projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f67b4da) | patch
PCI: Lock down BAR access when the kernel is locked down
authorMatthew Garrett <matthew.garrett@nebula.com>
Wed, 8 Nov 2017 15:11:33 +0000 (15:11 +0000)
committerSalvatore Bonaccorso <carnil@debian.org>
Tue, 20 Mar 2018 08:31:07 +0000 (08:31 +0000)
commit45ea750927a182049d29b569729bf2aac10a3bcb
tree948fc07c93ae17a2eb9c02f405b17f55f2c54638tree | snapshot
parentf67b4da1dfb1d0986b998e2260766cff2b29b38fcommit | diff
PCI: Lock down BAR access when the kernel is locked down

Any hardware that can potentially generate DMA has to be locked down in
order to avoid it being possible for an attacker to modify kernel code,
allowing them to circumvent disabled module loading or module signing.
Default to paranoid - in future we can potentially relax this for
sufficiently IOMMU-isolated devices.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
cc: linux-pci@vger.kernel.org

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
drivers/pci/pci-sysfs.c diff | blob | history
drivers/pci/proc.c diff | blob | history
drivers/pci/syscall.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.