projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2917f0b) | patch
PCI: Lock down BAR access when the kernel is locked down
authorMatthew Garrett <matthew.garrett@nebula.com>
Wed, 8 Nov 2017 15:11:33 +0000 (15:11 +0000)
committerRaspbian forward porter <root@raspbian.org>
Sat, 5 May 2018 11:51:50 +0000 (12:51 +0100)
commit2e40d0b8625459cfe0f7d34608f6842ea8617e96
treeb710b845fda7825c995a8181a90b3f46550e8b0dtree | snapshot
parent2917f0b0f08e4ca2b9e8fd9787f7d969af31eef2commit | diff
PCI: Lock down BAR access when the kernel is locked down

Any hardware that can potentially generate DMA has to be locked down in
order to avoid it being possible for an attacker to modify kernel code,
allowing them to circumvent disabled module loading or module signing.
Default to paranoid - in future we can potentially relax this for
sufficiently IOMMU-isolated devices.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
cc: linux-pci@vger.kernel.org

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
drivers/pci/pci-sysfs.c diff | blob | history
drivers/pci/proc.c diff | blob | history
drivers/pci/syscall.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.