linux/security
Matthew Garrett eb627e1772 PCI: Lock down BAR access when the kernel is locked down
Any hardware that can potentially generate DMA has to be locked down in
order to avoid it being possible for an attacker to modify kernel code,
allowing them to circumvent disabled module loading or module signing.
Default to paranoid - in future we can potentially relax this for
sufficiently IOMMU-isolated devices.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
cc: linux-pci@vger.kernel.org
Signed-off-by: James Morris <jmorris@namei.org>
2019-08-19 21:54:15 -07:00
..
apparmor apparmor: reset pos on failure to unpack for various functions 2019-06-18 16:04:16 -07:00
integrity kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE 2019-08-19 21:54:15 -07:00
keys treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
loadpin treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 282 2019-06-05 17:36:37 +02:00
lockdown PCI: Lock down BAR access when the kernel is locked down 2019-08-19 21:54:15 -07:00
safesetid treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
selinux treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
smack treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
tomoyo treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
yama treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
commoncap.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-03-19 10:46:15 -07:00
inode.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Kconfig security: Add a static lockdown policy LSM 2019-08-19 21:54:15 -07:00
Kconfig.hardening treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
lsm_audit.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
Makefile security: Add a static lockdown policy LSM 2019-08-19 21:54:15 -07:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c security: Add a "locked down" LSM hook 2019-08-19 21:54:15 -07:00