projects / linux-4.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8c5431b) | patch
PCI: Lock down BAR access when securelevel is enabled
authorMatthew Garrett <mjg59@srcf.ucam.org>
Thu, 8 Mar 2012 15:10:38 +0000 (10:10 -0500)
committerAurelien Jarno <aurel32@debian.org>
Fri, 2 Mar 2018 07:52:22 +0000 (07:52 +0000)
commit93f32d8fd664ba9ef4fb4407d917aed26e740de8
tree84543b61c737898c819d6a265c304ffcba69f61etree | snapshot
parent8c5431b9d8c62b034e213af0eaf49603dec7b2e4commit | diff
PCI: Lock down BAR access when securelevel is enabled

Any hardware that can potentially generate DMA has to be locked down from
userspace in order to avoid it being possible for an attacker to modify
kernel code. This should be prevented if securelevel has been set. Default
to paranoid - in future we can potentially relax this for sufficiently
IOMMU-isolated devices.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name pci-lock-down-bar-access-when-securelevel-is-enabled.patch
drivers/pci/pci-sysfs.c diff | blob | history
drivers/pci/proc.c diff | blob | history
drivers/pci/syscall.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.