs.c
container.c
cppc_acpi.c ACPI / CPPC: Add support for guaranteed performance 2018-10-16 10:33:38 +02:00
custom_method.c ACPI: custom_method: remove meaningless null check before debugfs_remove() 2018-09-10 12:46:51 +02:00
debugfs.c
device_pm.c ACPI / PM: Export acpi_device_get_power() for use by modular build drivers 2018-10-12 12:29:48 +02:00
device_sysfs.c treewide: Use DEVICE_ATTR_RO 2018-01-09 16:34:34 +01:00
dock.c ACPI: Mark expected switch fall-throughs 2017-11-09 00:55:16 +01:00
ec_sys.c ACPI: EC: Fix debugfs_create_*() usage 2018-01-04 13:54:51 +01:00
ec.c ACPI / EC: Add another entry for Thinkpad X1 Carbon 6th 2018-08-09 11:01:59 +02:00
event.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
evged.c ACPI: GED: unregister interrupts during shutdown 2017-12-16 03:05:37 +01:00
fan.c treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
glue.c ACPI / glue: Split dev_is_platform() out of module for wide use 2018-09-10 12:48:50 +02:00
hed.c
internal.h ACPI: EC: Dispatch the EC GPE directly on s2idle wake 2018-05-25 10:32:13 +02:00
ioapic.c
irq.c
Kconfig ACPI / PMIC: xpower: fix IOSF_MBI dependency 2018-11-08 18:29:33 +01:00
Makefile ACPI/ADXL: Add address translation interface using an ACPI DSM 2018-10-16 10:03:00 +02:00
numa.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
nvs.c
osi.c ACPI / OSI: Add OEM _OSI string to enable NVidia HDMI audio 2018-07-20 10:12:41 +02:00
osl.c Merge branches 'acpi-property' and 'acpi-sbs' 2018-10-18 12:37:51 +02:00
pci_irq.c
pci_link.c ACPI / PCI: pci_link: Allow the absence of _PRS and change log level 2018-02-27 17:15:39 +01:00
pci_mcfg.c
pci_root.c PCI/ACPI: Allow _OSC presence to be optional for PCI 2018-09-17 16:32:24 -05:00
pci_slot.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
power.c
pptt.c ACPI/PPTT: Handle architecturally unknown cache types 2018-10-04 23:02:17 +02:00
proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
processor_core.c xen/ACPI: don't upload Px/Cx data for disabled processors 2018-08-20 14:46:18 -04:00
processor_driver.c
processor_idle.c ACPI: Add Hygon Dhyana support 2018-09-27 18:29:00 +02:00
processor_pdc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
processor_perflib.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
processor_thermal.c
processor_throttling.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
property.c PCI / ACPI: Identify untrusted PCI devices 2018-12-05 12:01:55 +03:00
reboot.c ACPI: add missing newline to printk 2018-05-02 13:01:08 +02:00
resource.c ACPI: Mark expected switch fall-throughs 2017-11-09 00:55:16 +01:00
sbs.c ACPI / SBS: Fix GPE storm on recent MacBookPro's 2018-10-08 08:41:35 +02:00
sbshc.c ACPI / SBS: Fix rare oops when removing modules 2018-10-08 08:41:35 +02:00
sbshc.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scan.c ACPI updates for 4.20-rc1 2018-10-23 10:33:16 +01:00
sleep.c ACPI / PM: save NVS memory for ASUS 1025C laptop 2018-07-11 11:42:13 +02:00
sleep.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
spcr.c ACPI: SPCR: Mark expected switch fall-through in acpi_parse_spcr 2018-02-12 10:31:26 +01:00
sysfs.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
tables.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
thermal.c dmi: Mark all struct dmi_system_id instances const 2017-09-14 11:59:30 +02:00
utils.c ACPI: utils: Introduce acpi_dev_get_first_match_name() 2018-01-10 00:41:43 +01:00
video_detect.c ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E 2018-03-20 10:38:17 +01:00
wakeup.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00