Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4655061img;
        Tue, 26 Mar 2019 13:56:48 -0700 (PDT)
X-Google-Smtp-Source: APXvYqx6HPlgL72io7i4E/rvWaIHe8aRMqqaBqfxj3wYjMKrY9AnkGttjCbYSNZkucnNhmi9Nbgm
X-Received: by 2002:a17:902:70cc:: with SMTP id l12mr14870737plt.10.1553633808098;
        Tue, 26 Mar 2019 13:56:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553633808; cv=none;
        d=google.com; s=arc-20160816;
        b=ij33r4i1/JpFzHzZtIEdXSdwxFYGQYY+X8YlJTYdKcWJz9vjeypvxr/R3ZeQQ5FMtA
         ZO34vQbJY7csp1bKYFOt7O0LnA5xMYx53kfkcxyDXwiLDqKjqb7BCw8Z9yF8xe7ApYdj
         Sdo0lKTIFEH7T/yfTg/lKLxYlOKRuaWho1h4xs9k++kzf6NaDCxhSI47zaQJZ7F8hB+M
         nNKVVcHSnonWCbghsUq/RRV/NwV98rFxHRUFUhPnpqu8JnE61Jpxo5g17DrZoyqNKtpi
         UP/PILJ02xe/yLpFAQ4NNyCnD//FqW7RJEN9E6NlzhnlsSJ5NDUBqvDMZB+IV6S6Vumi
         4i/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=boyJ3Buo2pPC9t7P96nVK4DIZZBxcZsfGGAPdiYwOqQ=;
        b=Q9NZlnZnfgRC3Fv8JdBY6zHjAgo2AWDhHtmtV/jf/yecSzEXcbVfLrBrVIx4G4/Gbw
         wD0YoSzTwFOCvNLKQpxpJhxN9TEfIWnRYFJgYv8XWdzGnOQKx7M2OolkWYZEsv+F/b4W
         JRuxDpAoOfooR2DMNq0AX8LY5f/uAXHDCa9TOKOxAVycTtwfrooQVVNs3tywgJSGIfOj
         zEChjg9iypG2R1/rb+XgTe3cNQpm/m/SJ9hBK55XNaVimb1jfMP+NjDy4fp5q55UgBYV
         sT98Yl3kvd5ZuZsnUx6ARYKn5P2HftgsEns7eaHMeg4hsgY2N4jYpM51bHtono2f+qYN
         MpQQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=hDVTJCYY;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h4si16269118pgc.354.2019.03.26.13.56.33;
        Tue, 26 Mar 2019 13:56:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=hDVTJCYY;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732767AbfCZUzx (ORCPT <rfc822;plaguedbypenguins@gmail.com>
        + 99 others); Tue, 26 Mar 2019 16:55:53 -0400
Received: from mail.kernel.org ([198.145.29.99]:34824 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1732742AbfCZUzw (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 26 Mar 2019 16:55:52 -0400
Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id E12C621741
        for <linux-kernel@vger.kernel.org>; Tue, 26 Mar 2019 20:55:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1553633752;
        bh=boyJ3Buo2pPC9t7P96nVK4DIZZBxcZsfGGAPdiYwOqQ=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=hDVTJCYYK+ctAydkulvCscDWHwdq3eXq7tlPLUds/HghYBvTIs3KUDaUvqwgQ1ty5
         dzf5BqtRWoXTxDe8XsEg889M6uL0lIZ+BoFEis26j9aX+uct6AxWbhJe4zWjGCd8yY
         PRn9LyIHAHkS4sCxpOVE15svTfGYh7nsRV/xNSSI=
Received: by mail-wm1-f44.google.com with SMTP id o25so14097911wmf.5
        for <linux-kernel@vger.kernel.org>; Tue, 26 Mar 2019 13:55:51 -0700 (PDT)
X-Gm-Message-State: APjAAAVGGlC15jIS2YSh5s0JkAxRnAh+C15KKKc/vRapFmjd+4RtVu0i
        DJIVYt8EaF9QjKjUCWmcr5BrFG3Tt27iibA6UhVD3A==
X-Received: by 2002:a05:600c:211a:: with SMTP id u26mr11751037wml.74.1553633750383;
 Tue, 26 Mar 2019 13:55:50 -0700 (PDT)
MIME-Version: 1.0
References: <20190326182742.16950-1-matthewgarrett@google.com> <20190326182742.16950-11-matthewgarrett@google.com>
In-Reply-To: <20190326182742.16950-11-matthewgarrett@google.com>
From:   Andy Lutomirski <luto@kernel.org>
Date:   Tue, 26 Mar 2019 13:55:39 -0700
X-Gmail-Original-Message-ID: <CALCETrW43Syz-deM-fGUCbWfA8tcsoCJJ5XqjFhpg+d0sNYDRA@mail.gmail.com>
Message-ID: <CALCETrW43Syz-deM-fGUCbWfA8tcsoCJJ5XqjFhpg+d0sNYDRA@mail.gmail.com>
Subject: Re: [PATCH V31 10/25] PCI: Lock down BAR access when the kernel is
 locked down
To:     Matthew Garrett <matthewgarrett@google.com>
Cc:     James Morris <jmorris@namei.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        David Howells <dhowells@redhat.com>,
        Linux API <linux-api@vger.kernel.org>,
        Andrew Lutomirski <luto@kernel.org>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Matthew Garrett <mjg59@google.com>,
        Bjorn Helgaas <bhelgaas@google.com>, linux-pci@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Mar 26, 2019 at 11:28 AM Matthew Garrett
<matthewgarrett@google.com> wrote:
>
> From: Matthew Garrett <mjg59@srcf.ucam.org>
>
> Any hardware that can potentially generate DMA has to be locked down in
> order to avoid it being possible for an attacker to modify kernel code,
> allowing them to circumvent disabled module loading or module signing.
> Default to paranoid - in future we can potentially relax this for
> sufficiently IOMMU-isolated devices.

Does this break vfio?

--Andy