git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Matthew Garrett <matthew.garrett@nebula.com>
	Wed, 24 May 2017 13:56:03 +0000 (14:56 +0100)
committer	Seth Forshee <seth.forshee@canonical.com>
	Mon, 29 Jan 2018 13:45:01 +0000 (07:45 -0600)
commit	cf53ecd8d65c058aa0584f505a927fd28fe5933d
tree	a2e0c926cd2742e1c22c02bd1678d4701955ee92	tree
parent	66329a25e5e3387a6a795ffff7be98af099275d0	commit \| diff

UBUNTU: SAUCE: (efi-lockdown) PCI: Lock down BAR access when the kernel is locked down

Any hardware that can potentially generate DMA has to be locked down in
order to avoid it being possible for an attacker to modify kernel code,
allowing them to circumvent disabled module loading or module signing.
Default to paranoid - in future we can potentially relax this for
sufficiently IOMMU-isolated devices.

Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
cc: linux-pci@vger.kernel.org
(cherry picked from commit 6999b2411874e2703d2e1bbec9ea42209699a984
git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

drivers/pci/pci-sysfs.c		diff \| blob \| blame \| history
drivers/pci/proc.c		diff \| blob \| blame \| history
drivers/pci/syscall.c		diff \| blob \| blame \| history