projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d2db174) | patch
PCI: Lock down BAR access when the kernel is locked down
authorMatthew Garrett <matthew.garrett@nebula.com>
Wed, 5 Apr 2017 16:40:30 +0000 (17:40 +0100)
committerBen Hutchings <ben@decadent.org.uk>
Sun, 1 Oct 2017 14:52:09 +0000 (15:52 +0100)
commit26088b55f786f0d7e3197189fa90e06cc4ba98a1
treeef72a3c2353e74a8818002570df08e3dce00d831tree | snapshot
parentd2db1741a1893d0cf86db4e6df2fc8b9c58e69bfcommit | diff
PCI: Lock down BAR access when the kernel is locked down

Any hardware that can potentially generate DMA has to be locked down in
order to avoid it being possible for an attacker to modify kernel code,
allowing them to circumvent disabled module loading or module signing.
Default to paranoid - in future we can potentially relax this for
sufficiently IOMMU-isolated devices.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
[bwh: For 4.12, adjust context]

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0049-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
drivers/pci/pci-sysfs.c diff | blob | history
drivers/pci/proc.c diff | blob | history
drivers/pci/syscall.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.