[PATCH V31 10/25] PCI: Lock down BAR access when the kernel is locked down
Andy Lutomirski
luto at kernel.org
Tue Mar 26 20:55:39 UTC 2019
On Tue, Mar 26, 2019 at 11:28 AM Matthew Garrett
<matthewgarrett at google.com> wrote:
>
> From: Matthew Garrett <mjg59 at srcf.ucam.org>
>
> Any hardware that can potentially generate DMA has to be locked down in
> order to avoid it being possible for an attacker to modify kernel code,
> allowing them to circumvent disabled module loading or module signing.
> Default to paranoid - in future we can potentially relax this for
> sufficiently IOMMU-isolated devices.
Does this break vfio?
--Andy
More information about the Linux-security-module-archive
mailing list