dgit.raspbian.org Git - linux.git/commit

author	Matthew Garrett <mjg59@srcf.ucam.org>
	Thu, 8 Mar 2012 15:10:38 +0000 (10:10 -0500)
committer	Ben Hutchings <ben@decadent.org.uk>
	Tue, 2 May 2017 15:21:44 +0000 (15:21 +0000)
commit	acf132f19536111476606061ccb50722013e6411
tree	7b01107d475ee5458bd2d59edf8ec2d59dc18e87	tree \| snapshot
parent	f32c9ffd26f07e4199a7e85458e339d5c9f3138c	commit \| diff

PCI: Lock down BAR access when securelevel is enabled

Any hardware that can potentially generate DMA has to be locked down from
userspace in order to avoid it being possible for an attacker to modify
kernel code. This should be prevented if securelevel has been set. Default
to paranoid - in future we can potentially relax this for sufficiently
IOMMU-isolated devices.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name pci-lock-down-bar-access-when-securelevel-is-enabled.patch

drivers/pci/pci-sysfs.c		diff \| blob \| history
drivers/pci/proc.c		diff \| blob \| history
drivers/pci/syscall.c		diff \| blob \| history