projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2be0e5a) | patch
PCI: Lock down BAR access when the kernel is locked down
authorMatthew Garrett <matthew.garrett@nebula.com>
Wed, 8 Nov 2017 15:11:33 +0000 (15:11 +0000)
committerSalvatore Bonaccorso <carnil@debian.org>
Sat, 18 Aug 2018 12:02:58 +0000 (13:02 +0100)
commit70c9a6a357e98c9230722b55ca50739c98ccdefd
treed3e3232a60f299d34b709e5dded58c329e258e67tree | snapshot
parent2be0e5a0ec538807f77d5e661d984b2696091dbdcommit | diff
PCI: Lock down BAR access when the kernel is locked down

Any hardware that can potentially generate DMA has to be locked down in
order to avoid it being possible for an attacker to modify kernel code,
allowing them to circumvent disabled module loading or module signing.
Default to paranoid - in future we can potentially relax this for
sufficiently IOMMU-isolated devices.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
cc: linux-pci@vger.kernel.org

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0011-PCI-Lock-down-BAR-access-when-the-kernel-is-locked-d.patch
drivers/pci/pci-sysfs.c diff | blob | history
drivers/pci/proc.c diff | blob | history
drivers/pci/syscall.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.