projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0e0be94) | patch
PCI: Lock down BAR access when the kernel is locked down
authorMatthew Garrett <matthew.garrett@nebula.com>
Wed, 8 Nov 2017 15:11:33 +0000 (15:11 +0000)
committerBen Hutchings <ben@decadent.org.uk>
Wed, 19 Jun 2019 22:16:58 +0000 (23:16 +0100)
commit1b09620f0f6f9db09f7968ae8db3d6d33b1a3fe3
treeb4946af59279807fa9ff342a10ea623737b3625etree | snapshot
parent0e0be94e9e4fabe086eebbbc7336e1fc19363575commit | diff
PCI: Lock down BAR access when the kernel is locked down

Any hardware that can potentially generate DMA has to be locked down in
order to avoid it being possible for an attacker to modify kernel code,
allowing them to circumvent disabled module loading or module signing.
Default to paranoid - in future we can potentially relax this for
sufficiently IOMMU-isolated devices.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
cc: linux-pci@vger.kernel.org

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
drivers/pci/pci-sysfs.c diff | blob | history
drivers/pci/proc.c diff | blob | history
drivers/pci/syscall.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.